Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/ie67OR2yo5azvU54c3v4lv6RpSA.roa
File:                     ie67OR2yo5azvU54c3v4lv6RpSA.roa (raw, json)
Hash identifier:          dLMrGnnfDPcjGqurVoVCUolQCVPAwVOwL/z3dpyr5Fk=
Subject key identifier:   89:EE:BB:39:1D:B2:A3:96:B3:BD:4E:78:73:7B:F8:96:FE:91:A5:20
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C0E068317C19008AE2732C83350018
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/ie67OR2yo5azvU54c3v4lv6RpSA.roa
Signing time:             Sat 21 Feb 2026 19:50:27 +0000
ROA not before:           Sat 21 Feb 2026 19:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204936
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c0:e0:68:31:7c:19:00:8a:e2:73:2c:83:35:00:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89eebb391db2a396b3bd4e78737bf896fe91a520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:65:0e:6d:e4:7b:86:7f:8f:be:70:d3:8c:12:
                    da:45:8f:9a:94:30:28:60:bd:6b:fd:ba:68:af:b0:
                    ce:8a:c0:b8:86:58:91:20:00:fe:bc:c9:c0:8e:bf:
                    6d:2d:89:1e:5d:51:fa:ae:cd:8e:34:c2:41:2f:9f:
                    a5:51:38:eb:50:82:e7:ae:2d:e4:d2:eb:47:a8:ef:
                    df:64:d7:79:63:69:56:77:3e:4c:ad:f2:94:1a:db:
                    6f:a7:92:c8:7c:a1:64:aa:01:1a:85:fb:73:6b:5e:
                    4b:a3:5a:c0:4f:64:5c:e3:3a:d2:76:5f:da:39:d4:
                    09:53:ee:bd:1d:22:51:64:23:14:68:2a:19:cd:07:
                    30:b5:57:94:92:2f:33:7f:ff:e7:5c:a3:a4:bf:06:
                    aa:31:0a:56:df:52:bf:4b:a6:7e:84:fe:b5:de:ab:
                    54:24:73:ed:19:a9:ed:4d:88:98:bd:37:3e:81:a2:
                    ee:68:a2:a7:be:75:df:1e:f7:6a:d0:42:ce:13:4f:
                    25:44:9a:60:a3:d7:8b:0f:55:6d:2f:00:bd:05:d3:
                    c4:5e:a7:98:92:89:50:ba:e4:03:bf:3d:77:3a:56:
                    07:03:5a:1a:5e:5e:53:76:b8:57:e2:7c:94:db:42:
                    b4:02:51:4d:43:a0:87:8d:e8:8e:cb:d9:f8:49:5f:
                    ac:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:EE:BB:39:1D:B2:A3:96:B3:BD:4E:78:73:7B:F8:96:FE:91:A5:20
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/ie67OR2yo5azvU54c3v4lv6RpSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:1d:e2:ec:0a:47:c4:47:2b:74:2f:2c:bb:3e:f1:4e:83:e9:
         2d:b4:a8:8b:0f:a9:76:90:df:56:aa:64:be:ea:1f:ff:82:27:
         f7:a7:d1:b0:84:d4:8b:fe:48:22:3c:2d:9e:ae:c3:86:1a:cf:
         e4:80:9c:b4:70:61:43:68:6d:90:f0:8c:42:8a:12:19:4e:68:
         8a:c1:d9:aa:70:9c:93:b5:ef:2e:b4:42:9a:92:67:df:b5:f7:
         d5:22:7c:b1:5a:73:9b:1e:df:5e:d7:4c:47:88:00:ae:e4:32:
         28:d3:c7:23:4c:d5:32:ab:b1:4b:d8:c0:64:10:1b:fb:8a:71:
         7f:59:bf:02:ac:13:dd:0b:56:2d:75:04:60:57:fc:af:84:4c:
         2e:33:70:47:e9:6b:fa:0a:37:19:a7:ce:29:f8:e7:34:e3:dd:
         32:c9:d2:3b:cc:d7:5c:2c:89:32:b4:7f:22:c6:73:e1:51:82:
         00:5e:03:4f:06:b7:5f:13:35:f8:f5:7d:d8:97:55:2e:f8:1e:
         10:f0:87:de:c9:ed:97:84:f8:bc:35:13:ae:0c:71:9e:d7:31:
         1b:90:8a:a6:50:b3:3a:e8:1f:e3:25:dc:b7:f5:d6:c7:6d:9f:
         5f:b2:53:0d:0c:e4:47:b2:97:19:82:d6:86:af:4d:aa:ca:9b:
         7e:65:17:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwOBoMXwZAIricyyDNQAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVlYmIzOTFkYjJhMzk2YjNiZDRlNzg3MzdiZjg5NmZlOTFhNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWUObeR7hn+PvnDTjBLaRY+alDAo
YL1r/bpor7DOisC4hliRIAD+vMnAjr9tLYkeXVH6rs2ONMJBL5+lUTjrUILnri3k
0utHqO/fZNd5Y2lWdz5MrfKUGttvp5LIfKFkqgEahftza15Lo1rAT2Rc4zrSdl/a
OdQJU+69HSJRZCMUaCoZzQcwtVeUki8zf//nXKOkvwaqMQpW31K/S6Z+hP613qtU
JHPtGantTYiYvTc+gaLuaKKnvnXfHvdq0ELOE08lRJpgo9eLD1VtLwC9BdPEXqeY
kolQuuQDvz13OlYHA1oaXl5TdrhX4nyU20K0AlFNQ6CHjeiOy9n4SV+s0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFInuuzkdsqOWs71OeHN7+Jb+kaUgMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvaWU2N09SMnlvNWF6dlU1NGMzdjRsdjZScFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEALB3i7ApHxEcrdC8suz7xToPpLbSoiw+pdpDfVqpk
vuof/4In96fRsITUi/5IIjwtnq7DhhrP5ICctHBhQ2htkPCMQooSGU5oisHZqnCc
k7XvLrRCmpJn37X31SJ8sVpzmx7fXtdMR4gAruQyKNPHI0zVMquxS9jAZBAb+4px
f1m/AqwT3QtWLXUEYFf8r4RMLjNwR+lr+go3GafOKfjnNOPdMsnSO8zXXCyJMrR/
IsZz4VGCAF4DTwa3XxM1+PV92JdVLvgeEPCH3sntl4T4vDUTrgxxntcxG5CKplCz
Ougf4yXct/XWx22fX7JTDQzkR7KXGYLWhq9NqsqbfmUXtA==
-----END CERTIFICATE-----