Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3TVp01e3tsqq8fe4ztkvdGsPxbM.roa
File:                     3TVp01e3tsqq8fe4ztkvdGsPxbM.roa (raw, json)
Hash identifier:          nHkT7TTB515dzi7UyOQB9XbvHzLus3ROwiBdooVmzWM=
Subject key identifier:   DD:35:69:D3:57:B7:B6:CA:AA:F1:F7:B8:CE:D9:2F:74:6B:0F:C5:B3
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019C7474BD3508AC57B78917B58679D7032E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3TVp01e3tsqq8fe4ztkvdGsPxbM.roa
Signing time:             Thu 19 Feb 2026 05:52:13 +0000
ROA not before:           Thu 19 Feb 2026 05:52:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3223
IP address blocks:        81.180.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:74:74:bd:35:08:ac:57:b7:89:17:b5:86:79:d7:03:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 19 05:52:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd3569d357b7b6caaaf1f7b8ced92f746b0fc5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f6:db:15:89:c5:a6:01:38:74:c3:d8:dc:89:
                    a0:d7:85:b3:af:e1:af:c1:97:a5:23:e1:80:3a:14:
                    98:a7:af:1a:f7:49:6d:a4:f6:d7:11:fa:03:13:3b:
                    84:4a:e4:87:43:18:9a:4f:a9:fb:7e:60:94:b6:27:
                    c8:f0:e5:ff:e2:12:0c:a8:2c:17:e8:5b:45:f1:64:
                    63:71:73:ab:af:d2:f7:75:49:ed:c2:f8:97:46:f4:
                    d6:e2:24:75:b8:62:75:07:1e:7a:33:87:25:d4:9b:
                    2d:c2:38:1a:a8:7e:4e:2a:7f:94:4c:9b:a3:c3:64:
                    53:df:e6:fb:de:65:16:ed:89:4c:37:39:d7:e4:5d:
                    9e:cc:7e:f5:82:48:a2:01:ef:91:a9:e5:13:fd:da:
                    2d:1f:85:9f:40:8f:26:aa:4a:2c:7d:0f:75:92:dc:
                    2f:88:58:5a:cb:74:93:3f:23:95:b4:b6:88:04:d8:
                    b0:cf:12:65:57:6d:a2:3d:97:07:98:30:7e:ef:0b:
                    f4:a7:bc:95:3e:a9:02:35:0d:cb:89:04:ee:bb:6a:
                    1a:26:dc:98:28:41:9f:84:17:02:cc:e2:51:55:6a:
                    9b:bc:e6:48:af:e8:ab:c4:b3:f5:d1:b0:4a:26:90:
                    57:30:88:a4:3d:8e:86:94:94:44:60:74:5a:8c:ff:
                    8c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:35:69:D3:57:B7:B6:CA:AA:F1:F7:B8:CE:D9:2F:74:6B:0F:C5:B3
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3TVp01e3tsqq8fe4ztkvdGsPxbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.180.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:c8:f5:19:e9:de:46:8f:25:d3:12:22:b0:34:e7:fe:78:ef:
         be:f8:da:08:3c:96:2a:65:67:89:3a:e0:7d:64:b6:5f:24:62:
         a1:5c:35:31:22:83:94:e0:d5:72:ff:b8:1a:f8:ab:cc:42:a4:
         1d:87:91:90:9a:31:7a:b7:51:02:66:43:6a:68:64:91:0f:22:
         2e:2d:dd:01:c4:08:e5:b6:cd:de:2e:c6:d5:35:93:c1:1f:d2:
         40:04:3c:4a:10:01:33:4a:7e:c1:4d:d7:fa:da:95:0e:6f:cc:
         6d:2f:64:73:f5:bd:44:77:3d:43:28:95:96:2f:3e:03:09:eb:
         c4:ea:dd:aa:52:dc:46:df:fe:3d:33:c7:5d:89:ff:70:7f:db:
         53:56:82:b5:27:16:3d:23:2a:42:49:e2:f0:9e:68:6c:e0:b2:
         ec:ea:3f:7d:8a:fc:2d:ba:63:24:25:74:c8:dd:fa:62:66:8f:
         4d:91:b9:58:d4:83:c1:e7:b5:db:1f:1a:5e:7e:c1:df:a0:07:
         50:4f:86:ab:b1:aa:12:c2:ee:c4:31:bb:31:ef:48:dc:06:37:
         62:a5:76:6a:29:8e:4a:0e:66:da:a7:73:3e:82:4d:8f:83:14:
         37:88:85:2e:b8:4a:a2:61:07:5c:f7:73:a3:a1:93:33:f1:0e:
         88:59:ae:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx0dL01CKxXt4kXtYZ51wMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMjE5MDU1MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM1NjlkMzU3YjdiNmNhYWFmMWY3YjhjZWQ5MmY3NDZiMGZjNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfbbFYnFpgE4dMPY3Img14Wzr+Gv
wZelI+GAOhSYp68a90ltpPbXEfoDEzuESuSHQxiaT6n7fmCUtifI8OX/4hIMqCwX
6FtF8WRjcXOrr9L3dUntwviXRvTW4iR1uGJ1Bx56M4cl1JstwjgaqH5OKn+UTJuj
w2RT3+b73mUW7YlMNznX5F2ezH71gkiiAe+RqeUT/dotH4WfQI8mqkosfQ91ktwv
iFhay3STPyOVtLaIBNiwzxJlV22iPZcHmDB+7wv0p7yVPqkCNQ3LiQTuu2oaJtyY
KEGfhBcCzOJRVWqbvOZIr+irxLP10bBKJpBXMIikPY6GlJREYHRajP+MoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN01adNXt7bKqvH3uM7ZL3RrD8WzMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvM1RWcDAxZTN0c3FxOGZlNHp0a3ZkR3NQeGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUbTKMA0G
CSqGSIb3DQEBCwUAA4IBAQCJyPUZ6d5GjyXTEiKwNOf+eO+++NoIPJYqZWeJOuB9
ZLZfJGKhXDUxIoOU4NVy/7ga+KvMQqQdh5GQmjF6t1ECZkNqaGSRDyIuLd0BxAjl
ts3eLsbVNZPBH9JABDxKEAEzSn7BTdf62pUOb8xtL2Rz9b1Edz1DKJWWLz4DCevE
6t2qUtxG3/49M8ddif9wf9tTVoK1JxY9IypCSeLwnmhs4LLs6j99ivwtumMkJXTI
3fpiZo9NkblY1IPB57XbHxpefsHfoAdQT4arsaoSwu7EMbsx70jcBjdipXZqKY5K
Dmbap3M+gk2PgxQ3iIUuuEqiYQdc93OjoZMz8Q6IWa6C
-----END CERTIFICATE-----