Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/p3gPfuFdg2rqrSBfl0UDEUdNbjM.roa
File:                     p3gPfuFdg2rqrSBfl0UDEUdNbjM.roa (raw, json)
Hash identifier:          bWC6ioqLuy3JQURX6TTBBncQtFn3EtAYrnrtm+JIq5g=
Subject key identifier:   A7:78:0F:7E:E1:5D:83:6A:EA:AD:20:5F:97:45:03:11:47:4D:6E:33
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       019C9E3DF7D6BDB41276781B864104F2E378
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/p3gPfuFdg2rqrSBfl0UDEUdNbjM.roa
Signing time:             Fri 27 Feb 2026 08:36:27 +0000
ROA not before:           Fri 27 Feb 2026 08:36:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213661
IP address blocks:        2a0d:c2c0:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:3d:f7:d6:bd:b4:12:76:78:1b:86:41:04:f2:e3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Feb 27 08:36:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7780f7ee15d836aeaad205f97450311474d6e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:83:3e:77:b7:a1:8c:74:4e:dd:a2:ed:eb:
                    34:d9:31:9c:5f:e1:39:cb:30:dd:84:7a:bd:a1:4b:
                    1e:24:cc:9a:4f:68:a7:59:f6:fb:81:cf:f9:fe:6d:
                    c4:0c:81:5c:fd:fa:b6:73:58:a8:fa:66:92:ba:c9:
                    2e:54:6c:4b:9c:8e:f5:82:ab:6f:a8:c0:c6:68:47:
                    c6:a6:55:05:21:7d:fc:18:62:cc:1a:c4:f6:bb:a3:
                    df:53:0d:a5:1c:51:ac:4e:29:54:52:48:91:3a:dc:
                    f2:eb:15:16:92:0a:39:26:1c:8f:03:fb:12:0d:50:
                    7c:02:ab:6a:9e:41:11:05:8a:71:55:2d:57:1c:89:
                    fe:60:88:58:68:f5:69:fc:45:5f:04:af:66:33:bb:
                    2a:9e:7c:38:d2:52:da:74:58:15:0f:98:d5:55:e9:
                    1a:56:87:9d:e3:60:10:04:14:21:c4:55:64:84:d6:
                    b9:e3:8e:3b:83:84:35:d0:09:ce:4f:0b:83:6a:19:
                    a4:81:2c:d4:f3:d0:d8:29:c1:c5:e0:dc:83:a6:0f:
                    a8:2b:de:6f:cc:9a:3d:5b:9d:c6:ae:84:d9:f5:09:
                    ff:3a:8b:a8:6d:b7:c0:3f:73:60:65:f5:c7:24:f6:
                    39:5e:b2:1a:88:0c:aa:94:ce:d1:af:60:66:ed:09:
                    81:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:78:0F:7E:E1:5D:83:6A:EA:AD:20:5F:97:45:03:11:47:4D:6E:33
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/p3gPfuFdg2rqrSBfl0UDEUdNbjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:c2c0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:ee:b5:58:d4:d4:90:e8:35:ea:e2:7e:14:4c:7c:2a:8e:d8:
         3a:9e:c7:63:88:52:b6:88:51:35:02:3c:9a:19:67:fd:0e:d4:
         23:e2:01:75:7f:c8:2d:56:ef:d5:9f:93:13:37:c0:38:25:7a:
         5a:e7:79:25:d7:87:14:37:0b:80:f9:0f:8e:a3:84:bd:15:33:
         34:47:ef:23:55:3c:9d:af:0b:79:86:6b:63:16:e2:17:ea:42:
         f7:a5:4d:46:51:58:b7:26:a8:67:76:ce:1d:28:e4:8d:94:a4:
         9a:14:be:ba:22:bb:bd:7a:a1:e0:74:6b:a1:ba:ac:d3:06:50:
         46:08:c5:bf:be:3b:e3:79:3e:9b:56:a5:b7:ae:4c:5f:ae:65:
         13:c0:20:6d:e5:12:36:7d:45:73:fe:8a:6e:0c:59:20:ad:ce:
         23:52:d8:bc:7b:8a:e6:b8:d4:ab:57:35:9c:cb:ff:98:d3:5f:
         a0:5a:b5:39:74:39:7f:9d:37:9e:7a:d0:69:95:c0:84:00:c4:
         d9:8d:12:7b:73:b9:a9:f8:79:df:f5:e8:61:f8:b9:14:55:d1:
         ea:55:88:e2:6d:95:0b:6d:55:74:23:59:44:c3:4d:b5:d0:08:
         90:f1:61:52:b4:20:d1:37:1e:f0:e3:61:95:6f:e6:f6:52:3b:
         e5:1c:19:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyePffWvbQSdngbhkEE8uN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjYwMjI3MDgzNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzc4MGY3ZWUxNWQ4MzZhZWFhZDIwNWY5NzQ1MDMxMTQ3NGQ2ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9uDPne3oYx0Tt2i7es02TGcX+E5
yzDdhHq9oUseJMyaT2inWfb7gc/5/m3EDIFc/fq2c1io+maSuskuVGxLnI71gqtv
qMDGaEfGplUFIX38GGLMGsT2u6PfUw2lHFGsTilUUkiROtzy6xUWkgo5JhyPA/sS
DVB8AqtqnkERBYpxVS1XHIn+YIhYaPVp/EVfBK9mM7sqnnw40lLadFgVD5jVVeka
Voed42AQBBQhxFVkhNa54447g4Q10AnOTwuDahmkgSzU89DYKcHF4NyDpg+oK95v
zJo9W53GroTZ9Qn/OouobbfAP3NgZfXHJPY5XrIaiAyqlM7Rr2Bm7QmBeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKd4D37hXYNq6q0gX5dFAxFHTW4zMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvcDNnUGZ1RmRnMnJxclNCZmwwVURFVWROYmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3CwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ7rVY1NSQ6DXq4n4UTHwqjtg6nsdjiFK2iFE1
AjyaGWf9DtQj4gF1f8gtVu/Vn5MTN8A4JXpa53kl14cUNwuA+Q+Oo4S9FTM0R+8j
VTydrwt5hmtjFuIX6kL3pU1GUVi3Jqhnds4dKOSNlKSaFL66Iru9eqHgdGuhuqzT
BlBGCMW/vjvjeT6bVqW3rkxfrmUTwCBt5RI2fUVz/opuDFkgrc4jUti8e4rmuNSr
VzWcy/+Y01+gWrU5dDl/nTeeetBplcCEAMTZjRJ7c7mp+Hnf9ehh+LkUVdHqVYji
bZULbVV0I1lEw0210AiQ8WFStCDRNx7w42GVb+b2UjvlHBlz
-----END CERTIFICATE-----