Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/a3awGspUbD83lR3SbJMhhWhWXUU.roa
File:                     a3awGspUbD83lR3SbJMhhWhWXUU.roa (raw, json)
Hash identifier:          4wacv1ZaHYO9NbaUGd81FOMwUiV7hBGJzXqLo1BRDrY=
Subject key identifier:   6B:76:B0:1A:CA:54:6C:3F:37:95:1D:D2:6C:93:21:85:68:56:5D:45
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019CA0558C70C0E5A68D419D969A229FC4C1
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/a3awGspUbD83lR3SbJMhhWhWXUU.roa
Signing time:             Fri 27 Feb 2026 18:21:26 +0000
ROA not before:           Fri 27 Feb 2026 18:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46635
IP address blocks:        162.218.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a0:55:8c:70:c0:e5:a6:8d:41:9d:96:9a:22:9f:c4:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Feb 27 18:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b76b01aca546c3f37951dd26c93218568565d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2a:d1:50:ee:d5:e7:74:19:a1:4a:98:3a:29:
                    e4:86:d4:15:06:0d:47:16:0b:c1:57:e8:b0:9d:29:
                    e4:7e:d7:dc:e8:d0:ad:c2:84:84:24:95:8f:43:e6:
                    83:67:d3:57:33:5b:ca:0c:e6:c5:2e:3b:64:b3:e2:
                    bb:aa:cc:02:cc:16:bb:51:a4:92:3e:87:3b:a5:30:
                    5d:bd:4f:f8:6b:34:39:a8:74:60:be:ab:3a:35:fa:
                    16:3b:ba:e2:14:3f:fb:5a:77:5c:bf:c9:50:1f:87:
                    f4:81:e8:a4:32:63:fe:98:32:2b:3b:46:bd:5f:a8:
                    32:10:81:82:b9:d3:c0:63:a5:72:22:fb:30:cd:d5:
                    83:6c:9e:70:79:af:f5:4d:20:95:b9:31:ed:a5:35:
                    66:6e:c3:bd:12:05:0e:6e:e3:5b:c1:a3:10:d9:11:
                    66:a7:28:43:44:ce:58:85:a9:5f:ae:be:dd:13:94:
                    03:25:a9:00:58:4f:45:98:b3:6a:8b:4e:38:63:93:
                    6f:d9:c1:d3:81:a0:bc:7d:63:ba:22:18:ee:04:60:
                    7d:7a:47:0f:d0:c0:0a:20:05:6f:4b:df:61:d9:d5:
                    86:e1:74:8c:bc:57:56:51:70:62:ea:4a:36:67:01:
                    c8:1b:d9:16:85:40:d7:c1:26:c3:ff:49:c0:4d:6b:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:76:B0:1A:CA:54:6C:3F:37:95:1D:D2:6C:93:21:85:68:56:5D:45
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/a3awGspUbD83lR3SbJMhhWhWXUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.218.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b9:70:39:a7:9c:56:7c:11:be:39:7b:c0:75:23:4a:e9:17:
         09:1a:a8:a0:3e:c0:f6:ae:2e:f6:fb:4f:90:c1:d8:54:86:1d:
         0b:7a:cc:38:13:f3:6f:f9:56:46:12:3c:6b:cd:33:17:06:88:
         7f:b7:86:75:66:86:a0:ce:4f:7e:a1:56:b8:37:a4:f6:74:ef:
         39:82:da:a4:9b:66:d7:a6:bf:17:91:43:9b:2f:4a:50:80:b4:
         db:3e:de:60:e7:e2:00:91:67:94:f9:ec:90:f3:5d:9b:c6:2e:
         8e:27:0b:41:35:b2:c8:3c:57:86:8e:4a:70:09:49:8e:4d:13:
         9b:8f:fb:c4:5a:56:2d:df:23:eb:24:25:24:b0:76:36:45:dc:
         b5:e4:65:2b:18:e8:66:53:87:c3:ae:3b:3c:c5:68:3f:15:cc:
         43:7a:65:be:72:f4:06:6c:9a:cb:dc:34:99:18:8e:32:4d:7c:
         e1:3d:1e:d8:d3:74:57:7b:9f:c4:64:af:9f:fe:dc:00:c0:bb:
         7e:9d:a8:da:3d:23:dd:53:f3:de:bc:3b:94:f3:24:41:07:af:
         75:9c:62:a5:7b:f4:bc:3e:63:34:df:92:9d:f0:42:7e:1f:d9:
         4f:ca:fb:82:01:28:82:ea:d3:b5:24:93:3d:9e:6c:98:84:4a:
         d5:39:f7:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZygVYxwwOWmjUGdlpoin8TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMjI3MTgyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc2YjAxYWNhNTQ2YzNmMzc5NTFkZDI2YzkzMjE4NTY4NTY1ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSrRUO7V53QZoUqYOinkhtQVBg1H
FgvBV+iwnSnkftfc6NCtwoSEJJWPQ+aDZ9NXM1vKDObFLjtks+K7qswCzBa7UaSS
Poc7pTBdvU/4azQ5qHRgvqs6NfoWO7riFD/7Wndcv8lQH4f0geikMmP+mDIrO0a9
X6gyEIGCudPAY6VyIvswzdWDbJ5wea/1TSCVuTHtpTVmbsO9EgUObuNbwaMQ2RFm
pyhDRM5Yhalfrr7dE5QDJakAWE9FmLNqi044Y5Nv2cHTgaC8fWO6IhjuBGB9ekcP
0MAKIAVvS99h2dWG4XSMvFdWUXBi6ko2ZwHIG9kWhUDXwSbD/0nATWuwzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGt2sBrKVGw/N5Ud0myTIYVoVl1FMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvYTNhd0dzcFViRDgzbFIzU2JKTWhoV2hXWFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAotpeMA0G
CSqGSIb3DQEBCwUAA4IBAQCBuXA5p5xWfBG+OXvAdSNK6RcJGqigPsD2ri72+0+Q
wdhUhh0Lesw4E/Nv+VZGEjxrzTMXBoh/t4Z1Zoagzk9+oVa4N6T2dO85gtqkm2bX
pr8XkUObL0pQgLTbPt5g5+IAkWeU+eyQ812bxi6OJwtBNbLIPFeGjkpwCUmOTROb
j/vEWlYt3yPrJCUksHY2Rdy15GUrGOhmU4fDrjs8xWg/FcxDemW+cvQGbJrL3DSZ
GI4yTXzhPR7Y03RXe5/EZK+f/twAwLt+najaPSPdU/PevDuU8yRBB691nGKle/S8
PmM035Kd8EJ+H9lPyvuCASiC6tO1JJM9nmyYhErVOfeN
-----END CERTIFICATE-----