Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PgCBEueZqYlGLBI1SOcz6c1nfxg.roa
File:                     PgCBEueZqYlGLBI1SOcz6c1nfxg.roa (raw, json)
Hash identifier:          N0vIsKC010cfomSzAw9kRzn/BZxNBjYjcc6PUEgL/y4=
Subject key identifier:   3E:00:81:12:E7:99:A9:89:46:2C:12:35:48:E7:33:E9:CD:67:7F:18
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019D2AA99810F1848C5DD55B1E53A1A60B4D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PgCBEueZqYlGLBI1SOcz6c1nfxg.roa
Signing time:             Thu 26 Mar 2026 15:00:50 +0000
ROA not before:           Thu 26 Mar 2026 15:00:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        45.131.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:a9:98:10:f1:84:8c:5d:d5:5b:1e:53:a1:a6:0b:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 26 15:00:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e008112e799a989462c123548e733e9cd677f18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d2:a2:d4:9c:67:04:50:ff:9f:e9:e4:1d:2f:
                    39:7f:cc:73:a0:03:d5:c6:80:4b:b3:81:74:63:61:
                    da:53:2e:75:57:be:38:09:3f:2b:60:95:c2:48:2a:
                    b0:37:d6:40:c3:34:e6:e3:78:d2:bf:b8:cc:34:a8:
                    47:9c:73:73:22:a0:f4:ca:0e:9d:d6:a2:23:9d:a8:
                    74:88:03:d1:1b:e4:43:03:d3:fb:a9:ff:8f:ad:66:
                    a0:0c:d1:5f:55:14:b3:2c:ed:0c:f0:1d:58:38:fb:
                    a2:1a:7b:cf:fd:69:8f:66:76:eb:32:84:0a:20:88:
                    d8:fb:0f:e0:4a:c7:c0:21:b7:82:5f:12:2f:b7:68:
                    97:01:e0:d1:13:52:87:c7:74:43:2c:a8:ed:16:04:
                    15:2b:8f:15:0f:d0:f1:27:40:f2:51:cc:2f:79:24:
                    11:cd:b8:45:f5:ad:a7:42:30:40:cb:fb:94:8b:16:
                    be:5c:f7:35:91:10:b8:15:16:6e:2c:78:1a:0d:39:
                    5d:08:48:21:42:6f:26:6b:e2:df:db:1a:57:f6:f0:
                    eb:ed:df:36:d4:a4:af:d4:44:10:c9:34:91:fb:53:
                    11:32:b6:cc:73:5a:56:76:3d:c9:db:de:8a:1b:f6:
                    92:fc:a0:bc:54:65:fc:8d:cd:03:24:44:77:4b:4e:
                    d0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:00:81:12:E7:99:A9:89:46:2C:12:35:48:E7:33:E9:CD:67:7F:18
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PgCBEueZqYlGLBI1SOcz6c1nfxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:16:d8:d2:56:74:e1:1c:09:4d:00:21:db:de:07:33:01:06:
         05:b4:c2:8e:cd:d6:af:ee:24:44:cd:4e:31:ce:19:e1:c0:9d:
         13:30:20:c7:a4:b6:bb:0b:80:88:75:c4:a4:e2:ac:2b:33:10:
         a5:bd:4b:f5:2e:a1:84:b9:ee:b8:a8:68:6e:b4:1a:90:d8:82:
         58:9a:cd:8b:2a:40:c1:a6:10:3b:37:25:c2:b2:63:31:79:ed:
         b0:4e:34:23:06:aa:9a:d3:23:d1:4c:1c:64:18:ad:56:5f:36:
         e9:cb:9a:5e:88:2b:0e:dd:7e:b6:9e:ae:f3:ed:6b:9c:8b:d8:
         9d:9a:3b:3f:2b:a6:53:93:68:e6:56:fc:b9:ef:11:20:2d:cb:
         17:52:b8:e1:62:47:c9:1d:ea:f7:6d:8d:d9:0f:6a:12:65:fc:
         cc:5d:d4:9d:90:ae:fb:6a:08:b7:38:6b:7f:45:05:d6:05:2b:
         e1:4c:54:1d:b2:75:82:e6:da:fa:0a:00:c7:ba:8f:01:28:74:
         94:af:6d:97:3e:7a:a4:12:84:95:06:ad:53:39:a5:68:7e:2c:
         aa:1d:a6:b4:33:f9:19:60:90:fa:cf:97:db:44:56:ef:36:b5:
         05:bf:da:ce:50:04:d9:b4:65:04:d2:53:74:81:ac:57:16:f9:
         9e:46:52:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qqZgQ8YSMXdVbHlOhpgtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMzI2MTUwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTAwODExMmU3OTlhOTg5NDYyYzEyMzU0OGU3MzNlOWNkNjc3ZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNKi1JxnBFD/n+nkHS85f8xzoAPV
xoBLs4F0Y2HaUy51V744CT8rYJXCSCqwN9ZAwzTm43jSv7jMNKhHnHNzIqD0yg6d
1qIjnah0iAPRG+RDA9P7qf+PrWagDNFfVRSzLO0M8B1YOPuiGnvP/WmPZnbrMoQK
IIjY+w/gSsfAIbeCXxIvt2iXAeDRE1KHx3RDLKjtFgQVK48VD9DxJ0DyUcwveSQR
zbhF9a2nQjBAy/uUixa+XPc1kRC4FRZuLHgaDTldCEghQm8ma+Lf2xpX9vDr7d82
1KSv1EQQyTSR+1MRMrbMc1pWdj3J296KG/aS/KC8VGX8jc0DJER3S07QlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4AgRLnmamJRiwSNUjnM+nNZ38YMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUGdDQkV1ZVpxWWxHTEJJMVNPY3o2YzFuZnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYO4MA0G
CSqGSIb3DQEBCwUAA4IBAQCiFtjSVnThHAlNACHb3gczAQYFtMKOzdav7iREzU4x
zhnhwJ0TMCDHpLa7C4CIdcSk4qwrMxClvUv1LqGEue64qGhutBqQ2IJYms2LKkDB
phA7NyXCsmMxee2wTjQjBqqa0yPRTBxkGK1WXzbpy5peiCsO3X62nq7z7Wuci9id
mjs/K6ZTk2jmVvy57xEgLcsXUrjhYkfJHer3bY3ZD2oSZfzMXdSdkK77agi3OGt/
RQXWBSvhTFQdsnWC5tr6CgDHuo8BKHSUr22XPnqkEoSVBq1TOaVofiyqHaa0M/kZ
YJD6z5fbRFbvNrUFv9rOUATZtGUE0lN0gaxXFvmeRlK0
-----END CERTIFICATE-----