Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/3n3qv-NIFDfYNIwq893hOV2mItU.roa
File:                     3n3qv-NIFDfYNIwq893hOV2mItU.roa (raw, json)
Hash identifier:          fPlKtrxURx2WVwQAzRf5x0bQA1CR4xrOvVBRMEkFGho=
Subject key identifier:   DE:7D:EA:BF:E3:48:14:37:D8:34:8C:2A:F3:DD:E1:39:5D:A6:22:D5
Certificate issuer:       /CN=45767054d193a3b8d6c2c009f59cf643e149e39f
Certificate serial:       019B7F83F0DDCEF692C6470660EAD7B358C1
Authority key identifier: 45:76:70:54:D1:93:A3:B8:D6:C2:C0:09:F5:9C:F6:43:E1:49:E3:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/3n3qv-NIFDfYNIwq893hOV2mItU.roa
Signing time:             Fri 02 Jan 2026 16:21:51 +0000
ROA not before:           Fri 02 Jan 2026 16:21:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43351
IP address blocks:        195.66.69.0/24 maxlen: 24
                          2001:67c:2dd8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:f0:dd:ce:f6:92:c6:47:06:60:ea:d7:b3:58:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45767054d193a3b8d6c2c009f59cf643e149e39f
        Validity
            Not Before: Jan  2 16:21:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de7deabfe3481437d8348c2af3dde1395da622d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6b:fd:6c:d4:38:19:48:c0:dd:1f:2c:87:ea:
                    f6:2e:e5:08:6c:87:4f:e2:9a:61:75:30:54:0c:d9:
                    41:4a:8a:34:1d:81:d9:dc:14:83:8e:15:17:ea:b0:
                    1f:be:26:38:0e:d7:2c:fc:5c:c1:ce:83:39:79:39:
                    c5:c2:22:63:d9:9c:ec:1a:96:76:f8:6d:4e:af:9c:
                    53:4e:00:d1:3f:ac:b3:2f:ec:b6:15:57:8e:ee:fd:
                    fe:87:ee:cc:6b:ea:4a:44:94:f8:f7:d5:00:a9:44:
                    97:7d:5c:e0:ec:2b:96:87:18:c6:d8:e3:a2:56:3f:
                    7c:b8:95:78:e9:30:63:b6:cd:45:1b:ba:97:b2:6a:
                    6e:3d:e7:d9:88:4e:76:e8:b3:1e:e0:5d:5f:eb:25:
                    fb:09:c0:dc:1c:2c:28:76:2a:26:7c:34:b1:fa:ff:
                    cd:cf:be:e1:fa:4e:c1:da:01:a0:e3:f2:45:27:d1:
                    a2:a5:9d:1e:65:4e:9f:3c:53:cb:45:c2:c9:03:34:
                    b6:13:e5:fb:92:bf:33:c0:e9:5f:00:b9:72:ec:d9:
                    8b:04:86:92:e4:be:a4:38:9b:bc:c4:34:ee:bc:70:
                    03:e0:42:fe:ed:56:3c:c9:a9:ce:f1:32:be:75:6c:
                    18:22:aa:4b:ea:cc:e7:cb:89:33:14:62:58:5e:71:
                    89:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7D:EA:BF:E3:48:14:37:D8:34:8C:2A:F3:DD:E1:39:5D:A6:22:D5
            X509v3 Authority Key Identifier:
                keyid:45:76:70:54:D1:93:A3:B8:D6:C2:C0:09:F5:9C:F6:43:E1:49:E3:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/3n3qv-NIFDfYNIwq893hOV2mItU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28a3a9-fd43-489c-bcc8-b80a23ac7893/1/RXZwVNGTo7jWwsAJ9Zz2Q-FJ458.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.69.0/24
                IPv6:
                  2001:67c:2dd8::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:0b:ab:f4:75:b5:63:6b:db:f4:d6:25:35:a9:9e:22:68:fb:
         7e:41:de:41:40:b1:c6:0c:cc:75:59:59:a2:01:6d:a9:42:39:
         bd:74:b9:de:80:72:ff:fd:69:aa:db:68:d5:25:70:e6:67:0f:
         b9:a7:3c:a3:b8:87:55:aa:94:2c:11:7a:4a:a7:23:c8:c5:56:
         92:e3:1a:ec:5b:c5:64:be:e4:73:cf:b0:e9:a9:6f:e8:89:a0:
         91:34:5c:9f:0d:9b:4e:7a:5c:8f:72:ec:9b:f6:c6:2a:d1:2e:
         f6:61:f6:dd:1c:12:c4:13:73:c2:80:c7:c9:5d:35:7c:6f:53:
         d1:a5:aa:4e:4f:6b:e4:3b:4d:b8:1c:b0:b5:8e:b8:f2:07:f3:
         e6:be:49:44:a2:21:37:9b:5b:b0:f6:3e:d3:a9:8b:aa:1b:0f:
         aa:59:79:43:52:94:25:a3:38:dd:de:20:9b:63:77:92:62:c5:
         59:a7:85:36:52:97:3d:da:d5:0d:1e:41:8c:82:f9:54:e3:fd:
         31:8e:97:b2:7e:8b:76:46:ef:02:c1:a7:d7:04:60:66:4a:f0:
         ce:bb:7f:b1:a8:74:8f:e5:f9:ac:89:b0:a8:58:10:5e:9c:7a:
         14:b6:e0:f2:b5:64:2f:e6:aa:41:84:e4:c6:f6:70:95:c9:ee:
         c6:fe:6b:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt/g/DdzvaSxkcGYOrXs1jBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NzY3MDU0ZDE5M2EzYjhkNmMyYzAwOWY1OWNmNjQzZTE0
OWUzOWYwHhcNMjYwMTAyMTYyMTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdkZWFiZmUzNDgxNDM3ZDgzNDhjMmFmM2RkZTEzOTVkYTYyMmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Wv9bNQ4GUjA3R8sh+r2LuUIbIdP
4pphdTBUDNlBSoo0HYHZ3BSDjhUX6rAfviY4Dtcs/FzBzoM5eTnFwiJj2ZzsGpZ2
+G1Or5xTTgDRP6yzL+y2FVeO7v3+h+7Ma+pKRJT499UAqUSXfVzg7CuWhxjG2OOi
Vj98uJV46TBjts1FG7qXsmpuPefZiE526LMe4F1f6yX7CcDcHCwodiomfDSx+v/N
z77h+k7B2gGg4/JFJ9GipZ0eZU6fPFPLRcLJAzS2E+X7kr8zwOlfALly7NmLBIaS
5L6kOJu8xDTuvHAD4EL+7VY8yanO8TK+dWwYIqpL6szny4kzFGJYXnGJCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN596r/jSBQ32DSMKvPd4TldpiLVMB8GA1UdIwQY
MBaAFEV2cFTRk6O41sLACfWc9kPhSeOfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlhad1ZOR1RvN2pXd3NBSjlaejJRLUZKNDU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yOGEzYTktZmQ0My00ODljLWJjYzgt
YjgwYTIzYWM3ODkzLzEvM24zcXYtTklGRGZZTkl3cTg5M2hPVjJtSXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yOGEzYTktZmQ0My00ODljLWJjYzgtYjgwYTIzYWM3ODkz
LzEvUlhad1ZOR1RvN2pXd3NBSjlaejJRLUZKNDU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw0JFMA8E
AgACMAkDBwAgAQZ8LdgwDQYJKoZIhvcNAQELBQADggEBAG0Lq/R1tWNr2/TWJTWp
niJo+35B3kFAscYMzHVZWaIBbalCOb10ud6Acv/9aarbaNUlcOZnD7mnPKO4h1Wq
lCwRekqnI8jFVpLjGuxbxWS+5HPPsOmpb+iJoJE0XJ8Nm056XI9y7Jv2xirRLvZh
9t0cEsQTc8KAx8ldNXxvU9Glqk5Pa+Q7TbgcsLWOuPIH8+a+SUSiITebW7D2PtOp
i6obD6pZeUNSlCWjON3eIJtjd5JixVmnhTZSlz3a1Q0eQYyC+VTj/TGOl7J+i3ZG
7wLBp9cEYGZK8M67f7GodI/l+ayJsKhYEF6cehS24PK1ZC/mqkGE5Mb2cJXJ7sb+
a6Q=
-----END CERTIFICATE-----