Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/Pwqn4oY0KPuWxFDB-Ztc1zWrVwI.roa
File:                     Pwqn4oY0KPuWxFDB-Ztc1zWrVwI.roa (raw, json)
Hash identifier:          j9WbrXVSr2U86ODDAeyZl+rZySS1lzxdLUlG17Tpq0c=
Subject key identifier:   3F:0A:A7:E2:86:34:28:FB:96:C4:50:C1:F9:9B:5C:D7:35:AB:57:02
Certificate issuer:       /CN=8769a6f1a46fe6b12f7e5f1c012c8a4ccbef7b9f
Certificate serial:       019DB4948AD389FEA9615AAA42D9B4D62435
Authority key identifier: 87:69:A6:F1:A4:6F:E6:B1:2F:7E:5F:1C:01:2C:8A:4C:CB:EF:7B:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h2mm8aRv5rEvfl8cASyKTMvve58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/Pwqn4oY0KPuWxFDB-Ztc1zWrVwI.roa
Signing time:             Wed 22 Apr 2026 09:45:26 +0000
ROA not before:           Wed 22 Apr 2026 09:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39686
IP address blocks:        194.53.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/h2mm8aRv5rEvfl8cASyKTMvve58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/h2mm8aRv5rEvfl8cASyKTMvve58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h2mm8aRv5rEvfl8cASyKTMvve58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:94:8a:d3:89:fe:a9:61:5a:aa:42:d9:b4:d6:24:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8769a6f1a46fe6b12f7e5f1c012c8a4ccbef7b9f
        Validity
            Not Before: Apr 22 09:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f0aa7e2863428fb96c450c1f99b5cd735ab5702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:eb:61:69:71:00:fc:a5:bb:68:39:79:a8:4f:
                    6b:50:1f:fa:f6:c5:d9:84:f3:c6:dc:c1:87:ae:5d:
                    0d:f8:7c:74:db:27:4d:5a:79:25:d8:15:7f:aa:53:
                    62:b3:39:98:19:b9:c6:6b:68:76:84:4a:78:b2:45:
                    0c:52:e3:44:db:ad:ea:c0:c7:be:f3:73:4c:ac:11:
                    aa:c7:70:00:54:62:c2:5c:1b:88:e4:73:74:2a:af:
                    ac:bd:4e:a6:19:18:2f:04:6d:a0:60:bd:89:2c:e3:
                    57:8e:77:ca:d7:e2:a7:19:04:e7:e9:65:f3:a7:5e:
                    93:67:77:d7:00:38:cc:d4:9c:e5:55:e0:f6:a1:56:
                    1e:fb:f9:96:dd:32:59:3f:8f:0a:1a:51:78:f2:1e:
                    cf:83:4a:63:9d:1a:16:3e:91:5d:b8:50:38:38:c4:
                    a0:24:6f:3e:13:db:19:1e:c7:1e:6c:a9:39:37:cc:
                    cc:74:6a:ad:0e:71:71:bb:dc:45:f8:cf:29:ad:0d:
                    b6:83:d4:83:9c:19:6f:91:da:07:04:b7:69:75:00:
                    64:30:dc:d1:c9:9f:f4:6c:54:b3:f9:13:32:e2:32:
                    ae:0f:e4:aa:7e:c6:13:08:4e:3e:cd:66:c6:35:87:
                    c3:81:34:39:ec:52:f0:98:5f:88:97:61:b5:cf:ae:
                    9e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:0A:A7:E2:86:34:28:FB:96:C4:50:C1:F9:9B:5C:D7:35:AB:57:02
            X509v3 Authority Key Identifier:
                keyid:87:69:A6:F1:A4:6F:E6:B1:2F:7E:5F:1C:01:2C:8A:4C:CB:EF:7B:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h2mm8aRv5rEvfl8cASyKTMvve58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/Pwqn4oY0KPuWxFDB-Ztc1zWrVwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/dc4b45-d948-4b6a-a3d9-730541a06f80/1/h2mm8aRv5rEvfl8cASyKTMvve58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:a9:5f:54:29:d0:1e:44:54:80:95:10:9c:eb:74:cd:81:c0:
         d5:af:64:0d:f1:e8:3a:d9:d3:3e:c3:4a:45:18:3d:ec:90:21:
         b7:62:23:c6:01:5c:b5:d1:ac:32:8f:b6:fb:5c:ce:87:76:21:
         42:aa:f0:7f:00:b3:e6:03:6c:a4:bf:15:e8:96:3f:e5:78:14:
         97:6d:64:11:ef:55:fc:e9:19:10:84:20:d3:68:f7:c6:b2:7d:
         97:5a:d6:3c:9f:c1:48:05:c1:36:36:e3:e9:03:27:88:c2:00:
         ba:ad:d9:55:81:bd:c7:a7:3b:c6:9b:5c:81:37:36:ae:62:92:
         2e:12:bf:67:6d:55:a7:84:a4:8d:31:26:cc:fd:5e:d1:05:ae:
         d9:df:60:b4:6c:5a:37:b5:31:8e:4b:49:a6:b9:f9:13:17:eb:
         05:8d:55:f1:ab:a9:6e:cd:4e:f5:40:61:22:b3:c9:d5:2b:af:
         8b:8d:4f:b5:8f:47:3f:d2:84:b0:d7:4a:b3:6f:1a:ef:38:af:
         01:c7:78:c7:65:25:1b:ec:40:8a:76:f7:e6:61:af:22:0a:d3:
         b3:9c:ce:d1:a9:c2:79:da:78:dc:ab:ea:86:00:a0:a2:d0:59:
         b4:7e:b5:d3:b7:ab:4a:58:15:3e:3b:c4:4f:09:4b:75:46:63:
         2a:88:a5:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20lIrTif6pYVqqQtm01iQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NjlhNmYxYTQ2ZmU2YjEyZjdlNWYxYzAxMmM4YTRjY2Jl
ZjdiOWYwHhcNMjYwNDIyMDk0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjBhYTdlMjg2MzQyOGZiOTZjNDUwYzFmOTliNWNkNzM1YWI1NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqethaXEA/KW7aDl5qE9rUB/69sXZ
hPPG3MGHrl0N+Hx02ydNWnkl2BV/qlNiszmYGbnGa2h2hEp4skUMUuNE263qwMe+
83NMrBGqx3AAVGLCXBuI5HN0Kq+svU6mGRgvBG2gYL2JLONXjnfK1+KnGQTn6WXz
p16TZ3fXADjM1JzlVeD2oVYe+/mW3TJZP48KGlF48h7Pg0pjnRoWPpFduFA4OMSg
JG8+E9sZHscebKk5N8zMdGqtDnFxu9xF+M8prQ22g9SDnBlvkdoHBLdpdQBkMNzR
yZ/0bFSz+RMy4jKuD+SqfsYTCE4+zWbGNYfDgTQ57FLwmF+Il2G1z66eWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8Kp+KGNCj7lsRQwfmbXNc1q1cCMB8GA1UdIwQY
MBaAFIdppvGkb+axL35fHAEsikzL73ufMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDJtbThhUnY1ckV2Zmw4Y0FTeUtUTXZ2ZTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9kYzRiNDUtZDk0OC00YjZhLWEzZDkt
NzMwNTQxYTA2ZjgwLzEvUHdxbjRvWTBLUHVXeEZEQi1adGMxeldyVndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9kYzRiNDUtZDk0OC00YjZhLWEzZDktNzMwNTQxYTA2Zjgw
LzEvaDJtbThhUnY1ckV2Zmw4Y0FTeUtUTXZ2ZTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjV0MA0G
CSqGSIb3DQEBCwUAA4IBAQCjqV9UKdAeRFSAlRCc63TNgcDVr2QN8eg62dM+w0pF
GD3skCG3YiPGAVy10awyj7b7XM6HdiFCqvB/ALPmA2ykvxXolj/leBSXbWQR71X8
6RkQhCDTaPfGsn2XWtY8n8FIBcE2NuPpAyeIwgC6rdlVgb3HpzvGm1yBNzauYpIu
Er9nbVWnhKSNMSbM/V7RBa7Z32C0bFo3tTGOS0mmufkTF+sFjVXxq6luzU71QGEi
s8nVK6+LjU+1j0c/0oSw10qzbxrvOK8Bx3jHZSUb7ECKdvfmYa8iCtOznM7RqcJ5
2njcq+qGAKCi0Fm0frXTt6tKWBU+O8RPCUt1RmMqiKV+
-----END CERTIFICATE-----