Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/3IIIbSHlsPEX9RgLw-Kb17hhjPE.roa
File:                     3IIIbSHlsPEX9RgLw-Kb17hhjPE.roa (raw, json)
Hash identifier:          Uesym/7PxOu6F5IAqXjQ/0zdOEg1mfv/28criAnhfi8=
Subject key identifier:   DC:82:08:6D:21:E5:B0:F1:17:F5:18:0B:C3:E2:9B:D7:B8:61:8C:F1
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019C76C6E85D774D623FC5C0FDD4E3A137F8
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/3IIIbSHlsPEX9RgLw-Kb17hhjPE.roa
Signing time:             Thu 19 Feb 2026 16:41:12 +0000
ROA not before:           Thu 19 Feb 2026 16:41:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        195.226.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:76:c6:e8:5d:77:4d:62:3f:c5:c0:fd:d4:e3:a1:37:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Feb 19 16:41:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc82086d21e5b0f117f5180bc3e29bd7b8618cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:3b:e2:5d:69:9f:2a:50:6c:ed:17:4c:c3:43:
                    a4:fb:f8:1d:01:db:f1:ba:5a:bf:bd:ce:b1:be:d7:
                    ec:84:ac:f4:54:15:d7:49:5e:d4:86:f4:02:4b:02:
                    9f:25:7a:4f:20:1c:22:78:34:d6:de:14:58:94:28:
                    54:fb:9d:33:7e:b1:a9:18:15:b4:42:29:c0:4e:6d:
                    68:f5:8b:56:3a:2f:5f:de:5c:6e:27:38:95:0f:0b:
                    53:f7:18:b9:ac:13:67:95:66:6e:6a:1a:ea:87:8e:
                    d7:a7:4e:5f:2f:bd:7f:24:50:79:31:00:7c:cf:86:
                    a1:a3:59:43:02:1a:7f:ae:69:ae:f3:8f:0f:cd:bc:
                    95:3d:75:22:ea:77:cb:3a:64:bf:a6:4b:e8:56:03:
                    e3:08:d2:cd:df:f2:4d:1a:07:79:6c:63:f7:f0:b0:
                    2b:d0:6f:f2:19:74:ff:b3:a8:42:93:64:8e:2b:f7:
                    3a:68:c1:79:dc:88:03:6a:d4:9d:3b:98:06:8a:a5:
                    2a:77:d1:54:d5:d6:f5:9c:5a:85:ac:65:1d:56:50:
                    e1:fe:85:60:0f:ae:58:a4:74:26:98:cd:99:b3:0b:
                    9a:d2:2c:b3:c5:ab:64:db:ad:e0:ca:85:62:5c:dd:
                    64:1c:86:99:af:f9:79:b0:19:70:ae:3b:3c:c3:29:
                    ba:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:82:08:6D:21:E5:B0:F1:17:F5:18:0B:C3:E2:9B:D7:B8:61:8C:F1
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/3IIIbSHlsPEX9RgLw-Kb17hhjPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:a1:5c:ed:cc:db:44:b6:95:ff:f3:cf:ac:1b:50:e9:61:d4:
         3f:b2:6c:ca:67:8f:39:98:c1:56:9d:11:bf:4a:94:cc:66:0c:
         3b:28:02:15:53:f0:3d:72:ec:48:ef:b8:bb:0d:f6:b3:10:4f:
         69:b5:a6:39:f5:82:e1:9b:75:7b:bd:ae:db:c2:b1:5d:92:d6:
         38:e2:4f:15:c6:26:c4:c8:4c:81:f8:c7:ec:67:17:28:bd:f8:
         ba:ce:74:98:8d:22:ed:d3:d4:32:2c:72:22:dc:30:43:de:c1:
         60:a5:90:3d:a5:37:6d:6f:09:e8:df:1d:70:81:c9:51:e7:63:
         8f:a9:6f:f1:78:9d:ad:f1:ef:60:5b:dd:a2:e4:60:91:89:bb:
         ef:f7:81:dc:77:40:17:1a:8e:92:16:f1:d5:92:92:0c:ce:f6:
         22:7a:a1:99:cb:e1:9b:c0:04:00:50:55:83:ed:0e:9f:c5:8b:
         fa:2b:e6:6f:2e:51:ce:37:e3:d6:48:8f:b7:51:38:63:bf:d5:
         d9:19:e8:82:db:32:32:3a:34:9e:d7:88:d4:a0:d4:87:aa:2c:
         46:a2:92:78:a4:70:c1:76:b8:e2:93:f4:ee:95:9e:45:ec:a8:
         99:73:6c:c5:88:01:01:22:71:2a:6d:19:69:ba:7c:31:a0:3d:
         58:d6:4c:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx2xuhdd01iP8XA/dTjoTf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMjE5MTY0MTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzgyMDg2ZDIxZTViMGYxMTdmNTE4MGJjM2UyOWJkN2I4NjE4Y2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+zviXWmfKlBs7RdMw0Ok+/gdAdvx
ulq/vc6xvtfshKz0VBXXSV7UhvQCSwKfJXpPIBwieDTW3hRYlChU+50zfrGpGBW0
QinATm1o9YtWOi9f3lxuJziVDwtT9xi5rBNnlWZuahrqh47Xp05fL71/JFB5MQB8
z4aho1lDAhp/rmmu848PzbyVPXUi6nfLOmS/pkvoVgPjCNLN3/JNGgd5bGP38LAr
0G/yGXT/s6hCk2SOK/c6aMF53IgDatSdO5gGiqUqd9FU1db1nFqFrGUdVlDh/oVg
D65YpHQmmM2Zswua0iyzxatk263gyoViXN1kHIaZr/l5sBlwrjs8wym6OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyCCG0h5bDxF/UYC8Pim9e4YYzxMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvM0lJSWJTSGxzUEVYOVJnTHctS2IxN2hoalBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+JdMA0G
CSqGSIb3DQEBCwUAA4IBAQBEoVztzNtEtpX/88+sG1DpYdQ/smzKZ485mMFWnRG/
SpTMZgw7KAIVU/A9cuxI77i7DfazEE9ptaY59YLhm3V7va7bwrFdktY44k8VxibE
yEyB+MfsZxcovfi6znSYjSLt09QyLHIi3DBD3sFgpZA9pTdtbwno3x1wgclR52OP
qW/xeJ2t8e9gW92i5GCRibvv94Hcd0AXGo6SFvHVkpIMzvYieqGZy+GbwAQAUFWD
7Q6fxYv6K+ZvLlHON+PWSI+3UThjv9XZGeiC2zIyOjSe14jUoNSHqixGopJ4pHDB
drjik/TulZ5F7KiZc2zFiAEBInEqbRlpunwxoD1Y1kw5
-----END CERTIFICATE-----