Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS206766.roa
File:                     AS206766.roa (raw, json)
Hash identifier:          8ECQvtOSE730LUIFQ6hamOHw7+5Dp77TM2p8/azmhZw=
Subject key identifier:   E0:A4:4C:EF:37:A6:C2:EF:67:30:23:0A:40:EE:DC:A9:6E:6D:A0:AB
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2F6083831FCA382500C8B35B77ECB959F5B4E75E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS206766.roa
Signing time:             Sat 21 Feb 2026 09:49:36 +0000
ROA not before:           Sat 21 Feb 2026 09:44:36 +0000
ROA not after:            Sat 20 Feb 2027 09:49:36 +0000
asID:                     206766
IP address blocks:        91.199.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:60:83:83:1f:ca:38:25:00:c8:b3:5b:77:ec:b9:59:f5:b4:e7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 21 09:44:36 2026 GMT
            Not After : Feb 20 09:49:36 2027 GMT
        Subject: CN=E0A44CEF37A6C2EF6730230A40EEDCA96E6DA0AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:28:cc:e9:2e:3a:c9:69:1f:1f:d0:6c:5f:4d:
                    31:51:70:aa:b3:e1:45:fe:0a:26:05:c6:10:11:28:
                    ec:e8:0c:18:5d:62:57:79:93:d3:85:84:12:24:a1:
                    47:55:53:05:b2:b2:95:cf:8c:94:2d:83:3a:26:34:
                    d8:ce:2a:98:3e:4c:83:70:95:70:71:c2:62:73:01:
                    cf:9a:6e:bf:a4:d2:9d:42:c2:c8:76:91:10:fe:a4:
                    a1:d3:0a:21:ad:59:dd:da:56:8b:de:a8:41:60:2e:
                    f1:43:66:2e:91:6e:ae:a0:99:19:d9:45:c7:b5:34:
                    99:a8:89:81:15:78:03:29:f7:e5:33:a7:b5:c8:39:
                    c6:85:ad:48:d3:6d:35:ce:90:e1:98:75:65:9d:67:
                    b5:5c:eb:61:22:dc:3e:d3:2d:63:0d:2b:48:7a:5e:
                    7f:e7:9a:83:39:98:dc:03:69:4a:0d:7f:49:7b:fe:
                    18:88:0a:ff:54:ff:a0:8f:ff:f1:c0:82:b6:c7:81:
                    77:10:e9:ae:58:26:18:bf:bd:ad:bc:76:7a:b0:f5:
                    81:08:b4:be:73:4d:9d:54:07:05:e5:df:80:29:2f:
                    05:de:e9:1e:c5:19:79:4f:c5:fa:0e:66:d1:8c:88:
                    35:d6:32:22:b2:a9:a0:38:9a:27:c1:e5:f2:de:c9:
                    e7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A4:4C:EF:37:A6:C2:EF:67:30:23:0A:40:EE:DC:A9:6E:6D:A0:AB
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS206766.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:70:35:7e:09:06:75:f4:36:52:7d:03:14:81:1d:3d:10:49:
         42:9e:a7:da:a3:b8:15:2b:81:7a:c0:08:da:c4:5e:ba:0a:52:
         d9:02:ef:cd:87:e3:6e:5e:7b:be:b0:42:c0:00:17:dc:e8:ad:
         c0:96:7f:81:be:79:d0:cf:eb:0a:94:d4:b9:94:82:05:a4:94:
         84:08:9e:11:cb:4d:92:ff:15:09:77:cb:02:19:76:fa:d9:6b:
         6c:c2:fd:9f:07:8d:11:27:36:fb:cc:7c:be:37:f1:2c:95:4d:
         5f:50:36:b3:aa:30:cc:f3:03:a6:5c:ad:bc:4d:8c:ef:38:f2:
         8b:22:fb:a7:bd:1e:d8:03:0c:43:22:94:13:e7:bb:17:c7:90:
         ac:e3:7e:3c:67:96:df:7c:a7:6a:aa:e6:7c:5a:24:ff:35:22:
         1f:0a:1a:80:aa:1d:f8:72:c6:92:c6:b6:94:23:2d:04:06:17:
         97:0d:43:2d:2a:62:89:8d:51:15:95:18:23:ca:81:26:01:a3:
         d4:d2:3b:0b:50:a7:98:b9:f0:d7:1e:f0:96:ab:7c:48:c2:10:
         c1:61:6d:e1:81:f3:c6:7e:11:5b:7f:19:04:88:75:99:3f:f6:
         76:99:3f:23:74:e7:ed:96:aa:8b:17:1f:ea:97:38:f5:3f:87:
         a6:76:16:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUL2CDgx/KOCUAyLNbd+y5WfW0514wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMjEwOTQ0MzZaFw0yNzAyMjAwOTQ5MzZaMDMxMTAvBgNV
BAMTKEUwQTQ0Q0VGMzdBNkMyRUY2NzMwMjMwQTQwRUVEQ0E5NkU2REEwQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTKMzpLjrJaR8f0GxfTTFRcKqz
4UX+CiYFxhARKOzoDBhdYld5k9OFhBIkoUdVUwWyspXPjJQtgzomNNjOKpg+TINw
lXBxwmJzAc+abr+k0p1Cwsh2kRD+pKHTCiGtWd3aVoveqEFgLvFDZi6Rbq6gmRnZ
Rce1NJmoiYEVeAMp9+Uzp7XIOcaFrUjTbTXOkOGYdWWdZ7Vc62Ei3D7TLWMNK0h6
Xn/nmoM5mNwDaUoNf0l7/hiICv9U/6CP//HAgrbHgXcQ6a5YJhi/va28dnqw9YEI
tL5zTZ1UBwXl34ApLwXe6R7FGXlPxfoOZtGMiDXWMiKyqaA4mifB5fLeyefbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4KRM7zemwu9nMCMKQO7cqW5toKswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA2NzY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8em
MA0GCSqGSIb3DQEBCwUAA4IBAQAkcDV+CQZ19DZSfQMUgR09EElCnqfao7gVK4F6
wAjaxF66ClLZAu/Nh+NuXnu+sELAABfc6K3Aln+BvnnQz+sKlNS5lIIFpJSECJ4R
y02S/xUJd8sCGXb62Wtswv2fB40RJzb7zHy+N/EslU1fUDazqjDM8wOmXK28TYzv
OPKLIvunvR7YAwxDIpQT57sXx5Cs4348Z5bffKdqquZ8WiT/NSIfChqAqh34csaS
xraUIy0EBheXDUMtKmKJjVEVlRgjyoEmAaPU0jsLUKeYufDXHvCWq3xIwhDBYW3h
gfPGfhFbfxkEiHWZP/Z2mT8jdOftlqqLFx/qlzj1P4emdhbB
-----END CERTIFICATE-----