Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/pj8mJKqUF_T2Ou11ZZQsgbjDNYQ.roa
File:                     pj8mJKqUF_T2Ou11ZZQsgbjDNYQ.roa (raw, json)
Hash identifier:          fs3ur5x7vbxGo0xyTuilMeKyac+Lx5FJiRM1jXFcziw=
Subject key identifier:   A6:3F:26:24:AA:94:17:F4:F6:3A:ED:75:65:94:2C:81:B8:C3:35:84
Certificate issuer:       /CN=3a4945e46764029d2581d820c3373fa445855539
Certificate serial:       019CBDB86F4979D336F2639FBC0435113717
Authority key identifier: 3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/pj8mJKqUF_T2Ou11ZZQsgbjDNYQ.roa
Signing time:             Thu 05 Mar 2026 11:18:26 +0000
ROA not before:           Thu 05 Mar 2026 11:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204957
IP address blocks:        193.193.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 11:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:b8:6f:49:79:d3:36:f2:63:9f:bc:04:35:11:37:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a4945e46764029d2581d820c3373fa445855539
        Validity
            Not Before: Mar  5 11:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a63f2624aa9417f4f63aed7565942c81b8c33584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:94:98:ad:52:b0:1b:b8:6a:87:db:b2:8f:e5:
                    d2:d7:0a:ba:35:57:59:ab:aa:73:1c:5e:2d:bf:03:
                    8b:66:44:98:ca:b1:e4:b2:d7:be:51:4b:53:7a:a3:
                    b1:1b:29:35:66:57:a8:8d:d7:58:5c:77:dd:d4:29:
                    e9:b8:e7:09:61:f1:6a:b8:17:9a:d1:aa:80:78:8d:
                    0b:05:8f:5e:7e:fd:30:e1:83:c7:eb:99:f9:98:6d:
                    e0:1a:ec:2b:e7:52:cc:82:3a:bf:08:82:17:b8:93:
                    9a:b0:7e:d1:ee:52:d0:c6:96:79:3a:8b:bd:19:97:
                    82:15:a4:f6:f4:51:c0:00:f7:c2:4b:d1:5d:fa:c1:
                    45:2d:e1:e9:9b:02:03:5d:7d:70:13:5b:0e:ff:13:
                    9e:fb:0e:27:2a:96:60:7e:1b:be:f5:78:37:77:d7:
                    28:b6:ca:c9:53:04:7e:cb:9f:2b:e5:84:69:b2:6a:
                    5e:67:1a:6e:c8:60:9e:b4:f7:1f:43:a2:e2:a2:cc:
                    c4:0b:03:61:61:ee:75:c2:03:24:7c:a0:e1:8a:ac:
                    f3:8b:50:88:d8:b6:b3:dd:05:f7:ee:98:dd:2d:08:
                    0d:5b:f0:24:41:80:a6:38:52:57:cf:dd:1a:8d:b7:
                    e4:77:8f:17:b8:06:3e:de:55:b8:e2:b2:7e:b0:dc:
                    4a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:3F:26:24:AA:94:17:F4:F6:3A:ED:75:65:94:2C:81:B8:C3:35:84
            X509v3 Authority Key Identifier:
                keyid:3A:49:45:E4:67:64:02:9D:25:81:D8:20:C3:37:3F:A4:45:85:55:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OklF5GdkAp0lgdggwzc_pEWFVTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/pj8mJKqUF_T2Ou11ZZQsgbjDNYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/4ef680-7c55-4a5b-8568-336ac9456464/1/OklF5GdkAp0lgdggwzc_pEWFVTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.193.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ce:a6:84:f8:1a:91:79:ff:4e:e8:9b:a8:a7:23:2f:f4:7c:
         2d:aa:cc:9a:b6:91:01:6c:29:f4:3b:c4:ba:c5:c5:30:46:f6:
         50:d9:49:6d:d3:9a:8e:86:27:84:f9:4b:e9:81:b0:9a:43:bd:
         39:8e:0a:76:f3:ad:52:b8:32:ad:cb:ab:4a:b2:22:85:b2:a7:
         1e:83:cd:63:38:57:4d:24:74:96:e7:81:ba:35:db:84:3f:43:
         25:9a:9c:b1:7d:9e:7c:96:b1:da:8c:26:64:b9:a2:fe:9a:71:
         f8:87:1f:62:70:67:a7:8b:29:09:ee:65:f8:f0:cc:2b:e7:f4:
         bf:82:ac:e2:5c:b1:4e:76:10:e2:33:20:d0:7d:33:b3:c8:dc:
         68:da:0a:36:d8:1c:29:df:c6:55:c9:e2:69:31:22:95:b4:77:
         3c:99:81:c5:96:e3:21:12:c2:83:68:da:ea:ac:65:fe:c9:ce:
         06:84:47:b2:78:d2:b4:8e:bd:6b:eb:fe:55:ee:f4:31:50:b2:
         11:28:18:03:58:1d:50:13:df:90:56:07:16:79:ea:15:53:4c:
         28:ab:56:45:51:68:25:44:67:fe:bf:5a:41:48:e4:66:d5:31:
         a0:8d:23:82:29:77:d5:b9:4d:7d:4b:07:68:07:e4:c9:8d:58:
         fd:5a:9d:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy9uG9JedM28mOfvAQ1ETcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDk0NWU0Njc2NDAyOWQyNTgxZDgyMGMzMzczZmE0NDU4
NTU1MzkwHhcNMjYwMzA1MTExODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjNmMjYyNGFhOTQxN2Y0ZjYzYWVkNzU2NTk0MmM4MWI4YzMzNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pSYrVKwG7hqh9uyj+XS1wq6NVdZ
q6pzHF4tvwOLZkSYyrHkste+UUtTeqOxGyk1ZleojddYXHfd1CnpuOcJYfFquBea
0aqAeI0LBY9efv0w4YPH65n5mG3gGuwr51LMgjq/CIIXuJOasH7R7lLQxpZ5Oou9
GZeCFaT29FHAAPfCS9Fd+sFFLeHpmwIDXX1wE1sO/xOe+w4nKpZgfhu+9Xg3d9co
tsrJUwR+y58r5YRpsmpeZxpuyGCetPcfQ6LioszECwNhYe51wgMkfKDhiqzzi1CI
2Laz3QX37pjdLQgNW/AkQYCmOFJXz90ajbfkd48XuAY+3lW44rJ+sNxKtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKY/JiSqlBf09jrtdWWULIG4wzWEMB8GA1UdIwQY
MBaAFDpJReRnZAKdJYHYIMM3P6RFhVU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1Njgt
MzM2YWM5NDU2NDY0LzEvcGo4bUpLcVVGX1QyT3UxMVpaUXNnYmpETllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ZWY2ODAtN2M1NS00YTViLTg1NjgtMzM2YWM5NDU2NDY0
LzEvT2tsRjVHZGtBcDBsZ2RnZ3d6Y19wRVdGVlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcHLMA0G
CSqGSIb3DQEBCwUAA4IBAQCqzqaE+BqRef9O6JuopyMv9HwtqsyatpEBbCn0O8S6
xcUwRvZQ2Ult05qOhieE+UvpgbCaQ705jgp2861SuDKty6tKsiKFsqceg81jOFdN
JHSW54G6NduEP0MlmpyxfZ58lrHajCZkuaL+mnH4hx9icGeniykJ7mX48Mwr5/S/
gqziXLFOdhDiMyDQfTOzyNxo2go22Bwp38ZVyeJpMSKVtHc8mYHFluMhEsKDaNrq
rGX+yc4GhEeyeNK0jr1r6/5V7vQxULIRKBgDWB1QE9+QVgcWeeoVU0woq1ZFUWgl
RGf+v1pBSORm1TGgjSOCKXfVuU19SwdoB+TJjVj9Wp0z
-----END CERTIFICATE-----