Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/gvtwt4XkAQ7Z0R2_oweZhYn7SCE.roa
File:                     gvtwt4XkAQ7Z0R2_oweZhYn7SCE.roa (raw, json)
Hash identifier:          awPr3bW3s/h+nd/17YaFTV6WgEVXFckOiQCqub9w4h0=
Subject key identifier:   82:FB:70:B7:85:E4:01:0E:D9:D1:1D:BF:A3:07:99:85:89:FB:48:21
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C2B55774C09D170A5C5A435E64DBAF
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/gvtwt4XkAQ7Z0R2_oweZhYn7SCE.roa
Signing time:             Sat 21 Feb 2026 19:52:27 +0000
ROA not before:           Sat 21 Feb 2026 19:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401163
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c2:b5:57:74:c0:9d:17:0a:5c:5a:43:5e:64:db:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82fb70b785e4010ed9d11dbfa307998589fb4821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8c:58:02:04:1a:b1:f8:74:76:bc:60:67:04:
                    c5:2a:b1:61:a1:8a:b5:12:6d:2c:bd:ac:fa:9f:07:
                    ca:56:5e:a7:94:d5:70:ae:05:22:73:cc:6a:06:ec:
                    82:d7:c7:17:bb:d2:59:4d:35:a2:c6:b1:4b:cd:0d:
                    3b:50:b9:81:cd:36:64:ff:72:8f:7a:0f:66:23:26:
                    4b:0b:f2:7d:87:f0:5d:2c:9c:e8:7d:91:85:bf:8b:
                    06:de:5b:11:6f:2a:02:7e:ec:da:59:21:12:11:e0:
                    7f:61:55:b6:84:de:f4:9a:b7:d0:9d:a3:4a:8f:33:
                    0f:1a:38:d5:cc:b3:bc:e0:cb:ea:47:fe:37:f7:61:
                    f6:ba:e2:54:09:88:17:da:c1:ce:d3:66:f4:4a:d6:
                    9f:cb:ca:63:91:7a:7e:f5:52:4c:e1:8a:ab:ac:a0:
                    07:eb:db:5d:71:a8:ea:d6:10:1c:bf:39:f1:ca:cf:
                    cb:95:98:6b:66:4c:41:23:e0:53:e3:bd:b1:bc:7c:
                    11:00:fb:87:e8:08:98:72:64:e7:12:8f:b5:3f:88:
                    4b:52:83:f4:aa:0f:68:68:c5:f3:ce:cf:2f:50:46:
                    31:c4:f1:a6:b2:e2:b5:c2:6a:56:01:f6:04:67:00:
                    d7:d8:d3:b8:9b:03:2a:1e:8a:95:b4:f7:f7:5c:7c:
                    e7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:FB:70:B7:85:E4:01:0E:D9:D1:1D:BF:A3:07:99:85:89:FB:48:21
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/gvtwt4XkAQ7Z0R2_oweZhYn7SCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:a2:02:28:47:9f:97:50:ae:3b:03:b0:a7:8e:9f:be:9a:ca:
         12:cc:f2:10:d6:e2:10:20:bc:53:51:b8:d7:c3:67:0b:79:2e:
         fd:1b:2a:01:83:13:67:2d:20:a2:12:44:37:a4:3d:f6:65:0d:
         d6:c7:6a:42:61:8b:92:e6:23:6b:dc:67:6c:97:89:b5:33:37:
         d2:f9:1d:59:ef:b3:f9:39:71:ce:48:85:7b:ca:e5:04:2e:b3:
         d4:d4:db:24:d0:02:1f:64:c4:ca:35:58:30:bb:28:6b:4f:7a:
         97:05:e6:d4:f6:ed:e1:ba:3c:91:33:23:c1:f8:9a:ec:0c:8b:
         b2:92:fc:28:19:68:91:a7:33:7f:2e:55:53:c4:e7:59:7b:6d:
         6f:ec:36:92:d0:b7:03:ca:0b:b7:7b:58:21:35:ba:4d:9e:4a:
         b1:6f:10:a2:10:57:5c:99:0a:f1:b8:ef:ce:57:f1:f4:60:b5:
         76:0a:d2:ee:03:91:eb:91:fb:a6:64:c2:c6:eb:ca:b3:76:57:
         5c:89:88:82:8d:2a:09:50:bb:66:2a:69:f9:6e:d7:8c:d4:83:
         df:13:db:c9:b6:b7:e3:bd:ec:29:2c:69:51:bc:26:4e:9b:20:
         8e:5b:13:15:33:f3:0d:f4:93:5c:ae:1e:88:5d:46:cd:c0:f3:
         c9:40:8f:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwrVXdMCdFwpcWkNeZNuvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmZiNzBiNzg1ZTQwMTBlZDlkMTFkYmZhMzA3OTk4NTg5ZmI0ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIxYAgQasfh0drxgZwTFKrFhoYq1
Em0svaz6nwfKVl6nlNVwrgUic8xqBuyC18cXu9JZTTWixrFLzQ07ULmBzTZk/3KP
eg9mIyZLC/J9h/BdLJzofZGFv4sG3lsRbyoCfuzaWSESEeB/YVW2hN70mrfQnaNK
jzMPGjjVzLO84MvqR/4392H2uuJUCYgX2sHO02b0Stafy8pjkXp+9VJM4YqrrKAH
69tdcajq1hAcvznxys/LlZhrZkxBI+BT472xvHwRAPuH6AiYcmTnEo+1P4hLUoP0
qg9oaMXzzs8vUEYxxPGmsuK1wmpWAfYEZwDX2NO4mwMqHoqVtPf3XHzn4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIL7cLeF5AEO2dEdv6MHmYWJ+0ghMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvZ3Z0d3Q0WGtBUTdaMFIyX293ZVpoWW43U0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEAi6ICKEefl1CuOwOwp46fvprKEszyENbiECC8U1G4
18NnC3ku/RsqAYMTZy0gohJEN6Q99mUN1sdqQmGLkuYja9xnbJeJtTM30vkdWe+z
+TlxzkiFe8rlBC6z1NTbJNACH2TEyjVYMLsoa096lwXm1Pbt4bo8kTMjwfia7AyL
spL8KBlokaczfy5VU8TnWXttb+w2ktC3A8oLt3tYITW6TZ5KsW8QohBXXJkK8bjv
zlfx9GC1dgrS7gOR65H7pmTCxuvKs3ZXXImIgo0qCVC7Zipp+W7XjNSD3xPbyba3
473sKSxpUbwmTpsgjlsTFTPzDfSTXK4eiF1GzcDzyUCPrw==
-----END CERTIFICATE-----