Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/dXo62BJE8_TWzGjB924mtQGI6t0.roa
File:                     dXo62BJE8_TWzGjB924mtQGI6t0.roa (raw, json)
Hash identifier:          ZKPOUpy2R7pDezGYw/+HyyJ3LtSfZmM+0w9aYkO7UaE=
Subject key identifier:   75:7A:3A:D8:12:44:F3:F4:D6:CC:68:C1:F7:6E:26:B5:01:88:EA:DD
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C51BBDF6F1ED11F15F571875EC1AB777B
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/dXo62BJE8_TWzGjB924mtQGI6t0.roa
Signing time:             Thu 12 Feb 2026 12:03:12 +0000
ROA not before:           Thu 12 Feb 2026 12:03:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55201
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:51:bb:df:6f:1e:d1:1f:15:f5:71:87:5e:c1:ab:77:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 12 12:03:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=757a3ad81244f3f4d6cc68c1f76e26b50188eadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:b9:b1:cd:72:e1:72:d9:28:6e:7f:df:31:a8:
                    a0:8b:64:15:ba:96:e2:07:ce:7b:6f:8e:33:c5:ab:
                    fc:3c:32:3a:4b:62:44:b1:b0:1e:ac:50:0a:1f:f4:
                    02:51:f4:fe:02:ea:d7:b0:17:f0:39:03:e3:59:66:
                    bf:0d:9b:3a:78:bd:30:78:cf:20:49:24:1d:d7:ce:
                    4a:c2:06:ca:17:06:e4:ee:c5:03:f1:b9:34:a9:cd:
                    0f:e9:e0:2f:20:d8:ec:bb:1e:3d:e6:3f:18:2f:ae:
                    7b:83:28:b1:10:78:57:e0:02:c9:80:22:36:27:54:
                    d0:d7:7d:25:f2:0a:2f:d1:fa:9d:52:b6:cc:5a:1a:
                    c8:14:05:7a:17:10:51:52:18:df:03:54:2c:0a:43:
                    1a:36:31:35:cb:a2:82:0e:04:6b:24:8f:8f:e0:b9:
                    94:39:f8:f1:66:c4:f7:83:09:3b:f8:29:63:4c:4a:
                    c6:2c:96:a1:94:eb:95:a1:f5:7b:7a:31:af:63:b1:
                    be:49:a4:0f:92:52:cd:56:6d:62:3b:d9:3a:20:4d:
                    b3:84:eb:e6:56:ee:81:43:92:d3:b3:3d:d9:e0:62:
                    d2:3f:eb:08:e2:f4:7f:22:09:66:f7:71:a0:6a:a2:
                    9b:f8:6d:9f:dc:c2:42:09:0e:19:ef:69:8f:15:3d:
                    a4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7A:3A:D8:12:44:F3:F4:D6:CC:68:C1:F7:6E:26:B5:01:88:EA:DD
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/dXo62BJE8_TWzGjB924mtQGI6t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:bf:cf:45:df:f4:ad:81:3b:89:6d:f6:b2:37:45:bd:67:63:
         65:8e:4f:03:ed:64:bd:08:31:6b:f0:48:f7:86:02:8a:31:ad:
         a3:01:45:3a:2e:b2:37:90:db:41:24:e9:1a:0c:ed:eb:69:01:
         3b:92:b2:49:13:7e:7e:58:a0:73:2b:0e:a3:be:3e:9d:2d:d8:
         cd:43:0c:b0:da:e3:a7:9c:bc:c1:62:c6:9e:2a:84:d2:b8:6f:
         91:73:e3:05:7c:01:7a:0e:2d:bc:bf:17:85:3f:6d:fa:43:d7:
         02:fb:a1:f6:08:97:2f:01:4c:41:41:d0:20:fb:96:60:ff:d6:
         e5:db:06:ad:9b:39:d7:ae:1a:39:36:d6:31:93:f2:35:ba:d7:
         5b:00:67:8a:47:36:28:d5:ca:dd:df:a7:6c:7f:e1:e5:40:49:
         28:a4:2e:65:0c:b5:02:e1:4d:58:04:bf:5e:cf:16:26:6b:62:
         a2:1d:dc:04:06:8a:29:7a:ab:0c:d8:7f:46:b2:a6:a7:0f:7e:
         cc:01:92:55:37:e4:9d:94:42:99:13:3e:9d:6a:3f:5b:12:31:
         e8:0f:fb:0c:e9:d5:05:14:ca:4f:37:d4:62:e6:fc:f8:dc:9f:
         7e:01:d3:8c:7f:e9:c2:f6:ff:d3:51:de:51:aa:71:11:1f:b6:
         2a:96:26:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxRu99vHtEfFfVxh17Bq3d7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjEyMTIwMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdhM2FkODEyNDRmM2Y0ZDZjYzY4YzFmNzZlMjZiNTAxODhlYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA77mxzXLhctkobn/fMaigi2QVupbi
B857b44zxav8PDI6S2JEsbAerFAKH/QCUfT+AurXsBfwOQPjWWa/DZs6eL0weM8g
SSQd185KwgbKFwbk7sUD8bk0qc0P6eAvINjsux495j8YL657gyixEHhX4ALJgCI2
J1TQ130l8gov0fqdUrbMWhrIFAV6FxBRUhjfA1QsCkMaNjE1y6KCDgRrJI+P4LmU
OfjxZsT3gwk7+CljTErGLJahlOuVofV7ejGvY7G+SaQPklLNVm1iO9k6IE2zhOvm
Vu6BQ5LTsz3Z4GLSP+sI4vR/Iglm93GgaqKb+G2f3MJCCQ4Z72mPFT2kqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHV6OtgSRPP01sxowfduJrUBiOrdMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvZFhvNjJCSkU4X1RXekdqQjkyNG10UUdJNnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEAS7/PRd/0rYE7iW32sjdFvWdjZY5PA+1kvQgxa/BI
94YCijGtowFFOi6yN5DbQSTpGgzt62kBO5KySRN+fligcysOo74+nS3YzUMMsNrj
p5y8wWLGniqE0rhvkXPjBXwBeg4tvL8XhT9t+kPXAvuh9giXLwFMQUHQIPuWYP/W
5dsGrZs5164aOTbWMZPyNbrXWwBnikc2KNXK3d+nbH/h5UBJKKQuZQy1AuFNWAS/
Xs8WJmtioh3cBAaKKXqrDNh/RrKmpw9+zAGSVTfknZRCmRM+nWo/WxIx6A/7DOnV
BRTKTzfUYub8+NyffgHTjH/pwvb/01HeUapxER+2KpYmkA==
-----END CERTIFICATE-----