Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3xGVSc_p5dXZsjTjmDrPRPF-GQ4.roa
File:                     3xGVSc_p5dXZsjTjmDrPRPF-GQ4.roa (raw, json)
Hash identifier:          4UVd3ifNRlf9XqdwKXxRMAnZJE++WGkvCW0VWsS8y5s=
Subject key identifier:   DF:11:95:49:CF:E9:E5:D5:D9:B2:34:E3:98:3A:CF:44:F1:7E:19:0E
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       019A175B2F6601BE50183C3EA76AB58FB2ED
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3xGVSc_p5dXZsjTjmDrPRPF-GQ4.roa
Signing time:             Fri 24 Oct 2025 17:54:03 +0000
ROA not before:           Fri 24 Oct 2025 17:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214789
IP address blocks:        78.109.18.0/24 maxlen: 24
                          91.147.110.0/24 maxlen: 24
                          194.164.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 08:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:5b:2f:66:01:be:50:18:3c:3e:a7:6a:b5:8f:b2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Oct 24 17:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df119549cfe9e5d5d9b234e3983acf44f17e190e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5d:55:cf:3b:9a:a1:f4:6e:dc:1c:85:45:f0:
                    54:4c:b7:f6:fc:57:e2:3a:a2:94:1b:6e:70:c5:c9:
                    37:c5:cb:2e:6e:de:3b:01:f9:67:31:8a:8d:18:84:
                    cf:9c:00:6b:3e:7f:72:a7:4b:9b:6c:0d:11:f9:c2:
                    61:4a:05:53:4a:6b:1c:ea:15:fa:4e:4c:3a:2b:22:
                    de:e4:9d:76:b1:96:44:f3:7c:0c:f2:6b:55:b8:26:
                    56:65:d0:81:46:2c:5f:fe:0f:11:42:a3:83:ea:c8:
                    0b:4d:12:86:09:27:2c:ec:85:91:7d:af:71:99:a0:
                    b2:ec:1c:9a:15:22:f3:a0:6f:68:e3:44:ff:e2:ca:
                    bc:48:f3:3b:ec:8d:78:2b:89:8d:30:df:87:c1:b3:
                    20:2a:2b:dc:e0:db:c9:22:51:a7:c5:c6:29:a7:f7:
                    8f:46:00:fe:64:47:07:e5:31:dc:31:3e:3d:1b:0a:
                    0f:83:d9:0f:2a:e5:29:aa:57:31:1e:82:bd:78:da:
                    46:30:b1:6a:78:ba:b7:72:77:0d:d2:f2:03:9c:b5:
                    cc:16:c5:85:9f:73:a7:b2:43:49:1f:9a:62:c7:98:
                    59:a8:1c:63:00:0a:3e:68:0c:be:85:82:2b:a1:73:
                    54:77:67:33:8d:2b:f1:22:42:2a:ce:9a:72:e6:e1:
                    da:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:11:95:49:CF:E9:E5:D5:D9:B2:34:E3:98:3A:CF:44:F1:7E:19:0E
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3xGVSc_p5dXZsjTjmDrPRPF-GQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.18.0/24
                  91.147.110.0/24
                  194.164.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:00:a8:55:a0:02:3b:8b:40:1d:05:ee:fc:3b:1f:c4:29:bd:
         d7:5d:f3:69:2a:20:36:0f:0b:3b:03:d9:3e:63:a3:cb:4f:51:
         b0:ac:da:d2:c8:17:cb:e6:73:9b:ca:95:8c:f8:fe:b3:af:51:
         95:bd:9b:e2:a3:af:7c:1e:ce:23:61:a6:6c:48:8e:89:99:72:
         a0:42:a1:2b:05:dc:73:4f:ea:e8:34:b4:d9:38:c6:c0:e1:cf:
         ac:4e:46:bc:21:0a:3e:f9:a8:44:fa:22:cc:af:7c:6f:ba:6b:
         7b:36:6d:00:e6:8c:b6:cb:4f:30:93:b4:2b:54:05:94:d2:51:
         ac:f1:2a:6a:e4:53:2c:98:c9:e9:9d:7c:2b:2b:6d:9f:4e:8c:
         92:8b:88:6f:2a:56:07:ac:c5:63:81:87:aa:9b:ec:4e:12:d6:
         ec:0d:7d:07:7f:88:c0:01:30:1c:8c:8f:a2:6e:f0:59:b6:d8:
         df:cb:9c:a5:5d:64:3b:fc:7c:34:cf:01:7f:70:69:3c:5e:3a:
         46:cd:87:0c:50:e8:ec:d6:91:88:79:83:fb:c2:39:c5:4f:14:
         b8:39:9a:38:35:42:67:55:3a:80:05:7b:2b:96:b9:4b:25:d9:
         d4:77:a2:2a:d1:89:f1:8f:76:68:55:43:60:cf:f0:c5:02:b0:
         70:f3:a8:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoXWy9mAb5QGDw+p2q1j7LtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUxMDI0MTc1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjExOTU0OWNmZTllNWQ1ZDliMjM0ZTM5ODNhY2Y0NGYxN2UxOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl1VzzuaofRu3ByFRfBUTLf2/Ffi
OqKUG25wxck3xcsubt47AflnMYqNGITPnABrPn9yp0ubbA0R+cJhSgVTSmsc6hX6
Tkw6KyLe5J12sZZE83wM8mtVuCZWZdCBRixf/g8RQqOD6sgLTRKGCScs7IWRfa9x
maCy7ByaFSLzoG9o40T/4sq8SPM77I14K4mNMN+HwbMgKivc4NvJIlGnxcYpp/eP
RgD+ZEcH5THcMT49GwoPg9kPKuUpqlcxHoK9eNpGMLFqeLq3cncN0vIDnLXMFsWF
n3OnskNJH5pix5hZqBxjAAo+aAy+hYIroXNUd2czjSvxIkIqzppy5uHaSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN8RlUnP6eXV2bI045g6z0TxfhkOMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvM3hHVlNjX3A1ZFhac2pUam1EclBSUEYtR1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATm0SAwQA
W5NuAwQAwqRzMA0GCSqGSIb3DQEBCwUAA4IBAQB+AKhVoAI7i0AdBe78Ox/EKb3X
XfNpKiA2Dws7A9k+Y6PLT1GwrNrSyBfL5nObypWM+P6zr1GVvZvio698Hs4jYaZs
SI6JmXKgQqErBdxzT+roNLTZOMbA4c+sTka8IQo++ahE+iLMr3xvumt7Nm0A5oy2
y08wk7QrVAWU0lGs8Spq5FMsmMnpnXwrK22fToySi4hvKlYHrMVjgYeqm+xOEtbs
DX0Hf4jAATAcjI+ibvBZttjfy5ylXWQ7/Hw0zwF/cGk8XjpGzYcMUOjs1pGIeYP7
wjnFTxS4OZo4NUJnVTqABXsrlrlLJdnUd6Iq0Ynxj3ZoVUNgz/DFArBw86if
-----END CERTIFICATE-----