Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/G_3AbkBvxlIP88eiGt3CS6nBjms.roa
File:                     G_3AbkBvxlIP88eiGt3CS6nBjms.roa (raw, json)
Hash identifier:          HxmAkTnKX1MXFmf40b0A8DoHMlH+AhQxL52OcvMUs9Q=
Subject key identifier:   1B:FD:C0:6E:40:6F:C6:52:0F:F3:C7:A2:1A:DD:C2:4B:A9:C1:8E:6B
Certificate issuer:       /CN=e0df3344513176252a2cb690bcf705d6498111f5
Certificate serial:       019C61EAA2D1548B62A870116CFAF8181ADD
Authority key identifier: E0:DF:33:44:51:31:76:25:2A:2C:B6:90:BC:F7:05:D6:49:81:11:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N8zRFExdiUqLLaQvPcF1kmBEfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/G_3AbkBvxlIP88eiGt3CS6nBjms.roa
Signing time:             Sun 15 Feb 2026 15:28:12 +0000
ROA not before:           Sun 15 Feb 2026 15:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200397
IP address blocks:        156.67.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/4N8zRFExdiUqLLaQvPcF1kmBEfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/4N8zRFExdiUqLLaQvPcF1kmBEfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N8zRFExdiUqLLaQvPcF1kmBEfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:61:ea:a2:d1:54:8b:62:a8:70:11:6c:fa:f8:18:1a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0df3344513176252a2cb690bcf705d6498111f5
        Validity
            Not Before: Feb 15 15:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bfdc06e406fc6520ff3c7a21addc24ba9c18e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:74:7f:c3:c2:60:36:95:15:e6:f0:1c:f8:24:
                    d8:86:e1:7d:6a:f4:a8:c2:80:cd:5f:e7:48:87:43:
                    1b:6e:8f:53:93:24:57:9a:20:4d:a1:89:92:54:e4:
                    8c:b0:59:2a:fa:2e:51:51:bf:15:cd:30:3a:3a:ec:
                    32:37:b7:99:88:af:a5:6d:4c:b6:19:70:cc:b0:31:
                    96:44:13:89:0e:48:e5:f0:19:5b:80:bd:39:2a:c4:
                    e7:07:39:01:fb:10:59:25:97:e2:55:da:9f:a1:20:
                    f6:fe:e0:c3:6e:81:a6:4f:68:30:60:39:5e:f0:13:
                    9b:fe:c2:0e:ed:c1:20:90:ba:f1:cc:9a:98:81:76:
                    8f:fd:7f:f0:96:9f:da:88:c1:40:04:42:ea:85:bb:
                    f1:23:db:2a:d6:13:43:06:13:5d:b3:90:91:70:4a:
                    aa:f5:10:e6:10:5c:dd:10:84:8b:ad:35:33:0f:9e:
                    1b:a6:98:43:31:6b:dc:95:d7:67:6a:b4:37:f3:4e:
                    10:a1:a1:85:4f:9e:ed:32:40:71:d9:1c:ca:07:41:
                    e3:62:93:4f:3a:7d:d9:37:a5:ba:6c:60:77:15:c7:
                    41:17:cf:00:bc:85:bb:99:aa:2f:31:48:1d:1d:08:
                    b9:98:a2:db:47:31:73:94:98:3b:6b:04:74:b8:7b:
                    23:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FD:C0:6E:40:6F:C6:52:0F:F3:C7:A2:1A:DD:C2:4B:A9:C1:8E:6B
            X509v3 Authority Key Identifier:
                keyid:E0:DF:33:44:51:31:76:25:2A:2C:B6:90:BC:F7:05:D6:49:81:11:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N8zRFExdiUqLLaQvPcF1kmBEfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/G_3AbkBvxlIP88eiGt3CS6nBjms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/cc3b6e-b749-45f1-a868-25e21c9e7de9/1/4N8zRFExdiUqLLaQvPcF1kmBEfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:56:dc:be:57:0d:65:d0:33:20:40:9b:6e:24:aa:85:82:7a:
         5b:ed:e7:30:3c:5b:6d:49:4e:0d:8e:37:28:f4:c8:be:c4:fd:
         3f:cd:50:32:96:4a:bf:4d:ba:d7:e4:ed:51:74:dd:42:ab:b2:
         f4:4d:0f:e8:be:d0:cc:e9:12:53:a8:e6:66:86:85:b9:a2:06:
         56:09:67:77:d3:b1:17:40:20:55:5f:f2:98:7e:48:31:d8:13:
         53:3b:49:c3:de:fe:7d:a6:46:19:96:16:ca:c8:a7:0d:c7:13:
         71:31:94:25:8a:d1:fc:fd:4f:4c:f6:e4:46:75:0f:69:38:7b:
         98:59:98:52:71:cd:95:17:dd:e7:85:1f:da:30:fd:9a:72:0f:
         53:8e:9c:04:a1:7d:d0:01:cc:21:2f:a0:c0:7d:46:77:e8:18:
         b2:d7:5e:0b:62:ff:bc:89:c5:d2:5c:47:95:ef:30:a4:d0:a4:
         75:f1:6b:d0:a7:72:36:84:31:07:d0:94:87:91:6e:6c:de:cd:
         65:c9:ec:6f:47:a0:b5:30:78:5a:d1:b4:0e:6f:31:b5:42:92:
         bd:be:02:fc:b3:10:41:21:f1:40:3d:5f:cb:d3:3b:b8:90:8a:
         7a:44:ce:39:2f:39:99:a1:e9:cd:fd:f4:22:3f:60:32:6d:ed:
         a3:7e:a6:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxh6qLRVItiqHARbPr4GBrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGYzMzQ0NTEzMTc2MjUyYTJjYjY5MGJjZjcwNWQ2NDk4
MTExZjUwHhcNMjYwMjE1MTUyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZkYzA2ZTQwNmZjNjUyMGZmM2M3YTIxYWRkYzI0YmE5YzE4ZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonR/w8JgNpUV5vAc+CTYhuF9avSo
woDNX+dIh0Mbbo9TkyRXmiBNoYmSVOSMsFkq+i5RUb8VzTA6OuwyN7eZiK+lbUy2
GXDMsDGWRBOJDkjl8BlbgL05KsTnBzkB+xBZJZfiVdqfoSD2/uDDboGmT2gwYDle
8BOb/sIO7cEgkLrxzJqYgXaP/X/wlp/aiMFABELqhbvxI9sq1hNDBhNds5CRcEqq
9RDmEFzdEISLrTUzD54bpphDMWvclddnarQ3804QoaGFT57tMkBx2RzKB0HjYpNP
On3ZN6W6bGB3FcdBF88AvIW7maovMUgdHQi5mKLbRzFzlJg7awR0uHsjMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBv9wG5Ab8ZSD/PHohrdwkupwY5rMB8GA1UdIwQY
MBaAFODfM0RRMXYlKiy2kLz3BdZJgRH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE44elJGRXhkaVVxTExhUXZQY0Yxa21CRWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9jYzNiNmUtYjc0OS00NWYxLWE4Njgt
MjVlMjFjOWU3ZGU5LzEvR18zQWJrQnZ4bElQODhlaUd0M0NTNm5Cam1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9jYzNiNmUtYjc0OS00NWYxLWE4NjgtMjVlMjFjOWU3ZGU5
LzEvNE44elJGRXhkaVVxTExhUXZQY0Yxa21CRWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnEMHMA0G
CSqGSIb3DQEBCwUAA4IBAQBOVty+Vw1l0DMgQJtuJKqFgnpb7ecwPFttSU4Njjco
9Mi+xP0/zVAylkq/TbrX5O1RdN1Cq7L0TQ/ovtDM6RJTqOZmhoW5ogZWCWd307EX
QCBVX/KYfkgx2BNTO0nD3v59pkYZlhbKyKcNxxNxMZQlitH8/U9M9uRGdQ9pOHuY
WZhScc2VF93nhR/aMP2acg9TjpwEoX3QAcwhL6DAfUZ36Biy114LYv+8icXSXEeV
7zCk0KR18WvQp3I2hDEH0JSHkW5s3s1lyexvR6C1MHha0bQObzG1QpK9vgL8sxBB
IfFAPV/L0zu4kIp6RM45LzmZoenN/fQiP2Aybe2jfqba
-----END CERTIFICATE-----