Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P3NM9F7zW9PDvGfr3vhVIZ_BZcI.roa
File:                     P3NM9F7zW9PDvGfr3vhVIZ_BZcI.roa (raw, json)
Hash identifier:          wfcc44x6cQbOK7dLXERuK7syWTAjHm7zIjxXrF1DuMM=
Subject key identifier:   3F:73:4C:F4:5E:F3:5B:D3:C3:BC:67:EB:DE:F8:55:21:9F:C1:65:C2
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019DCF92F34028F5674EBF3E8943BA77C317
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P3NM9F7zW9PDvGfr3vhVIZ_BZcI.roa
Signing time:             Mon 27 Apr 2026 15:33:27 +0000
ROA not before:           Mon 27 Apr 2026 15:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34224
IP address blocks:        77.111.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 10:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:92:f3:40:28:f5:67:4e:bf:3e:89:43:ba:77:c3:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Apr 27 15:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f734cf45ef35bd3c3bc67ebdef855219fc165c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b7:ac:0a:a9:3f:f3:29:3e:fc:b4:09:b6:e2:
                    57:fc:9e:75:5a:77:cd:e1:d0:d0:9c:f5:50:13:b2:
                    e8:90:32:ed:9e:3c:81:f6:67:8e:aa:b3:ee:eb:1b:
                    62:2e:c6:69:ef:a5:86:fd:e9:a0:66:21:a4:fb:ed:
                    d9:fb:7d:98:0b:dc:0c:74:59:b3:d1:e0:85:1b:10:
                    65:df:6a:c0:27:65:f2:86:38:e4:8b:19:6d:2e:b4:
                    d7:43:04:f9:7f:be:ad:11:01:34:32:70:91:b4:e5:
                    8e:fd:ec:1b:d3:ad:ed:63:7c:31:d3:ea:c6:75:cc:
                    2f:dc:91:73:35:f9:c3:60:b4:7a:0b:0d:69:a1:7e:
                    5a:ea:3a:8e:6f:67:ea:bc:c2:e9:46:6b:ac:65:11:
                    6b:4f:63:1c:f0:fc:3d:64:8c:54:f7:76:9f:c9:04:
                    16:11:35:aa:82:84:f2:35:8c:c7:9d:66:3c:60:32:
                    79:1c:31:16:2e:6e:91:57:41:2a:5b:01:4c:53:83:
                    68:0d:30:b7:f0:55:2d:13:62:be:c4:05:8b:03:d6:
                    e4:01:4c:8f:c8:c7:1a:7d:cc:96:c5:60:f6:f0:0b:
                    c4:44:14:69:5d:48:8c:a5:cc:dc:0e:2b:4b:7c:c9:
                    17:9e:6a:a6:b9:cb:b6:59:7d:f9:3c:f0:6d:ba:eb:
                    cd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:73:4C:F4:5E:F3:5B:D3:C3:BC:67:EB:DE:F8:55:21:9F:C1:65:C2
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/P3NM9F7zW9PDvGfr3vhVIZ_BZcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:70:16:e5:06:6b:59:2b:b5:a0:4e:13:d6:bb:47:6b:c2:83:
         aa:62:39:d3:c3:18:39:ca:76:40:f6:bf:d0:ac:50:28:2b:d8:
         0a:e6:85:fb:72:88:37:e7:01:c2:ec:31:e9:bd:14:fe:f2:38:
         14:92:47:ce:b2:70:79:42:44:36:1c:58:02:94:c2:5b:4a:32:
         72:a6:cf:90:65:35:b2:b1:06:e7:3e:28:6e:d8:05:df:f0:7a:
         1d:ad:99:56:4e:04:57:6c:cc:45:aa:bd:2b:b1:fe:87:99:25:
         8e:a9:3c:54:cd:3b:c1:00:4b:89:4f:85:0a:c2:80:08:f5:62:
         fc:ae:94:01:aa:81:6c:cd:b9:b8:a9:9a:bb:c8:ec:ec:a4:e3:
         61:df:f3:34:a9:bd:ce:66:51:99:2f:77:e2:70:c3:bb:ee:b4:
         19:ed:ce:52:7c:1a:94:88:4f:c9:fb:2a:f1:6e:33:2c:3c:67:
         6e:32:24:16:b1:ca:ab:a6:4a:d0:97:78:02:85:e7:8f:3a:eb:
         b1:61:11:8b:2d:b8:09:1f:7e:06:82:68:f3:e1:5a:74:89:75:
         01:2e:23:35:85:91:74:57:93:55:36:ac:97:b2:fe:bb:77:1f:
         44:8d:22:0c:e8:bd:82:9d:c0:6e:98:b5:45:f2:01:35:4e:3d:
         c6:e0:77:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PkvNAKPVnTr8+iUO6d8MXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwNDI3MTUzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjczNGNmNDVlZjM1YmQzYzNiYzY3ZWJkZWY4NTUyMTlmYzE2NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkresCqk/8yk+/LQJtuJX/J51WnfN
4dDQnPVQE7LokDLtnjyB9meOqrPu6xtiLsZp76WG/emgZiGk++3Z+32YC9wMdFmz
0eCFGxBl32rAJ2XyhjjkixltLrTXQwT5f76tEQE0MnCRtOWO/ewb063tY3wx0+rG
dcwv3JFzNfnDYLR6Cw1poX5a6jqOb2fqvMLpRmusZRFrT2Mc8Pw9ZIxU93afyQQW
ETWqgoTyNYzHnWY8YDJ5HDEWLm6RV0EqWwFMU4NoDTC38FUtE2K+xAWLA9bkAUyP
yMcafcyWxWD28AvERBRpXUiMpczcDitLfMkXnmqmucu2WX35PPBtuuvNWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9zTPRe81vTw7xn6974VSGfwWXCMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvUDNOTTlGN3pXOVBEdkdmcjN2aFZJWl9CWmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW93MA0G
CSqGSIb3DQEBCwUAA4IBAQBkcBblBmtZK7WgThPWu0drwoOqYjnTwxg5ynZA9r/Q
rFAoK9gK5oX7cog35wHC7DHpvRT+8jgUkkfOsnB5QkQ2HFgClMJbSjJyps+QZTWy
sQbnPihu2AXf8HodrZlWTgRXbMxFqr0rsf6HmSWOqTxUzTvBAEuJT4UKwoAI9WL8
rpQBqoFszbm4qZq7yOzspONh3/M0qb3OZlGZL3ficMO77rQZ7c5SfBqUiE/J+yrx
bjMsPGduMiQWscqrpkrQl3gCheePOuuxYRGLLbgJH34Ggmjz4Vp0iXUBLiM1hZF0
V5NVNqyXsv67dx9EjSIM6L2CncBumLVF8gE1Tj3G4Hd1
-----END CERTIFICATE-----