Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/P3yi9QfChHYucf2wBNR1QJlPkiU.roa
File:                     P3yi9QfChHYucf2wBNR1QJlPkiU.roa (raw, json)
Hash identifier:          WmkspAgsg/q6Hm/PNd/UyOCvDIQ4LGt1XI7oBnr8W+k=
Subject key identifier:   3F:7C:A2:F5:07:C2:84:76:2E:71:FD:B0:04:D4:75:40:99:4F:92:25
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E2806D5A00E248D6B08C73E938322790D
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/P3yi9QfChHYucf2wBNR1QJlPkiU.roa
Signing time:             Thu 14 May 2026 19:46:36 +0000
ROA not before:           Thu 14 May 2026 19:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        91.210.144.0/24 maxlen: 24
                          194.61.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:28:06:d5:a0:0e:24:8d:6b:08:c7:3e:93:83:22:79:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 14 19:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f7ca2f507c284762e71fdb004d47540994f9225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a7:e4:f1:a8:ac:80:b9:2a:ba:bc:c6:37:cc:
                    23:95:94:f5:9c:52:ff:27:c1:aa:af:01:a8:52:7c:
                    cf:31:92:75:2a:a3:58:cd:a7:c4:8d:16:eb:23:49:
                    73:b2:5c:a6:99:a8:4d:f8:30:17:30:8d:79:03:15:
                    ce:02:02:c0:d5:39:24:1f:bf:35:6c:3d:1b:68:9d:
                    dd:4e:f6:ab:de:3e:b6:ab:86:a7:b0:07:25:e5:42:
                    0a:da:75:21:7d:98:a7:a6:e8:1e:88:e6:87:41:5d:
                    ab:02:57:c2:bc:a4:ef:2b:31:2e:cc:96:6a:93:41:
                    38:5c:97:fd:53:9a:aa:3b:b3:39:f9:08:5f:e3:f0:
                    7c:74:d5:62:06:7d:65:fe:bb:0a:6f:ed:ec:37:d5:
                    25:d3:b6:86:24:30:e4:c7:7c:ff:88:41:9a:c2:f1:
                    83:c1:7f:52:7f:fc:a4:cc:d6:87:11:38:e3:64:4a:
                    52:b1:ad:f1:52:6a:fc:39:ae:35:08:41:55:54:46:
                    20:63:7c:01:d0:97:39:36:11:70:37:2e:4c:6f:73:
                    bc:de:16:65:d3:33:3c:0b:b8:df:76:19:54:f0:74:
                    d6:ab:97:54:f5:1d:36:37:b7:4e:52:ea:d5:a3:3c:
                    35:7e:2e:98:b7:aa:35:9c:1a:24:a3:6b:a4:61:09:
                    a9:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:7C:A2:F5:07:C2:84:76:2E:71:FD:B0:04:D4:75:40:99:4F:92:25
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/P3yi9QfChHYucf2wBNR1QJlPkiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.144.0/24
                  194.61.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c5:8e:42:1a:2b:77:b0:8c:35:f3:57:6b:19:54:6a:4b:e0:
         b8:b7:4a:71:07:97:86:4f:f8:85:72:46:4c:2e:2a:a2:32:42:
         12:19:7f:ce:13:35:78:bb:66:aa:e5:ad:99:df:d9:5a:5a:16:
         9e:d8:c0:4b:de:61:68:bb:93:09:71:28:42:b0:ab:3e:5e:db:
         89:9b:34:52:06:54:f9:55:60:4d:e3:5d:bc:5d:46:3a:a7:d5:
         47:96:05:2b:69:42:b1:90:41:06:45:84:a3:9a:81:81:f2:19:
         a0:b0:a1:86:2c:80:b3:18:b9:a5:46:16:c8:de:18:e9:73:ef:
         a0:30:ce:b6:9f:87:00:c6:05:66:02:83:1e:f4:76:09:6d:71:
         f2:8b:ce:c3:7d:d4:ea:c8:e6:6a:27:25:83:d3:7f:03:3e:86:
         cb:57:ce:e7:6a:6e:26:ed:45:3d:8e:db:ff:1f:29:4e:5b:0a:
         77:de:0f:f0:b5:68:c9:cd:a5:ac:ce:c5:4f:2a:ea:f2:7b:43:
         1b:ad:12:02:0b:b8:af:f0:d8:b5:51:ae:9c:67:53:aa:23:32:
         91:05:24:91:d6:3e:73:0e:1a:90:b5:a9:51:b3:77:33:29:a3:
         f6:17:73:76:d9:6b:a6:61:c8:9e:87:51:83:4b:34:dd:09:16:
         3c:24:d6:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4oBtWgDiSNawjHPpODInkNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTE0MTk0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjdjYTJmNTA3YzI4NDc2MmU3MWZkYjAwNGQ0NzU0MDk5NGY5MjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06fk8aisgLkqurzGN8wjlZT1nFL/
J8GqrwGoUnzPMZJ1KqNYzafEjRbrI0lzslymmahN+DAXMI15AxXOAgLA1TkkH781
bD0baJ3dTvar3j62q4ansAcl5UIK2nUhfZinpugeiOaHQV2rAlfCvKTvKzEuzJZq
k0E4XJf9U5qqO7M5+Qhf4/B8dNViBn1l/rsKb+3sN9Ul07aGJDDkx3z/iEGawvGD
wX9Sf/ykzNaHETjjZEpSsa3xUmr8Oa41CEFVVEYgY3wB0Jc5NhFwNy5Mb3O83hZl
0zM8C7jfdhlU8HTWq5dU9R02N7dOUurVozw1fi6Yt6o1nBoko2ukYQmpyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD98ovUHwoR2LnH9sATUdUCZT5IlMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUDN5aTlRZkNoSFl1Y2Yyd0JOUjFRSmxQa2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9KQAwQA
wj1KMA0GCSqGSIb3DQEBCwUAA4IBAQAnxY5CGit3sIw181drGVRqS+C4t0pxB5eG
T/iFckZMLiqiMkISGX/OEzV4u2aq5a2Z39laWhae2MBL3mFou5MJcShCsKs+XtuJ
mzRSBlT5VWBN4128XUY6p9VHlgUraUKxkEEGRYSjmoGB8hmgsKGGLICzGLmlRhbI
3hjpc++gMM62n4cAxgVmAoMe9HYJbXHyi87DfdTqyOZqJyWD038DPobLV87nam4m
7UU9jtv/HylOWwp33g/wtWjJzaWszsVPKurye0MbrRICC7iv8Ni1Ua6cZ1OqIzKR
BSSR1j5zDhqQtalRs3czKaP2F3N22WumYcieh1GDSzTdCRY8JNar
-----END CERTIFICATE-----