Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PuSTyxj2nAEByJk9eSANQZbBZ_M.roa
File:                     PuSTyxj2nAEByJk9eSANQZbBZ_M.roa (raw, json)
Hash identifier:          PYkDEgrKTEXuJWjFC4Am3QGyvENJv6nJ0aLky+tW2ac=
Subject key identifier:   3E:E4:93:CB:18:F6:9C:01:01:C8:99:3D:79:20:0D:41:96:C1:67:F3
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E831E150DD5FB77D4E001E21128596856
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PuSTyxj2nAEByJk9eSANQZbBZ_M.roa
Signing time:             Mon 01 Jun 2026 12:17:27 +0000
ROA not before:           Mon 01 Jun 2026 12:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60781
IP address blocks:        193.178.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:1e:15:0d:d5:fb:77:d4:e0:01:e2:11:28:59:68:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun  1 12:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ee493cb18f69c0101c8993d79200d4196c167f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:b3:cc:e6:ef:a7:44:7c:d7:0f:a5:4f:a7:
                    a8:5a:19:4c:69:f2:6c:40:fc:c6:7c:f9:07:e5:31:
                    71:31:f1:70:c2:27:ed:8b:03:ee:96:f2:0b:0f:7d:
                    e6:51:c7:ca:59:6a:9a:15:cf:fc:7e:93:10:86:2a:
                    d7:e9:bf:d3:54:be:7e:68:3e:d2:4d:1d:8b:cd:d6:
                    d7:21:ed:e4:19:fd:01:ef:27:3e:bc:b7:5e:d3:c1:
                    69:17:97:91:2a:68:dc:ad:c4:e9:83:0c:a4:97:94:
                    65:e3:f0:61:4b:1a:09:9a:16:f8:eb:4d:80:68:d6:
                    ce:50:2d:a7:39:0f:cf:ff:b4:6c:90:83:d7:ac:50:
                    ca:ce:2c:89:a3:cd:ee:27:9f:81:2a:5a:d7:43:e4:
                    ab:e0:fa:7d:f3:0e:61:b3:e5:dc:ab:92:df:3f:17:
                    f4:e5:47:62:c3:7c:9f:75:5c:59:01:e0:54:2b:f7:
                    39:9f:19:af:2e:24:32:76:48:a7:01:49:58:dd:ab:
                    af:97:dc:c2:9d:f0:7c:6b:f6:b0:6f:81:89:ef:f2:
                    2e:62:bb:e1:f1:f5:a7:54:b9:32:eb:71:96:7e:32:
                    b2:64:50:43:9a:69:7b:ba:5d:b0:52:04:87:31:97:
                    db:3e:94:b1:96:ec:6c:c0:7b:ac:a8:af:3c:00:4e:
                    a5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E4:93:CB:18:F6:9C:01:01:C8:99:3D:79:20:0D:41:96:C1:67:F3
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PuSTyxj2nAEByJk9eSANQZbBZ_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:75:2a:7c:16:fa:4b:8a:36:b2:0f:84:c0:ec:0e:26:96:ba:
         d7:7f:d6:51:a4:8f:1f:36:da:c2:10:e1:15:db:ea:9e:77:62:
         0b:91:14:fb:6d:04:d5:8a:88:10:12:41:94:f1:66:3f:34:5d:
         a7:f3:03:95:6e:01:40:f2:29:5c:8f:5c:c5:e2:91:ac:5a:01:
         50:16:9d:a9:9a:8d:fa:74:ff:ce:7f:8d:03:cd:87:02:9a:b0:
         e5:bf:a5:26:a4:1f:ca:c7:b8:22:2f:fe:6c:f5:10:06:78:c5:
         dd:54:88:34:67:19:32:7b:01:e2:4b:22:97:d7:2a:fd:7a:ec:
         95:ea:4d:09:d9:af:fd:94:b8:db:77:6c:2f:f0:8e:8f:21:dc:
         18:30:f6:cf:3e:2c:b3:26:38:7b:6f:b7:2e:92:34:c2:4d:7d:
         58:ed:70:9d:fc:7e:40:01:30:39:57:16:8d:79:94:02:32:70:
         3b:fa:e5:c8:b4:fd:4d:88:52:1a:59:5a:8f:04:c7:c0:d3:c5:
         a0:af:05:d7:32:dc:7c:94:50:f9:47:fa:2f:d5:7e:26:8b:21:
         1e:e5:fd:53:f5:27:10:3a:c5:01:e7:d7:a2:58:d9:fc:74:20:
         9a:4c:f6:3c:91:38:87:a6:7a:41:1b:78:6f:2b:1a:b4:3f:b8:
         32:07:db:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DHhUN1ft31OAB4hEoWWhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjAxMTIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU0OTNjYjE4ZjY5YzAxMDFjODk5M2Q3OTIwMGQ0MTk2YzE2N2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2uzzObvp0R81w+lT6eoWhlMafJs
QPzGfPkH5TFxMfFwwiftiwPulvILD33mUcfKWWqaFc/8fpMQhirX6b/TVL5+aD7S
TR2LzdbXIe3kGf0B7yc+vLde08FpF5eRKmjcrcTpgwykl5Rl4/BhSxoJmhb4602A
aNbOUC2nOQ/P/7RskIPXrFDKziyJo83uJ5+BKlrXQ+Sr4Pp98w5hs+Xcq5LfPxf0
5Udiw3yfdVxZAeBUK/c5nxmvLiQydkinAUlY3auvl9zCnfB8a/awb4GJ7/IuYrvh
8fWnVLky63GWfjKyZFBDmml7ul2wUgSHMZfbPpSxluxswHusqK88AE6l7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7kk8sY9pwBAciZPXkgDUGWwWfzMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUHVTVHl4ajJuQUVCeUprOWVTQU5RWmJCWl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbLjMA0G
CSqGSIb3DQEBCwUAA4IBAQALdSp8FvpLijayD4TA7A4mlrrXf9ZRpI8fNtrCEOEV
2+qed2ILkRT7bQTViogQEkGU8WY/NF2n8wOVbgFA8ilcj1zF4pGsWgFQFp2pmo36
dP/Of40DzYcCmrDlv6UmpB/Kx7giL/5s9RAGeMXdVIg0ZxkyewHiSyKX1yr9euyV
6k0J2a/9lLjbd2wv8I6PIdwYMPbPPiyzJjh7b7cukjTCTX1Y7XCd/H5AATA5VxaN
eZQCMnA7+uXItP1NiFIaWVqPBMfA08WgrwXXMtx8lFD5R/ov1X4miyEe5f1T9ScQ
OsUB59eiWNn8dCCaTPY8kTiHpnpBG3hvKxq0P7gyB9uy
-----END CERTIFICATE-----