Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/3yADdDDzcZW_FNyfLRFjmJYJIcY.roa
File:                     3yADdDDzcZW_FNyfLRFjmJYJIcY.roa (raw, json)
Hash identifier:          vhBQD1/rqueuWkSga6Bimchj7hsJoyusDZ80Vt3wI/g=
Subject key identifier:   DF:20:03:74:30:F3:71:95:BF:14:DC:9F:2D:11:63:98:96:09:21:C6
Certificate issuer:       /CN=64a0db102703082c7ca554abb5b22760018d563f
Certificate serial:       019C8A0A2633F56A89C058DE27287795D5C9
Authority key identifier: 64:A0:DB:10:27:03:08:2C:7C:A5:54:AB:B5:B2:27:60:01:8D:56:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/3yADdDDzcZW_FNyfLRFjmJYJIcY.roa
Signing time:             Mon 23 Feb 2026 10:27:26 +0000
ROA not before:           Mon 23 Feb 2026 10:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207937
IP address blocks:        45.66.16.0/22 maxlen: 24
                          217.179.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:0a:26:33:f5:6a:89:c0:58:de:27:28:77:95:d5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a0db102703082c7ca554abb5b22760018d563f
        Validity
            Not Before: Feb 23 10:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df20037430f37195bf14dc9f2d116398960921c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b4:64:c9:1f:ab:e6:0e:41:a9:80:be:4f:72:
                    83:a2:7a:c7:d6:e8:c4:9b:64:66:2f:73:15:7e:f1:
                    66:69:8b:c5:30:0c:19:b4:14:00:c5:c9:80:38:c2:
                    5e:5e:ce:32:11:4f:21:47:a2:65:ff:e0:66:53:3f:
                    fa:d0:55:8a:24:57:23:74:b7:88:b1:15:48:5d:c9:
                    e9:1d:08:11:b4:11:9d:46:01:98:39:fa:d7:8e:b0:
                    c9:18:88:26:c3:dd:bf:62:12:7a:95:d3:e1:4b:ef:
                    c4:b1:09:6d:d1:07:49:40:6f:2a:67:61:2f:71:21:
                    ba:6e:fe:c5:fc:cb:59:6c:b6:96:31:6b:65:23:4c:
                    1c:31:25:34:c1:fd:7b:7e:e8:e3:9c:6d:43:c5:46:
                    bc:06:17:3d:e1:de:f4:de:88:93:56:2c:54:e3:01:
                    ba:43:da:62:92:20:c4:db:d3:de:35:9e:69:3d:77:
                    a0:e6:4f:c1:95:80:3f:32:7a:9f:29:fe:50:6d:29:
                    8d:e7:70:7a:b6:1c:67:39:50:16:f3:a9:20:33:15:
                    aa:2f:34:8b:72:54:af:73:29:d9:f8:96:6c:6d:72:
                    82:8f:d1:a9:b8:9f:10:75:29:36:55:d3:86:fe:13:
                    57:7b:23:d4:4e:40:e8:24:fe:dd:15:52:f3:f5:d5:
                    67:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:20:03:74:30:F3:71:95:BF:14:DC:9F:2D:11:63:98:96:09:21:C6
            X509v3 Authority Key Identifier:
                keyid:64:A0:DB:10:27:03:08:2C:7C:A5:54:AB:B5:B2:27:60:01:8D:56:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKDbECcDCCx8pVSrtbInYAGNVj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/3yADdDDzcZW_FNyfLRFjmJYJIcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f9a00a-84ee-47a0-9ea1-f179db5f04b6/1/ZKDbECcDCCx8pVSrtbInYAGNVj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.16.0/22
                  217.179.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:92:a5:a2:d7:2e:59:c8:17:ea:a9:c4:88:f1:8d:73:d4:9a:
         70:e1:de:a3:b3:42:bd:ec:76:5c:5e:f3:1b:eb:72:3d:c3:0a:
         81:cc:14:6e:a1:0b:8a:3d:92:9d:de:0f:59:a2:c9:a7:37:6e:
         75:50:cb:9c:ac:b7:5a:72:83:30:dc:df:14:1c:96:b6:da:3c:
         06:2c:c9:36:e6:8f:f1:59:1f:f2:6f:12:2e:b1:d9:e7:41:f8:
         57:98:37:9b:de:12:92:20:1c:f9:ce:46:ee:3c:e0:0b:54:55:
         f9:bd:60:25:4d:83:45:dc:0d:08:6d:43:3f:e1:8c:db:79:6d:
         ad:2e:6c:f2:ff:64:5b:cb:0f:63:0b:e1:ce:20:57:05:3c:cd:
         b1:10:1e:4e:77:aa:99:b5:5f:4f:9e:42:32:91:72:93:d7:4d:
         58:a5:60:eb:0f:6b:43:cc:1c:66:5e:07:46:40:f0:06:bf:36:
         9b:f9:d5:89:6f:2b:83:05:ba:85:e9:aa:f8:72:6c:d6:cc:0c:
         67:06:c7:23:48:4b:ca:df:8e:b1:8d:42:d0:6e:b2:61:61:58:
         ee:53:c0:e0:2a:01:2c:11:f5:b6:5d:0b:26:58:b4:08:90:bf:
         a8:11:18:df:70:90:0a:64:e4:46:86:6e:f9:4e:77:21:96:2e:
         1d:86:b3:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyKCiYz9WqJwFjeJyh3ldXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTBkYjEwMjcwMzA4MmM3Y2E1NTRhYmI1YjIyNzYwMDE4
ZDU2M2YwHhcNMjYwMjIzMTAyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjIwMDM3NDMwZjM3MTk1YmYxNGRjOWYyZDExNjM5ODk2MDkyMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrRkyR+r5g5BqYC+T3KDonrH1ujE
m2RmL3MVfvFmaYvFMAwZtBQAxcmAOMJeXs4yEU8hR6Jl/+BmUz/60FWKJFcjdLeI
sRVIXcnpHQgRtBGdRgGYOfrXjrDJGIgmw92/YhJ6ldPhS+/EsQlt0QdJQG8qZ2Ev
cSG6bv7F/MtZbLaWMWtlI0wcMSU0wf17fujjnG1DxUa8Bhc94d703oiTVixU4wG6
Q9pikiDE29PeNZ5pPXeg5k/BlYA/MnqfKf5QbSmN53B6thxnOVAW86kgMxWqLzSL
clSvcynZ+JZsbXKCj9GpuJ8QdSk2VdOG/hNXeyPUTkDoJP7dFVLz9dVnhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN8gA3Qw83GVvxTcny0RY5iWCSHGMB8GA1UdIwQY
MBaAFGSg2xAnAwgsfKVUq7WyJ2ABjVY/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktEYkVDY0RDQ3g4cFZTcnRiSW5ZQUdOVmo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9mOWEwMGEtODRlZS00N2EwLTllYTEt
ZjE3OWRiNWYwNGI2LzEvM3lBRGRERHpjWldfRk55ZkxSRmptSllKSWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9mOWEwMGEtODRlZS00N2EwLTllYTEtZjE3OWRiNWYwNGI2
LzEvWktEYkVDY0RDQ3g4cFZTcnRiSW5ZQUdOVmo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLUIQAwQA
2bN/MA0GCSqGSIb3DQEBCwUAA4IBAQAUkqWi1y5ZyBfqqcSI8Y1z1Jpw4d6js0K9
7HZcXvMb63I9wwqBzBRuoQuKPZKd3g9ZosmnN251UMucrLdacoMw3N8UHJa22jwG
LMk25o/xWR/ybxIusdnnQfhXmDeb3hKSIBz5zkbuPOALVFX5vWAlTYNF3A0IbUM/
4YzbeW2tLmzy/2Rbyw9jC+HOIFcFPM2xEB5Od6qZtV9PnkIykXKT101YpWDrD2tD
zBxmXgdGQPAGvzab+dWJbyuDBbqF6ar4cmzWzAxnBscjSEvK346xjULQbrJhYVju
U8DgKgEsEfW2XQsmWLQIkL+oERjfcJAKZORGhm75Tnchli4dhrOQ
-----END CERTIFICATE-----