Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/u1KOR6Ev1eXNRu72T6geLVczjNY.roa
File:                     u1KOR6Ev1eXNRu72T6geLVczjNY.roa (raw, json)
Hash identifier:          Cdpt6dAlSWI61+bZpjlmoyuOjvDfy3KfoRUsH8wyb6M=
Subject key identifier:   BB:52:8E:47:A1:2F:D5:E5:CD:46:EE:F6:4F:A8:1E:2D:57:33:8C:D6
Certificate issuer:       /CN=40b97406244b4107262687db1b9642c3d9e8f843
Certificate serial:       019C81C1CB90272AA82068F26170B2E9E001
Authority key identifier: 40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/u1KOR6Ev1eXNRu72T6geLVczjNY.roa
Signing time:             Sat 21 Feb 2026 19:51:27 +0000
ROA not before:           Sat 21 Feb 2026 19:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        2a14:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:c1:cb:90:27:2a:a8:20:68:f2:61:70:b2:e9:e0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b97406244b4107262687db1b9642c3d9e8f843
        Validity
            Not Before: Feb 21 19:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb528e47a12fd5e5cd46eef64fa81e2d57338cd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:de:88:58:ce:6d:13:0a:54:d1:7f:41:f0:4c:
                    04:3e:24:ad:ac:8b:96:2f:22:00:de:a9:55:fc:9d:
                    45:6f:63:84:f2:d8:e1:35:9d:4c:6b:0d:62:60:70:
                    9f:e8:0e:07:44:b4:32:df:b8:f2:6f:87:9e:3f:d1:
                    fd:80:30:07:bb:65:f2:29:a7:b8:15:4b:0d:54:4e:
                    f0:2f:c4:cc:70:72:ec:36:7f:14:66:1b:af:da:bf:
                    09:99:cd:d7:c9:7c:b4:ce:6b:72:3e:de:6b:cb:ea:
                    34:eb:d7:0f:ae:de:91:cf:52:c0:3b:47:d0:56:11:
                    46:65:57:a8:06:df:91:56:9d:a4:0d:fc:45:54:1e:
                    17:76:bc:1f:7f:11:dd:fd:66:3c:d6:7a:68:5e:a8:
                    a5:4b:f8:14:2a:7a:45:c9:8e:6e:d0:04:ae:8b:46:
                    16:9b:d6:f9:f4:2b:17:75:a5:ff:75:02:dd:0f:2f:
                    28:3e:1f:04:11:20:6a:c3:85:34:34:e6:c6:88:d4:
                    25:3b:38:6e:dd:17:c7:66:11:3d:4f:2f:69:55:d6:
                    c6:5d:fe:51:8f:a7:4e:7b:6f:02:aa:e7:f5:d4:32:
                    f5:1d:8a:a1:c2:7b:73:d3:63:67:31:3a:eb:69:62:
                    e5:a5:5b:d1:2c:52:90:67:64:f7:d9:fb:64:f3:9a:
                    50:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:52:8E:47:A1:2F:D5:E5:CD:46:EE:F6:4F:A8:1E:2D:57:33:8C:D6
            X509v3 Authority Key Identifier:
                keyid:40:B9:74:06:24:4B:41:07:26:26:87:DB:1B:96:42:C3:D9:E8:F8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLl0BiRLQQcmJofbG5ZCw9no-EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/u1KOR6Ev1eXNRu72T6geLVczjNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0b321e-74ea-40b3-88a7-b18d67583994/1/QLl0BiRLQQcmJofbG5ZCw9no-EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:fc:d6:23:bc:4e:17:1c:e7:f2:9b:ea:7f:c2:62:57:45:6f:
         30:e0:e0:66:9e:1f:6e:5b:77:49:7b:95:81:00:1c:c2:ce:2c:
         62:17:35:c1:e0:04:94:f4:2b:3a:94:b6:3d:7e:3a:9f:b1:d8:
         37:b3:85:8c:bb:7a:e5:05:b9:04:71:d3:bd:78:bb:2f:37:9b:
         15:9d:7c:45:df:d4:c1:b8:dd:cd:54:99:d3:34:00:95:8f:4d:
         c3:96:a1:9f:2c:1d:31:eb:91:22:ba:9f:c7:84:59:aa:ed:dc:
         6e:7a:5c:84:33:c9:bd:97:01:96:d5:c4:7b:71:82:e8:8d:9f:
         a0:91:fb:40:8a:2e:7f:69:f5:a5:34:9f:d6:5f:b6:9d:7d:26:
         51:47:8b:f1:a6:7e:ce:2c:3b:9f:d3:e0:91:c3:aa:82:74:02:
         be:2d:02:1d:2d:80:f6:34:cb:80:7a:17:7a:5c:8a:88:3d:e9:
         49:9f:09:90:b2:7c:1b:1a:4c:2c:5d:66:3d:22:e6:1a:11:91:
         75:89:90:65:8a:cf:14:02:0a:1e:38:07:3f:42:58:31:45:40:
         84:78:31:73:8b:2d:1f:80:23:77:f7:17:69:21:e4:d1:68:54:
         15:62:10:ce:9b:7e:d7:61:e1:ad:08:0f:58:d2:3b:47:1f:49:
         8d:e2:4b:ec
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBwcuQJyqoIGjyYXCy6eABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjk3NDA2MjQ0YjQxMDcyNjI2ODdkYjFiOTY0MmMzZDll
OGY4NDMwHhcNMjYwMjIxMTk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjUyOGU0N2ExMmZkNWU1Y2Q0NmVlZjY0ZmE4MWUyZDU3MzM4Y2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt6IWM5tEwpU0X9B8EwEPiStrIuW
LyIA3qlV/J1Fb2OE8tjhNZ1Maw1iYHCf6A4HRLQy37jyb4eeP9H9gDAHu2XyKae4
FUsNVE7wL8TMcHLsNn8UZhuv2r8Jmc3XyXy0zmtyPt5ry+o069cPrt6Rz1LAO0fQ
VhFGZVeoBt+RVp2kDfxFVB4XdrwffxHd/WY81npoXqilS/gUKnpFyY5u0ASui0YW
m9b59CsXdaX/dQLdDy8oPh8EESBqw4U0NObGiNQlOzhu3RfHZhE9Ty9pVdbGXf5R
j6dOe28Cquf11DL1HYqhwntz02NnMTrraWLlpVvRLFKQZ2T32ftk85pQRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLtSjkehL9XlzUbu9k+oHi1XM4zWMB8GA1UdIwQY
MBaAFEC5dAYkS0EHJiaH2xuWQsPZ6PhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTct
YjE4ZDY3NTgzOTk0LzEvdTFLT1I2RXYxZVhOUnU3MlQ2Z2VMVmN6ak5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wYjMyMWUtNzRlYS00MGIzLTg4YTctYjE4ZDY3NTgzOTk0
LzEvUUxsMEJpUkxRUWNtSm9mYkc1WkN3OW5vLUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRGADAN
BgkqhkiG9w0BAQsFAAOCAQEADfzWI7xOFxzn8pvqf8JiV0VvMODgZp4fblt3SXuV
gQAcws4sYhc1weAElPQrOpS2PX46n7HYN7OFjLt65QW5BHHTvXi7LzebFZ18Rd/U
wbjdzVSZ0zQAlY9Nw5ahnywdMeuRIrqfx4RZqu3cbnpchDPJvZcBltXEe3GC6I2f
oJH7QIouf2n1pTSf1l+2nX0mUUeL8aZ+ziw7n9PgkcOqgnQCvi0CHS2A9jTLgHoX
elyKiD3pSZ8JkLJ8GxpMLF1mPSLmGhGRdYmQZYrPFAIKHjgHP0JYMUVAhHgxc4st
H4Ajd/cXaSHk0WhUFWIQzpt+12HhrQgPWNI7Rx9JjeJL7A==
-----END CERTIFICATE-----