Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/PkscByip9HCjcCDlJO2uYujjYDg.roa
File:                     PkscByip9HCjcCDlJO2uYujjYDg.roa (raw, json)
Hash identifier:          edTZgmleKt6WCIy8Cw2+p9r62NxbuqSZiXd6FCg4ClY=
Subject key identifier:   3E:4B:1C:07:28:A9:F4:70:A3:70:20:E5:24:ED:AE:62:E8:E3:60:38
Certificate issuer:       /CN=d748ada8a7474f5ad990c981ff6b27ce3de14713
Certificate serial:       019A0AA2A7D7FCCC08E082299D46DD7A5FA0
Authority key identifier: D7:48:AD:A8:A7:47:4F:5A:D9:90:C9:81:FF:6B:27:CE:3D:E1:47:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10itqKdHT1rZkMmB_2snzj3hRxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/PkscByip9HCjcCDlJO2uYujjYDg.roa
Signing time:             Wed 22 Oct 2025 06:37:03 +0000
ROA not before:           Wed 22 Oct 2025 06:37:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57795
IP address blocks:        95.129.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/10itqKdHT1rZkMmB_2snzj3hRxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/10itqKdHT1rZkMmB_2snzj3hRxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10itqKdHT1rZkMmB_2snzj3hRxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0a:a2:a7:d7:fc:cc:08:e0:82:29:9d:46:dd:7a:5f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d748ada8a7474f5ad990c981ff6b27ce3de14713
        Validity
            Not Before: Oct 22 06:37:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e4b1c0728a9f470a37020e524edae62e8e36038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:19:2f:fc:65:a0:15:82:7d:96:34:e8:2e:68:
                    42:b5:a3:05:a5:b2:71:56:53:4a:57:1a:e4:c3:26:
                    09:50:98:a7:9e:99:3f:fa:78:30:e2:9f:73:35:c7:
                    29:f4:1d:5d:6c:56:64:c8:42:2a:a7:05:76:c1:a0:
                    22:b0:1c:f2:85:e8:87:40:0c:f5:53:c9:1c:57:06:
                    1e:58:4f:b2:6a:b5:de:a2:87:a3:a6:aa:f5:bf:d9:
                    34:22:5f:28:10:36:e9:92:d7:4a:2b:5d:8b:aa:6c:
                    29:c2:c5:84:2b:87:42:ac:71:c8:b4:66:b3:35:8a:
                    43:b8:9b:e9:d5:bb:26:c7:d2:be:36:8b:3c:f9:86:
                    7e:db:17:19:01:63:d3:f3:a2:8f:ee:9f:6b:9a:4c:
                    7a:c0:b7:3b:c0:ad:db:e1:35:38:de:f1:33:d6:98:
                    92:35:eb:9f:c4:ce:b3:f1:c9:79:02:8f:5a:9d:7b:
                    5d:5c:b0:5b:49:ee:47:b6:d7:22:f9:75:e8:63:8e:
                    d7:86:29:84:a6:e7:7b:3a:81:c6:e3:f6:1f:f6:5d:
                    03:e3:32:38:f1:e8:7b:01:63:35:a3:e8:e5:54:df:
                    40:2f:2a:42:2d:89:23:d4:74:8a:45:7a:2b:b6:e1:
                    2f:2d:b4:cd:df:1b:85:c6:d1:60:19:dd:5c:77:6f:
                    ec:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4B:1C:07:28:A9:F4:70:A3:70:20:E5:24:ED:AE:62:E8:E3:60:38
            X509v3 Authority Key Identifier:
                keyid:D7:48:AD:A8:A7:47:4F:5A:D9:90:C9:81:FF:6B:27:CE:3D:E1:47:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10itqKdHT1rZkMmB_2snzj3hRxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/PkscByip9HCjcCDlJO2uYujjYDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/8fc261-bff8-4490-8b69-009739f7e55c/1/10itqKdHT1rZkMmB_2snzj3hRxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.129.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:a6:f8:bc:ef:6b:6e:70:2a:bb:a9:b9:fc:73:cc:1d:6a:a6:
         34:e9:74:86:43:b9:33:30:c3:7e:52:24:51:8c:88:5a:0b:55:
         fa:0b:39:9b:ed:b9:e3:8b:21:73:da:3b:b2:16:b2:af:30:2d:
         d3:23:7c:72:a8:93:7b:d2:07:87:7a:9e:d9:58:97:2d:0a:b5:
         40:ac:3d:3f:d2:8a:1f:d3:98:03:66:db:d6:c1:2f:e5:6e:da:
         8a:ea:c4:02:40:2d:8c:9c:4f:ef:c7:c2:06:62:e5:04:3d:e6:
         2c:72:eb:cb:9f:3b:87:6e:50:e1:e7:5c:83:30:54:ce:9a:32:
         5f:a8:1d:02:d1:a5:d5:44:57:b6:09:18:7b:bd:19:bb:30:ee:
         20:86:42:af:0a:64:48:ac:59:2d:96:c9:0f:cb:8d:ec:4a:44:
         06:c4:8f:d7:8f:af:95:8d:71:34:07:4a:a7:48:a1:d5:22:30:
         a3:e9:c6:60:b8:ba:bd:ca:33:79:49:03:bb:9b:bf:6c:87:3d:
         3b:6b:6e:83:5b:ed:30:47:ba:38:b5:1d:90:f2:f6:eb:3d:ee:
         31:52:69:14:cb:9c:8e:16:3e:d7:ba:03:0d:11:fe:3f:08:65:
         b3:8e:f0:a7:50:75:d4:3d:77:27:75:0c:cc:67:7d:8d:28:fd:
         9d:08:13:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoKoqfX/MwI4IIpnUbdel+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDhhZGE4YTc0NzRmNWFkOTkwYzk4MWZmNmIyN2NlM2Rl
MTQ3MTMwHhcNMjUxMDIyMDYzNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRiMWMwNzI4YTlmNDcwYTM3MDIwZTUyNGVkYWU2MmU4ZTM2MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBkv/GWgFYJ9ljToLmhCtaMFpbJx
VlNKVxrkwyYJUJinnpk/+ngw4p9zNccp9B1dbFZkyEIqpwV2waAisBzyheiHQAz1
U8kcVwYeWE+yarXeooejpqr1v9k0Il8oEDbpktdKK12LqmwpwsWEK4dCrHHItGaz
NYpDuJvp1bsmx9K+Nos8+YZ+2xcZAWPT86KP7p9rmkx6wLc7wK3b4TU43vEz1piS
NeufxM6z8cl5Ao9anXtdXLBbSe5Httci+XXoY47XhimEpud7OoHG4/Yf9l0D4zI4
8eh7AWM1o+jlVN9ALypCLYkj1HSKRXortuEvLbTN3xuFxtFgGd1cd2/s8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5LHAcoqfRwo3Ag5STtrmLo42A4MB8GA1UdIwQY
MBaAFNdIrainR09a2ZDJgf9rJ8494UcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBpdHFLZEhUMXJaa01tQl8yc256ajNoUnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi84ZmMyNjEtYmZmOC00NDkwLThiNjkt
MDA5NzM5ZjdlNTVjLzEvUGtzY0J5aXA5SENqY0NEbEpPMnVZdWpqWURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi84ZmMyNjEtYmZmOC00NDkwLThiNjktMDA5NzM5ZjdlNTVj
LzEvMTBpdHFLZEhUMXJaa01tQl8yc256ajNoUnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4EaMA0G
CSqGSIb3DQEBCwUAA4IBAQB+pvi872tucCq7qbn8c8wdaqY06XSGQ7kzMMN+UiRR
jIhaC1X6Czmb7bnjiyFz2juyFrKvMC3TI3xyqJN70geHep7ZWJctCrVArD0/0oof
05gDZtvWwS/lbtqK6sQCQC2MnE/vx8IGYuUEPeYscuvLnzuHblDh51yDMFTOmjJf
qB0C0aXVRFe2CRh7vRm7MO4ghkKvCmRIrFktlskPy43sSkQGxI/Xj6+VjXE0B0qn
SKHVIjCj6cZguLq9yjN5SQO7m79shz07a26DW+0wR7o4tR2Q8vbrPe4xUmkUy5yO
Fj7XugMNEf4/CGWzjvCnUHXUPXcndQzMZ32NKP2dCBOo
-----END CERTIFICATE-----