Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/OF0KfYMGxGaz-SUOj7rB0oXATdM.roa
File:                     OF0KfYMGxGaz-SUOj7rB0oXATdM.roa (raw, json)
Hash identifier:          CAo9UtR7JTj2SOelEiYNWlJF8pjNdWWHM3G2TfLb0p8=
Subject key identifier:   38:5D:0A:7D:83:06:C4:66:B3:F9:25:0E:8F:BA:C1:D2:85:C0:4D:D3
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C0E0F34032425C4779C91A07FA5832
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/OF0KfYMGxGaz-SUOj7rB0oXATdM.roa
Signing time:             Sat 21 Feb 2026 19:50:27 +0000
ROA not before:           Sat 21 Feb 2026 19:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213507
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c0:e0:f3:40:32:42:5c:47:79:c9:1a:07:fa:58:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=385d0a7d8306c466b3f9250e8fbac1d285c04dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f1:a1:ca:64:8f:36:38:07:f5:a0:48:c8:4b:
                    5e:8d:3f:00:07:fb:70:9a:3f:01:c5:8c:97:54:e2:
                    5b:93:44:a7:63:95:37:07:57:12:5d:10:b7:ba:8a:
                    44:80:cc:85:d3:b8:f6:b4:c6:f2:f9:f0:47:2f:54:
                    30:57:7a:85:9d:94:ea:85:d5:06:8c:b2:75:1c:da:
                    10:d8:96:56:ea:d1:fd:fc:e3:95:e6:a0:81:9d:f1:
                    7c:78:86:e5:9e:0d:5d:83:5c:da:90:70:28:69:c3:
                    8d:8f:c0:3f:b5:39:3a:4c:84:cb:49:c9:c1:2e:be:
                    d6:11:a7:94:5e:e0:d8:b7:75:4b:7a:b4:1f:67:ac:
                    6a:0a:83:1e:7f:25:6b:a6:b8:67:c9:9b:c4:c6:b4:
                    31:9a:fa:fe:b3:6c:ab:a5:12:02:31:29:4d:31:0e:
                    f4:88:96:e7:82:5f:6b:d4:30:ac:e6:4d:f6:b6:2a:
                    b7:08:e0:1a:6b:f5:c6:03:39:4d:69:a7:1d:af:87:
                    dc:5b:86:0e:4c:37:b7:92:96:01:6f:7e:9c:c8:39:
                    00:0d:c7:87:28:e4:ae:34:64:3b:0b:f8:ae:4d:14:
                    a3:de:0a:ff:93:06:ee:37:ca:31:76:9e:bc:46:cf:
                    fd:c6:b6:dc:6d:5a:e3:fe:bd:09:1a:c2:8b:e1:cc:
                    d9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:5D:0A:7D:83:06:C4:66:B3:F9:25:0E:8F:BA:C1:D2:85:C0:4D:D3
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/OF0KfYMGxGaz-SUOj7rB0oXATdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:05:90:60:f8:8d:39:56:67:e1:e6:67:5b:1b:bb:a3:bd:c1:
         23:58:bb:32:55:2a:5f:c2:f5:ad:f2:07:b0:1d:1c:d1:06:50:
         94:27:3b:a2:da:29:50:d6:5d:3c:8e:1c:7c:34:ab:dc:30:be:
         05:cd:af:be:68:24:e8:ae:7a:0d:f4:7c:ca:ad:d7:bd:fb:da:
         ce:ff:49:7b:08:bf:18:63:86:95:46:ea:37:ea:92:df:7c:dd:
         b8:42:f4:02:7c:85:8b:1e:44:b5:98:b7:24:34:e4:48:c3:be:
         e4:6d:d1:d0:f1:a6:27:00:f0:13:ae:1d:e6:f5:04:29:1a:af:
         ec:c6:df:b9:92:45:88:43:5b:5b:ae:ac:ba:eb:69:67:3a:fe:
         f6:44:64:ef:7c:df:13:f8:a8:24:0c:22:ca:11:d4:40:c2:8e:
         74:6c:f9:6f:f1:5d:c9:93:19:bb:12:6b:24:ac:fb:57:98:b2:
         26:01:34:b6:11:60:8a:51:27:6b:d5:85:f2:a3:20:69:4a:c9:
         18:31:b2:e9:59:6e:f5:43:33:b0:f0:67:e3:c6:08:73:da:72:
         bc:7c:1b:cb:8a:51:50:12:76:d2:ac:06:9f:e5:a7:12:02:f0:
         17:52:d1:a4:de:be:65:6d:88:2d:9b:69:72:79:d6:f6:34:b6:
         f6:4b:76:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwODzQDJCXEd5yRoH+lgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODVkMGE3ZDgzMDZjNDY2YjNmOTI1MGU4ZmJhYzFkMjg1YzA0ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/GhymSPNjgH9aBIyEtejT8AB/tw
mj8BxYyXVOJbk0SnY5U3B1cSXRC3uopEgMyF07j2tMby+fBHL1QwV3qFnZTqhdUG
jLJ1HNoQ2JZW6tH9/OOV5qCBnfF8eIblng1dg1zakHAoacONj8A/tTk6TITLScnB
Lr7WEaeUXuDYt3VLerQfZ6xqCoMefyVrprhnyZvExrQxmvr+s2yrpRICMSlNMQ70
iJbngl9r1DCs5k32tiq3COAaa/XGAzlNaacdr4fcW4YOTDe3kpYBb36cyDkADceH
KOSuNGQ7C/iuTRSj3gr/kwbuN8oxdp68Rs/9xrbcbVrj/r0JGsKL4czZFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDhdCn2DBsRms/klDo+6wdKFwE3TMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvT0YwS2ZZTUd4R2F6LVNVT2o3ckIwb1hBVGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEACwWQYPiNOVZn4eZnWxu7o73BI1i7MlUqX8L1rfIH
sB0c0QZQlCc7otopUNZdPI4cfDSr3DC+Bc2vvmgk6K56DfR8yq3Xvfvazv9Jewi/
GGOGlUbqN+qS33zduEL0AnyFix5EtZi3JDTkSMO+5G3R0PGmJwDwE64d5vUEKRqv
7MbfuZJFiENbW66suutpZzr+9kRk73zfE/ioJAwiyhHUQMKOdGz5b/FdyZMZuxJr
JKz7V5iyJgE0thFgilEna9WF8qMgaUrJGDGy6Vlu9UMzsPBn48YIc9pyvHwby4pR
UBJ20qwGn+WnEgLwF1LRpN6+ZW2ILZtpcnnW9jS29kt25g==
-----END CERTIFICATE-----