Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/3VzQjANxDb46ITb2aabngNBm6gE.roa
File:                     3VzQjANxDb46ITb2aabngNBm6gE.roa (raw, json)
Hash identifier:          JwFT/MHJt9foHacB/cVDAhosMU7fAl8ZePW5sejP5+o=
Subject key identifier:   DD:5C:D0:8C:03:71:0D:BE:3A:21:36:F6:69:A6:E7:80:D0:66:EA:01
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C5DABE88AF10699D36EF844B095FF4200
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/3VzQjANxDb46ITb2aabngNBm6gE.roa
Signing time:             Sat 14 Feb 2026 19:41:12 +0000
ROA not before:           Sat 14 Feb 2026 19:41:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        2a0d:d940:3d::/48 maxlen: 48
                          2a0d:d940:90a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5d:ab:e8:8a:f1:06:99:d3:6e:f8:44:b0:95:ff:42:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 14 19:41:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd5cd08c03710dbe3a2136f669a6e780d066ea01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:eb:59:5c:26:17:91:94:bc:c9:da:89:1f:9f:
                    00:6b:df:a8:c8:ef:1c:17:9e:61:b4:65:8b:3e:8b:
                    a9:32:48:b2:48:55:17:38:0e:3c:db:de:05:d7:0e:
                    7d:bc:ac:f7:93:0b:6e:7f:0b:30:2b:bc:20:f3:4f:
                    f4:68:82:39:b2:b0:20:fa:7a:77:44:53:10:c7:62:
                    8c:51:db:78:76:2e:97:30:d7:e2:22:12:fe:5e:e6:
                    42:c0:15:e7:cb:c8:3d:99:d8:87:94:fe:d0:07:fb:
                    82:fc:af:95:44:7e:a2:13:70:cd:63:ed:ba:e1:04:
                    dd:29:29:07:ee:9d:5a:40:86:c5:dc:fd:2e:c6:a8:
                    e2:4b:96:74:b3:85:a5:4b:56:cb:6c:b6:6f:d6:b9:
                    9b:e7:54:95:42:e0:bc:80:80:0a:d1:00:7e:26:3a:
                    2a:84:8d:fe:e1:2a:c6:a8:f7:03:a1:aa:3c:f3:d0:
                    cd:6f:fa:b7:b4:6c:0b:90:00:d2:46:78:c1:b8:ff:
                    3c:99:b4:1e:2d:15:d3:3c:8d:9a:25:6e:7e:62:df:
                    15:c3:03:58:3d:e9:38:fc:e1:4e:f7:2b:78:9b:f9:
                    25:89:95:fe:23:44:81:dc:63:fa:11:be:3d:20:c0:
                    9e:95:c8:84:10:e2:78:56:fc:46:93:fc:ed:af:dd:
                    5f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5C:D0:8C:03:71:0D:BE:3A:21:36:F6:69:A6:E7:80:D0:66:EA:01
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/3VzQjANxDb46ITb2aabngNBm6gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:3d::/48
                  2a0d:d940:90a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:5a:bf:d1:22:7b:5e:3c:1a:55:60:46:70:5e:9a:55:a2:d9:
         0a:37:49:cc:7e:72:ab:96:4f:2f:93:48:74:96:a7:bb:35:5e:
         15:73:59:5e:89:2e:17:d8:61:8f:e5:91:e1:57:cb:e2:99:d6:
         2e:7f:0d:f1:b1:9b:91:33:2e:f8:ca:46:00:6a:2b:c4:d4:d0:
         9b:66:24:f1:9d:6c:b0:04:99:d3:93:7e:25:c1:5a:a2:29:68:
         d9:22:ad:86:c6:de:4e:20:3b:11:be:e3:cb:a5:98:b9:73:13:
         29:fd:21:09:cc:3a:f9:b4:b0:f9:34:c3:ae:aa:75:d5:7d:f9:
         39:58:12:80:f7:bd:cf:08:cf:2d:5c:d6:be:49:c5:00:5f:63:
         e2:11:f2:97:20:ef:e5:b7:82:29:62:92:c6:d2:2e:79:14:7b:
         87:13:5f:fb:02:9e:0d:f0:8f:b8:86:f0:aa:4d:8c:ce:da:6e:
         57:5e:8b:d6:e4:ed:94:fa:c0:27:c0:8c:42:7d:42:73:2a:0c:
         6f:f3:f4:48:47:b1:d9:fb:ef:6e:fb:94:f0:42:9a:e0:35:86:
         a1:0c:b4:99:42:81:57:bd:d3:b1:79:1f:90:ac:81:ca:6c:6c:
         e1:be:d5:22:a1:c2:d0:f9:3e:7b:26:92:02:30:3a:86:06:41:
         1c:27:e8:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxdq+iK8QaZ0274RLCV/0IAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjE0MTk0MTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVjZDA4YzAzNzEwZGJlM2EyMTM2ZjY2OWE2ZTc4MGQwNjZlYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0utZXCYXkZS8ydqJH58Aa9+oyO8c
F55htGWLPoupMkiySFUXOA48294F1w59vKz3kwtufwswK7wg80/0aII5srAg+np3
RFMQx2KMUdt4di6XMNfiIhL+XuZCwBXny8g9mdiHlP7QB/uC/K+VRH6iE3DNY+26
4QTdKSkH7p1aQIbF3P0uxqjiS5Z0s4WlS1bLbLZv1rmb51SVQuC8gIAK0QB+Jjoq
hI3+4SrGqPcDoao889DNb/q3tGwLkADSRnjBuP88mbQeLRXTPI2aJW5+Yt8VwwNY
Pek4/OFO9yt4m/kliZX+I0SB3GP6Eb49IMCelciEEOJ4VvxGk/ztr91f2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN1c0IwDcQ2+OiE29mmm54DQZuoBMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvM1Z6UWpBTnhEYjQ2SVRiMmFhYm5nTkJtNmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQAA9
AwcAKg3ZQJCgMA0GCSqGSIb3DQEBCwUAA4IBAQCHWr/RIntePBpVYEZwXppVotkK
N0nMfnKrlk8vk0h0lqe7NV4Vc1leiS4X2GGP5ZHhV8vimdYufw3xsZuRMy74ykYA
aivE1NCbZiTxnWywBJnTk34lwVqiKWjZIq2Gxt5OIDsRvuPLpZi5cxMp/SEJzDr5
tLD5NMOuqnXVffk5WBKA973PCM8tXNa+ScUAX2PiEfKXIO/lt4IpYpLG0i55FHuH
E1/7Ap4N8I+4hvCqTYzO2m5XXovW5O2U+sAnwIxCfUJzKgxv8/RIR7HZ++9u+5Tw
QprgNYahDLSZQoFXvdOxeR+QrIHKbGzhvtUiocLQ+T57JpICMDqGBkEcJ+hG
-----END CERTIFICATE-----