Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/KcezENyvvYrXXswSVtxzDv92fDQ.roa
File:                     KcezENyvvYrXXswSVtxzDv92fDQ.roa (raw, json)
Hash identifier:          +/oYFxIQJASX+00zmlIPC2X6q4G3vMScM1rVA0R+aAw=
Subject key identifier:   29:C7:B3:10:DC:AF:BD:8A:D7:5E:CC:12:56:DC:73:0E:FF:76:7C:34
Certificate issuer:       /CN=338c1868b56380e08c45f81ffe61dd3281d6697e
Certificate serial:       019C81BE21737C858274A5AA9E40B0C74DCF
Authority key identifier: 33:8C:18:68:B5:63:80:E0:8C:45:F8:1F:FE:61:DD:32:81:D6:69:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4wYaLVjgOCMRfgf_mHdMoHWaX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/KcezENyvvYrXXswSVtxzDv92fDQ.roa
Signing time:             Sat 21 Feb 2026 19:47:27 +0000
ROA not before:           Sat 21 Feb 2026 19:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139803
IP address blocks:        2a13:a740::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/M4wYaLVjgOCMRfgf_mHdMoHWaX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/M4wYaLVjgOCMRfgf_mHdMoHWaX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4wYaLVjgOCMRfgf_mHdMoHWaX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:be:21:73:7c:85:82:74:a5:aa:9e:40:b0:c7:4d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=338c1868b56380e08c45f81ffe61dd3281d6697e
        Validity
            Not Before: Feb 21 19:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29c7b310dcafbd8ad75ecc1256dc730eff767c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:42:3e:97:55:bb:e6:26:ca:16:40:5c:bc:70:
                    c1:22:36:71:b2:b1:f1:54:38:d9:bd:0e:e1:d8:73:
                    5f:a7:90:d5:49:7b:f1:8f:a9:bc:33:c2:17:96:31:
                    d3:53:62:02:51:e0:12:b3:e6:c2:4e:c9:c0:a5:f1:
                    15:b5:a1:0f:3b:d1:e1:8c:38:27:b0:28:9f:d8:ad:
                    0c:20:aa:66:c4:bf:cb:ca:ae:6b:a6:cc:c5:1a:e3:
                    f5:8c:10:ee:b9:83:04:fc:f1:ef:55:6c:b3:d7:8c:
                    df:49:e1:4f:a7:5a:52:42:72:5b:da:86:d2:a2:41:
                    b8:21:a0:ed:5c:66:1b:f4:26:95:31:68:dc:c2:94:
                    e4:13:88:fc:ad:7b:94:be:78:32:43:d2:3c:9a:90:
                    f7:ae:b4:37:9b:6e:c2:a2:de:a6:01:17:e1:b2:a1:
                    ec:f4:58:55:c6:57:db:84:71:a5:a8:9b:33:29:4b:
                    c4:00:23:1c:91:f4:61:b5:dc:56:66:bd:f1:2d:4c:
                    c6:a5:87:67:52:ef:ac:28:6f:3f:d4:df:8d:7a:ae:
                    0b:6c:94:da:90:2a:c5:68:3a:f6:e4:dd:71:86:ab:
                    86:d9:40:22:25:d4:64:91:0c:fe:88:a6:9a:14:b6:
                    0d:0c:6c:ff:d1:0d:aa:aa:41:5c:b5:f4:24:36:98:
                    c1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C7:B3:10:DC:AF:BD:8A:D7:5E:CC:12:56:DC:73:0E:FF:76:7C:34
            X509v3 Authority Key Identifier:
                keyid:33:8C:18:68:B5:63:80:E0:8C:45:F8:1F:FE:61:DD:32:81:D6:69:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4wYaLVjgOCMRfgf_mHdMoHWaX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/KcezENyvvYrXXswSVtxzDv92fDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/42411e-e7ab-4645-9a4b-16dba543b558/1/M4wYaLVjgOCMRfgf_mHdMoHWaX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a740::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:6a:dd:48:be:89:cc:9b:48:3c:24:ec:cf:06:f3:b7:23:6d:
         d9:db:88:7c:53:6c:eb:91:ef:37:0d:40:b8:aa:8b:c1:07:cd:
         23:ed:de:3f:65:aa:6b:1f:ac:4d:30:b2:34:75:19:a2:a9:c2:
         82:b6:d3:d8:ae:dd:07:91:fc:d9:ce:5e:3b:22:0c:df:ae:90:
         e1:54:16:de:88:dd:a7:c1:1d:e9:70:a2:69:a7:26:2a:a5:a9:
         c3:be:8c:2d:c3:bf:90:a3:a9:06:45:6e:0c:11:42:f4:4f:aa:
         5b:51:95:50:34:58:67:eb:a4:a8:04:cb:6c:35:26:dc:c8:4e:
         7d:d1:d8:5c:de:29:f1:d0:03:1f:c8:a8:b5:79:92:72:2a:f0:
         41:7a:28:08:7d:a4:ae:6f:47:3b:f8:12:2d:cc:2a:57:77:86:
         6c:78:87:e0:29:fb:cb:87:7e:6c:37:2f:6b:b3:78:ca:0a:68:
         53:a2:be:1e:21:8e:08:df:29:96:17:47:6c:60:71:b5:32:09:
         06:73:13:3d:ba:bd:36:75:86:e6:69:d7:d3:c3:3a:31:49:e6:
         d4:5c:c2:97:c3:34:46:80:49:c8:2e:36:fc:6a:d5:b3:93:34:
         cd:11:05:cc:79:a2:f1:50:2d:98:67:4e:0f:ae:10:3a:c4:42:
         7b:28:c9:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBviFzfIWCdKWqnkCwx03PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOGMxODY4YjU2MzgwZTA4YzQ1ZjgxZmZlNjFkZDMyODFk
NjY5N2UwHhcNMjYwMjIxMTk0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM3YjMxMGRjYWZiZDhhZDc1ZWNjMTI1NmRjNzMwZWZmNzY3YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EI+l1W75ibKFkBcvHDBIjZxsrHx
VDjZvQ7h2HNfp5DVSXvxj6m8M8IXljHTU2ICUeASs+bCTsnApfEVtaEPO9HhjDgn
sCif2K0MIKpmxL/Lyq5rpszFGuP1jBDuuYME/PHvVWyz14zfSeFPp1pSQnJb2obS
okG4IaDtXGYb9CaVMWjcwpTkE4j8rXuUvngyQ9I8mpD3rrQ3m27Cot6mARfhsqHs
9FhVxlfbhHGlqJszKUvEACMckfRhtdxWZr3xLUzGpYdnUu+sKG8/1N+Neq4LbJTa
kCrFaDr25N1xhquG2UAiJdRkkQz+iKaaFLYNDGz/0Q2qqkFctfQkNpjB2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCnHsxDcr72K117MElbccw7/dnw0MB8GA1UdIwQY
MBaAFDOMGGi1Y4DgjEX4H/5h3TKB1ml+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTR3WWFMVmpnT0NNUmZnZl9tSGRNb0hXYVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80MjQxMWUtZTdhYi00NjQ1LTlhNGIt
MTZkYmE1NDNiNTU4LzEvS2NlekVOeXZ2WXJYWHN3U1Z0eHpEdjkyZkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80MjQxMWUtZTdhYi00NjQ1LTlhNGItMTZkYmE1NDNiNTU4
LzEvTTR3WWFMVmpnT0NNUmZnZl9tSGRNb0hXYVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOnQDAN
BgkqhkiG9w0BAQsFAAOCAQEAVWrdSL6JzJtIPCTszwbztyNt2duIfFNs65HvNw1A
uKqLwQfNI+3eP2Wqax+sTTCyNHUZoqnCgrbT2K7dB5H82c5eOyIM366Q4VQW3ojd
p8Ed6XCiaacmKqWpw76MLcO/kKOpBkVuDBFC9E+qW1GVUDRYZ+ukqATLbDUm3MhO
fdHYXN4p8dADH8iotXmScirwQXooCH2krm9HO/gSLcwqV3eGbHiH4Cn7y4d+bDcv
a7N4ygpoU6K+HiGOCN8plhdHbGBxtTIJBnMTPbq9NnWG5mnX08M6MUnm1FzCl8M0
RoBJyC42/GrVs5M0zREFzHmi8VAtmGdOD64QOsRCeyjJiw==
-----END CERTIFICATE-----