Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/p3zDIjcAWzrwrNrpwE_PsccEM3A.roa
File:                     p3zDIjcAWzrwrNrpwE_PsccEM3A.roa (raw, json)
Hash identifier:          jLiAzTfka0/Q0jf7zmlCDsBaadFbTH7kx2Q/ozkOt3Y=
Subject key identifier:   A7:7C:C3:22:37:00:5B:3A:F0:AC:DA:E9:C0:4F:CF:B1:C7:04:33:70
Certificate issuer:       /CN=3f60f6e6b404e03401ac3d7491bab633fe6a129f
Certificate serial:       019F2368F54B76D48FCBEF37EACC6B245352
Authority key identifier: 3F:60:F6:E6:B4:04:E0:34:01:AC:3D:74:91:BA:B6:33:FE:6A:12:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P2D25rQE4DQBrD10kbq2M_5qEp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/p3zDIjcAWzrwrNrpwE_PsccEM3A.roa
Signing time:             Thu 02 Jul 2026 15:18:28 +0000
ROA not before:           Thu 02 Jul 2026 15:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8717
IP address blocks:        195.128.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/P2D25rQE4DQBrD10kbq2M_5qEp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/P2D25rQE4DQBrD10kbq2M_5qEp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P2D25rQE4DQBrD10kbq2M_5qEp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f5:4b:76:d4:8f:cb:ef:37:ea:cc:6b:24:53:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f60f6e6b404e03401ac3d7491bab633fe6a129f
        Validity
            Not Before: Jul  2 15:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77cc32237005b3af0acdae9c04fcfb1c7043370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:4d:45:fa:98:36:dc:cf:74:e3:cd:4e:46:35:
                    f5:db:ec:8c:ce:53:a4:71:06:6e:50:59:0d:bf:d4:
                    fe:e0:95:34:e6:e2:42:30:ec:1b:85:c4:6b:7f:f5:
                    10:c0:27:82:f2:67:f0:bd:c4:a8:69:2a:e8:99:fc:
                    3b:d7:3c:e2:39:7f:b5:b7:83:d8:c2:07:28:49:6a:
                    b6:4d:d7:ab:62:a1:d2:a6:9a:cc:e5:3f:8b:20:ea:
                    fc:66:ef:ac:f1:3e:70:e6:0f:de:8e:2e:42:b4:61:
                    f1:1f:31:f5:50:ac:c5:4e:d9:fe:96:28:bd:61:7d:
                    94:9b:a7:a0:9c:ce:01:6c:94:c8:39:1a:95:21:42:
                    13:32:73:43:79:e7:7c:f7:05:2f:1f:07:22:54:79:
                    ce:d9:ab:74:0d:c6:aa:68:30:e7:77:f8:31:85:1d:
                    ab:d3:58:84:48:a5:2b:4b:a2:3a:e0:38:81:06:b7:
                    c5:4d:34:de:59:ab:d3:d0:22:54:57:b0:c7:63:31:
                    a1:60:85:ab:80:5e:a9:9f:f5:44:51:c3:37:70:58:
                    9e:c2:19:b2:5f:9f:fa:2a:d8:1d:45:4a:b2:ab:8a:
                    d6:1d:05:d7:96:93:b5:4b:10:ed:55:bf:75:88:f0:
                    7a:29:48:55:e6:b8:8a:7f:04:d4:d3:aa:8c:7d:0b:
                    20:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7C:C3:22:37:00:5B:3A:F0:AC:DA:E9:C0:4F:CF:B1:C7:04:33:70
            X509v3 Authority Key Identifier:
                keyid:3F:60:F6:E6:B4:04:E0:34:01:AC:3D:74:91:BA:B6:33:FE:6A:12:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P2D25rQE4DQBrD10kbq2M_5qEp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/p3zDIjcAWzrwrNrpwE_PsccEM3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1356cf-ab79-4c69-9e55-628400671d0e/1/P2D25rQE4DQBrD10kbq2M_5qEp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:9a:69:d0:dd:2d:2e:58:dc:4a:39:a5:73:4f:ac:72:14:94:
         c0:8f:73:71:5a:39:d5:85:67:47:80:10:00:da:66:3e:8e:e8:
         97:6b:00:d9:37:2d:d2:59:9c:ed:3d:ee:99:e0:01:a6:d3:a8:
         17:a2:d2:e9:fe:75:6c:39:50:d8:dd:de:ee:03:4f:d8:f7:d8:
         7c:62:dd:22:5f:ef:0c:13:fd:cf:69:fb:72:d0:77:b9:27:38:
         e8:c3:51:10:af:29:c5:77:44:5c:3b:ac:cc:aa:4c:ab:73:0c:
         c3:17:f3:5f:ad:52:1b:0c:bd:f8:29:7d:79:64:af:00:46:1d:
         8c:2c:78:0f:bc:7b:90:03:b2:f5:55:d2:10:71:7a:b7:72:ac:
         78:19:0b:43:49:4f:88:c7:77:79:34:3d:46:20:36:74:f3:42:
         ef:20:af:dc:cb:59:8c:5c:ab:03:5e:f4:a6:5e:ef:47:5e:c0:
         7d:73:33:90:94:84:8b:4c:79:53:88:04:9d:cf:ee:14:2b:57:
         6e:35:c3:55:7f:c4:21:ae:9c:b0:01:ab:30:cc:44:5c:19:7a:
         a2:fd:77:43:20:9c:66:ea:0b:33:b4:8a:79:c0:ff:13:3e:bf:
         4e:80:5c:be:ca:f4:72:e6:74:9d:cf:ed:f2:2b:03:35:bf:49:
         f1:7b:36:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPVLdtSPy+836sxrJFNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNjBmNmU2YjQwNGUwMzQwMWFjM2Q3NDkxYmFiNjMzZmU2
YTEyOWYwHhcNMjYwNzAyMTUxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdjYzMyMjM3MDA1YjNhZjBhY2RhZTljMDRmY2ZiMWM3MDQzMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6k1F+pg23M90481ORjX12+yMzlOk
cQZuUFkNv9T+4JU05uJCMOwbhcRrf/UQwCeC8mfwvcSoaSromfw71zziOX+1t4PY
wgcoSWq2TderYqHSpprM5T+LIOr8Zu+s8T5w5g/eji5CtGHxHzH1UKzFTtn+lii9
YX2Um6egnM4BbJTIORqVIUITMnNDeed89wUvHwciVHnO2at0DcaqaDDnd/gxhR2r
01iESKUrS6I64DiBBrfFTTTeWavT0CJUV7DHYzGhYIWrgF6pn/VEUcM3cFiewhmy
X5/6KtgdRUqyq4rWHQXXlpO1SxDtVb91iPB6KUhV5riKfwTU06qMfQsgEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd8wyI3AFs68Kza6cBPz7HHBDNwMB8GA1UdIwQY
MBaAFD9g9ua0BOA0Aaw9dJG6tjP+ahKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDJEMjVyUUU0RFFCckQxMGticTJNXzVxRXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xMzU2Y2YtYWI3OS00YzY5LTllNTUt
NjI4NDAwNjcxZDBlLzEvcDN6RElqY0FXenJ3ck5ycHdFX1BzY2NFTTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xMzU2Y2YtYWI3OS00YzY5LTllNTUtNjI4NDAwNjcxZDBl
LzEvUDJEMjVyUUU0RFFCckQxMGticTJNXzVxRXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4CGMA0G
CSqGSIb3DQEBCwUAA4IBAQBymmnQ3S0uWNxKOaVzT6xyFJTAj3NxWjnVhWdHgBAA
2mY+juiXawDZNy3SWZztPe6Z4AGm06gXotLp/nVsOVDY3d7uA0/Y99h8Yt0iX+8M
E/3Pafty0He5Jzjow1EQrynFd0RcO6zMqkyrcwzDF/NfrVIbDL34KX15ZK8ARh2M
LHgPvHuQA7L1VdIQcXq3cqx4GQtDSU+Ix3d5ND1GIDZ080LvIK/cy1mMXKsDXvSm
Xu9HXsB9czOQlISLTHlTiASdz+4UK1duNcNVf8QhrpywAaswzERcGXqi/XdDIJxm
6gsztIp5wP8TPr9OgFy+yvRy5nSdz+3yKwM1v0nxezZW
-----END CERTIFICATE-----
Generated at Fri Jul 3 16:51:48 2026 by rpki-client