Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/CRPAp0Tq_99HKdMfqQ8CRHMv5K4.roa
File:                     CRPAp0Tq_99HKdMfqQ8CRHMv5K4.roa (raw, json)
Hash identifier:          exjPgQMNN/0gQ9Q5SdY4wB3IAjY7eWsRbcbbFzdql7w=
Subject key identifier:   09:13:C0:A7:44:EA:FF:DF:47:29:D3:1F:A9:0F:02:44:73:2F:E4:AE
Certificate issuer:       /CN=3eb62724132824e54906e240a88036419a365b84
Certificate serial:       019C8A4917608F66EFC65F6D4EC7B4DCFE1C
Authority key identifier: 3E:B6:27:24:13:28:24:E5:49:06:E2:40:A8:80:36:41:9A:36:5B:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/CRPAp0Tq_99HKdMfqQ8CRHMv5K4.roa
Signing time:             Mon 23 Feb 2026 11:36:11 +0000
ROA not before:           Mon 23 Feb 2026 11:36:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205064
IP address blocks:        138.226.224.0/21 maxlen: 21
                          138.226.230.0/24 maxlen: 24
                          2a06:4d40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:49:17:60:8f:66:ef:c6:5f:6d:4e:c7:b4:dc:fe:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb62724132824e54906e240a88036419a365b84
        Validity
            Not Before: Feb 23 11:36:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0913c0a744eaffdf4729d31fa90f0244732fe4ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:99:74:80:36:e2:03:d2:66:25:26:37:e1:d8:
                    0f:dd:c4:c5:33:fc:43:b7:36:61:66:5d:ca:90:84:
                    d5:ca:be:94:94:70:c8:dc:47:01:67:24:96:82:b2:
                    3d:d6:f6:6a:87:be:2c:e0:a4:a9:fe:57:40:66:02:
                    7b:c8:d4:33:c9:2d:3a:29:81:3c:8b:c9:f1:66:80:
                    33:97:57:84:75:a8:49:70:15:d4:45:2a:12:55:0e:
                    3d:77:d2:d6:cd:54:18:c8:bc:96:9a:1b:a2:c7:84:
                    39:f6:39:d4:1c:39:a9:b1:cc:ac:02:e9:c7:69:82:
                    9b:7a:ab:ad:f9:d6:68:30:b9:e6:5f:b2:54:9a:82:
                    9b:24:50:40:ce:06:4c:60:22:33:88:bc:96:9d:74:
                    ad:74:bf:4a:27:55:f9:96:c9:b5:73:af:21:f9:a9:
                    18:d4:aa:98:30:11:c4:f6:b7:92:dc:fc:61:0e:52:
                    65:c6:8e:eb:56:fe:b8:bf:4c:1a:76:8e:d8:74:60:
                    cb:b5:7e:51:5b:2c:6c:63:92:ab:ba:e0:6c:71:86:
                    ab:02:2c:2c:89:28:ab:02:cc:fc:c6:49:9c:26:96:
                    95:ee:c0:a0:3d:75:2b:fc:30:a1:25:93:9f:7c:d4:
                    2b:5f:43:6e:64:60:a8:50:3f:bb:2e:84:a4:ee:46:
                    33:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:13:C0:A7:44:EA:FF:DF:47:29:D3:1F:A9:0F:02:44:73:2F:E4:AE
            X509v3 Authority Key Identifier:
                keyid:3E:B6:27:24:13:28:24:E5:49:06:E2:40:A8:80:36:41:9A:36:5B:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/CRPAp0Tq_99HKdMfqQ8CRHMv5K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3e3324-6e60-45a5-9433-e057a8bdcf96/1/PrYnJBMoJOVJBuJAqIA2QZo2W4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.224.0/21
                IPv6:
                  2a06:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:94:b1:d3:ff:11:ac:5f:9d:a7:f6:60:2a:f6:5e:27:24:a6:
         3e:90:d4:b2:76:03:45:2f:b4:09:d5:3f:9f:86:3b:6a:8e:64:
         22:fe:47:b2:76:20:df:43:43:6e:b0:9c:a1:57:fc:6e:6c:1f:
         da:d4:b7:40:2e:6f:cd:c2:e0:ca:0b:da:a4:5d:b7:c2:2e:d8:
         0a:47:d0:09:3c:31:1a:da:fc:eb:0a:ac:66:0a:6a:cd:2d:25:
         90:7c:1c:86:fe:24:cf:e4:3e:44:da:75:d5:0d:5e:a4:4b:0c:
         3b:d3:20:94:fa:ed:3b:25:bd:3c:cd:c9:c5:f2:af:db:c7:ac:
         2e:34:3c:2c:9c:60:db:cf:0b:b2:50:39:0a:96:95:7b:2c:a3:
         83:11:44:d7:66:20:65:a5:e9:24:f5:a5:ac:a9:c4:1a:47:8e:
         a7:52:93:9e:61:05:49:31:da:34:8c:4d:de:54:15:78:aa:77:
         ce:1b:6e:41:a0:1b:2b:1a:bf:94:b5:87:79:88:f7:00:22:b2:
         db:c2:3a:fc:b6:b3:c4:89:82:62:e6:02:2a:31:f4:40:58:8b:
         e9:b2:64:13:0f:44:41:0b:9a:9e:ed:aa:10:5d:a2:7b:81:6c:
         50:05:05:0d:07:60:3a:4e:4e:d5:43:f3:e3:9d:00:92:57:8b:
         3d:79:ed:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyKSRdgj2bvxl9tTse03P4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjYyNzI0MTMyODI0ZTU0OTA2ZTI0MGE4ODAzNjQxOWEz
NjViODQwHhcNMjYwMjIzMTEzNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTEzYzBhNzQ0ZWFmZmRmNDcyOWQzMWZhOTBmMDI0NDczMmZlNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJl0gDbiA9JmJSY34dgP3cTFM/xD
tzZhZl3KkITVyr6UlHDI3EcBZySWgrI91vZqh74s4KSp/ldAZgJ7yNQzyS06KYE8
i8nxZoAzl1eEdahJcBXURSoSVQ49d9LWzVQYyLyWmhuix4Q59jnUHDmpscysAunH
aYKbequt+dZoMLnmX7JUmoKbJFBAzgZMYCIziLyWnXStdL9KJ1X5lsm1c68h+akY
1KqYMBHE9reS3PxhDlJlxo7rVv64v0wado7YdGDLtX5RWyxsY5KruuBscYarAiws
iSirAsz8xkmcJpaV7sCgPXUr/DChJZOffNQrX0NuZGCoUD+7LoSk7kYzwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAkTwKdE6v/fRynTH6kPAkRzL+SuMB8GA1UdIwQY
MBaAFD62JyQTKCTlSQbiQKiANkGaNluEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJZbkpCTW9KT1ZKQnVKQXFJQTJRWm8yVzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZTMzMjQtNmU2MC00NWE1LTk0MzMt
ZTA1N2E4YmRjZjk2LzEvQ1JQQXAwVHFfOTlIS2RNZnFROENSSE12NUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZTMzMjQtNmU2MC00NWE1LTk0MzMtZTA1N2E4YmRjZjk2
LzEvUHJZbkpCTW9KT1ZKQnVKQXFJQTJRWm8yVzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDiuLgMA0E
AgACMAcDBQMqBk1AMA0GCSqGSIb3DQEBCwUAA4IBAQAylLHT/xGsX52n9mAq9l4n
JKY+kNSydgNFL7QJ1T+fhjtqjmQi/keydiDfQ0NusJyhV/xubB/a1LdALm/NwuDK
C9qkXbfCLtgKR9AJPDEa2vzrCqxmCmrNLSWQfByG/iTP5D5E2nXVDV6kSww70yCU
+u07Jb08zcnF8q/bx6wuNDwsnGDbzwuyUDkKlpV7LKODEUTXZiBlpekk9aWsqcQa
R46nUpOeYQVJMdo0jE3eVBV4qnfOG25BoBsrGr+UtYd5iPcAIrLbwjr8trPEiYJi
5gIqMfRAWIvpsmQTD0RBC5qe7aoQXaJ7gWxQBQUNB2A6Tk7VQ/PjnQCSV4s9ee2K
-----END CERTIFICATE-----