Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/vwGIFE9db7TftAoGd3C3W-aOIvM.roa
File:                     vwGIFE9db7TftAoGd3C3W-aOIvM.roa (raw, json)
Hash identifier:          IpQ9e6i0QOWHjhuSrVzJFLUXvkKOTWlsK5mfL4KLjHw=
Subject key identifier:   BF:01:88:14:4F:5D:6F:B4:DF:B4:0A:06:77:70:B7:5B:E6:8E:22:F3
Certificate issuer:       /CN=61877ef7bbb1b1898aacd57b8a8ffc2b0e442a65
Certificate serial:       019C81BF0BF67BD9D0F38B13B60A454C217E
Authority key identifier: 61:87:7E:F7:BB:B1:B1:89:8A:AC:D5:7B:8A:8F:FC:2B:0E:44:2A:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYd-97uxsYmKrNV7io_8Kw5EKmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/vwGIFE9db7TftAoGd3C3W-aOIvM.roa
Signing time:             Sat 21 Feb 2026 19:48:27 +0000
ROA not before:           Sat 21 Feb 2026 19:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197537
IP address blocks:        2a13:e8c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/YYd-97uxsYmKrNV7io_8Kw5EKmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/YYd-97uxsYmKrNV7io_8Kw5EKmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYd-97uxsYmKrNV7io_8Kw5EKmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 15:05:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:81:bf:0b:f6:7b:d9:d0:f3:8b:13:b6:0a:45:4c:21:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61877ef7bbb1b1898aacd57b8a8ffc2b0e442a65
        Validity
            Not Before: Feb 21 19:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf0188144f5d6fb4dfb40a067770b75be68e22f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c7:6b:4f:7f:ca:9f:82:c1:09:fe:6d:f8:cf:
                    38:2f:7b:a7:73:76:f8:27:76:3f:c4:a1:67:24:3f:
                    3f:23:ea:c6:b2:54:71:22:04:c6:6b:cb:cb:26:f0:
                    1f:09:a2:7f:19:06:42:45:34:b9:c3:e6:70:87:f3:
                    13:ec:d0:ec:9e:1b:45:82:92:ed:7c:28:c3:f0:51:
                    f4:4a:9c:c8:82:f1:52:07:72:2c:ef:f8:71:bc:1f:
                    7b:cf:ab:db:ca:8c:ed:4f:f1:9b:99:70:7e:8a:d9:
                    ea:a2:83:2d:19:08:e6:82:02:df:1c:6a:3f:e2:c9:
                    36:50:5b:92:27:0a:4f:77:f8:66:39:8e:7a:8f:f7:
                    94:9f:17:fa:bf:06:ea:cc:27:8b:63:a3:2b:23:04:
                    44:93:2f:08:90:17:bf:84:d1:6b:11:62:cc:bf:d1:
                    1f:0f:36:0a:ee:e5:47:3d:72:4c:bf:f9:1d:6c:a4:
                    39:13:da:26:68:49:25:9b:6b:49:dd:fa:8c:0e:4d:
                    3b:5f:3b:7d:df:85:ac:5e:ec:ba:6a:bf:e7:6c:f7:
                    3d:34:3c:f0:75:01:78:27:14:09:c1:0f:be:58:d2:
                    6d:1f:02:cc:4d:de:17:0f:f0:60:cd:a0:b5:b6:d1:
                    1a:da:95:5c:49:2a:60:b9:ed:6d:1c:33:f3:77:64:
                    29:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:01:88:14:4F:5D:6F:B4:DF:B4:0A:06:77:70:B7:5B:E6:8E:22:F3
            X509v3 Authority Key Identifier:
                keyid:61:87:7E:F7:BB:B1:B1:89:8A:AC:D5:7B:8A:8F:FC:2B:0E:44:2A:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYd-97uxsYmKrNV7io_8Kw5EKmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/vwGIFE9db7TftAoGd3C3W-aOIvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6b12fc-83db-4d1e-bf07-ee94dbe46a02/1/YYd-97uxsYmKrNV7io_8Kw5EKmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:b1:70:44:14:10:d3:bc:92:68:2c:a4:3e:b6:7f:65:2f:28:
         22:b4:1f:02:18:ac:a3:56:58:51:93:ff:d1:89:1c:f2:42:c5:
         f6:1d:67:a0:a0:bb:2f:a0:c8:9d:b7:ca:d9:55:66:80:b9:7d:
         c3:6f:76:32:75:b5:d0:67:0e:56:64:2a:0a:7e:4d:8f:11:53:
         cb:2a:ff:03:52:01:dc:ca:b9:20:d0:81:a2:1a:24:ae:97:d8:
         45:fb:ba:49:b0:06:1c:cd:a2:4c:ae:ba:1c:76:28:ed:e9:e4:
         7a:a0:a3:52:20:2c:33:71:2a:c3:c4:ab:57:b2:9c:8c:64:d8:
         eb:8b:15:d0:fb:3e:58:b0:d7:a1:31:62:64:f3:74:4e:6c:80:
         80:fb:12:c6:da:74:b6:00:02:06:2c:b7:ae:9f:ef:48:98:77:
         0a:e4:e6:2a:b1:5a:62:11:69:59:b1:65:4f:77:0e:22:05:52:
         a8:b3:4d:fd:2e:0a:19:05:2d:8b:1e:e1:ff:5e:b9:10:8e:a3:
         e7:b4:69:dd:b7:53:89:73:ef:9a:82:87:4e:7d:e8:bc:43:69:
         7e:0d:ea:2b:01:cc:86:5b:f1:9d:d7:5a:bc:2d:41:5b:fe:29:
         68:38:36:7a:bc:1a:62:7c:23:7f:80:15:b1:9d:87:ca:f2:7e:
         ed:3a:63:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyBvwv2e9nQ84sTtgpFTCF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODc3ZWY3YmJiMWIxODk4YWFjZDU3YjhhOGZmYzJiMGU0
NDJhNjUwHhcNMjYwMjIxMTk0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjAxODgxNDRmNWQ2ZmI0ZGZiNDBhMDY3NzcwYjc1YmU2OGUyMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMdrT3/Kn4LBCf5t+M84L3unc3b4
J3Y/xKFnJD8/I+rGslRxIgTGa8vLJvAfCaJ/GQZCRTS5w+Zwh/MT7NDsnhtFgpLt
fCjD8FH0SpzIgvFSB3Is7/hxvB97z6vbyoztT/GbmXB+itnqooMtGQjmggLfHGo/
4sk2UFuSJwpPd/hmOY56j/eUnxf6vwbqzCeLY6MrIwREky8IkBe/hNFrEWLMv9Ef
DzYK7uVHPXJMv/kdbKQ5E9omaEklm2tJ3fqMDk07Xzt934WsXuy6ar/nbPc9NDzw
dQF4JxQJwQ++WNJtHwLMTd4XD/BgzaC1ttEa2pVcSSpgue1tHDPzd2QpvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL8BiBRPXW+037QKBndwt1vmjiLzMB8GA1UdIwQY
MBaAFGGHfve7sbGJiqzVe4qP/CsORCplMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlkLTk3dXhzWW1Lck5WN2lvXzhLdzVFS21VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82YjEyZmMtODNkYi00ZDFlLWJmMDct
ZWU5NGRiZTQ2YTAyLzEvdndHSUZFOWRiN1RmdEFvR2QzQzNXLWFPSXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82YjEyZmMtODNkYi00ZDFlLWJmMDctZWU5NGRiZTQ2YTAy
LzEvWVlkLTk3dXhzWW1Lck5WN2lvXzhLdzVFS21VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPowDAN
BgkqhkiG9w0BAQsFAAOCAQEAAbFwRBQQ07ySaCykPrZ/ZS8oIrQfAhiso1ZYUZP/
0Ykc8kLF9h1noKC7L6DInbfK2VVmgLl9w292MnW10GcOVmQqCn5NjxFTyyr/A1IB
3Mq5INCBohokrpfYRfu6SbAGHM2iTK66HHYo7enkeqCjUiAsM3Eqw8SrV7KcjGTY
64sV0Ps+WLDXoTFiZPN0TmyAgPsSxtp0tgACBiy3rp/vSJh3CuTmKrFaYhFpWbFl
T3cOIgVSqLNN/S4KGQUtix7h/165EI6j57Rp3bdTiXPvmoKHTn3ovENpfg3qKwHM
hlvxnddavC1BW/4paDg2erwaYnwjf4AVsZ2HyvJ+7Tpjow==
-----END CERTIFICATE-----