Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/ZHGn3_tg-Mfmy7H9B_1aaqTZHgs.roa
File:                     ZHGn3_tg-Mfmy7H9B_1aaqTZHgs.roa (raw, json)
Hash identifier:          kp5fhsXFebs7/vXxko2b9o0UIBd+QGOAQRgsqBOjvQA=
Subject key identifier:   64:71:A7:DF:FB:60:F8:C7:E6:CB:B1:FD:07:FD:5A:6A:A4:D9:1E:0B
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       019C7A25565B1290F43BBB5FCAFB5893E54C
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/ZHGn3_tg-Mfmy7H9B_1aaqTZHgs.roa
Signing time:             Fri 20 Feb 2026 08:23:13 +0000
ROA not before:           Fri 20 Feb 2026 08:23:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206230
IP address blocks:        185.170.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:25:56:5b:12:90:f4:3b:bb:5f:ca:fb:58:93:e5:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Feb 20 08:23:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6471a7dffb60f8c7e6cbb1fd07fd5a6aa4d91e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f7:1c:73:10:d1:b3:e8:c7:89:59:47:57:0e:
                    2c:a4:f4:19:c4:4b:a1:7f:7c:7b:cb:fd:d3:41:66:
                    2b:bd:d1:0a:c0:a4:1c:f7:aa:a1:96:23:8d:06:30:
                    97:34:14:22:ce:2c:de:76:a1:a0:0a:e4:21:14:2a:
                    d9:35:c6:f0:77:03:67:ae:69:ab:0b:af:4a:6b:61:
                    8f:5c:d6:6b:9a:8f:4e:2c:41:42:06:23:aa:9b:08:
                    20:a5:3a:13:66:61:79:34:d2:af:13:58:37:bb:a1:
                    66:a0:83:c6:a9:7b:d0:46:02:67:41:e1:33:9c:ba:
                    9b:7e:8e:1a:a7:d4:18:a5:cf:e4:3f:25:19:75:49:
                    fb:69:9a:52:d2:cd:5f:4c:19:a7:b8:20:bb:f7:65:
                    12:7d:d5:bc:fa:6d:12:71:ff:ff:11:b6:56:f6:1b:
                    ff:f6:36:e8:57:70:12:11:4c:db:50:42:f7:9d:26:
                    4a:b6:d1:71:78:b1:fb:eb:f8:4d:e2:05:49:36:05:
                    94:66:36:b8:ac:e7:4c:a7:24:d7:76:34:ae:b5:db:
                    09:b7:2b:f3:6f:ff:80:95:e0:52:0e:c8:dc:35:92:
                    30:dc:9a:e0:70:30:18:9a:fc:1a:43:56:46:c8:b5:
                    9b:c4:b8:48:de:39:d2:b7:c1:b8:e0:cf:9b:86:78:
                    bf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:71:A7:DF:FB:60:F8:C7:E6:CB:B1:FD:07:FD:5A:6A:A4:D9:1E:0B
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/ZHGn3_tg-Mfmy7H9B_1aaqTZHgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:34:46:d7:56:86:74:b6:ef:37:12:68:20:dd:6c:c1:1e:ea:
         07:1a:2e:b1:51:93:e2:c3:49:a2:96:ec:d0:93:cb:15:80:98:
         1d:2f:de:c0:c5:0a:20:56:95:2b:01:8c:6f:7f:cb:c5:a0:1b:
         c4:10:fa:7d:d2:90:ff:01:9a:81:ac:c1:80:bd:8a:a6:82:76:
         71:7d:0b:6c:73:0f:a9:5b:0a:77:1d:c3:a0:97:a2:3d:a5:a6:
         f3:c7:bf:40:b3:83:94:ab:67:42:2a:4e:d8:df:b3:74:38:46:
         f5:71:0e:fb:3e:77:d8:49:76:1b:26:47:60:47:de:06:0e:88:
         33:c5:4a:89:38:b8:54:bc:7b:4f:21:ca:a5:90:b5:2d:25:52:
         73:3c:aa:36:cc:69:56:eb:5d:71:2c:59:69:d2:da:9f:ff:1d:
         30:4b:6a:5d:f6:e3:0c:5e:03:65:6a:97:a6:61:f4:c9:8d:aa:
         7e:78:ee:79:67:6e:92:6c:59:2f:e0:b8:65:e9:fa:46:d7:ef:
         c5:41:fc:95:33:5a:04:59:12:0e:00:83:17:6c:fb:cc:93:6e:
         bf:39:05:ad:4f:c2:54:ea:b9:4b:7d:0e:ea:83:6b:b3:88:46:
         90:f2:ce:08:41:89:4c:6e:ca:00:b3:b3:8c:3c:c1:a4:c8:0e:
         8a:41:fb:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx6JVZbEpD0O7tfyvtYk+VMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjYwMjIwMDgyMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDcxYTdkZmZiNjBmOGM3ZTZjYmIxZmQwN2ZkNWE2YWE0ZDkxZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/cccxDRs+jHiVlHVw4spPQZxEuh
f3x7y/3TQWYrvdEKwKQc96qhliONBjCXNBQizizedqGgCuQhFCrZNcbwdwNnrmmr
C69Ka2GPXNZrmo9OLEFCBiOqmwggpToTZmF5NNKvE1g3u6FmoIPGqXvQRgJnQeEz
nLqbfo4ap9QYpc/kPyUZdUn7aZpS0s1fTBmnuCC792USfdW8+m0Scf//EbZW9hv/
9jboV3ASEUzbUEL3nSZKttFxeLH76/hN4gVJNgWUZja4rOdMpyTXdjSutdsJtyvz
b/+AleBSDsjcNZIw3JrgcDAYmvwaQ1ZGyLWbxLhI3jnSt8G44M+bhni/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRxp9/7YPjH5sux/Qf9Wmqk2R4LMB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvWkhHbjNfdGctTWZteTdIOUJfMWFhcVRaSGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqQMA0G
CSqGSIb3DQEBCwUAA4IBAQAVNEbXVoZ0tu83Emgg3WzBHuoHGi6xUZPiw0miluzQ
k8sVgJgdL97AxQogVpUrAYxvf8vFoBvEEPp90pD/AZqBrMGAvYqmgnZxfQtscw+p
Wwp3HcOgl6I9pabzx79As4OUq2dCKk7Y37N0OEb1cQ77PnfYSXYbJkdgR94GDogz
xUqJOLhUvHtPIcqlkLUtJVJzPKo2zGlW611xLFlp0tqf/x0wS2pd9uMMXgNlapem
YfTJjap+eO55Z26SbFkv4Lhl6fpG1+/FQfyVM1oEWRIOAIMXbPvMk26/OQWtT8JU
6rlLfQ7qg2uziEaQ8s4IQYlMbsoAs7OMPMGkyA6KQftf
-----END CERTIFICATE-----