Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PM-WmUAdNwnurF_sCNu9R_F64SI.roa
File:                     PM-WmUAdNwnurF_sCNu9R_F64SI.roa (raw, json)
Hash identifier:          CJ5t2A1zDNe1/s4r3gb15wFIwi9xo5+ukwVbM1UhzYg=
Subject key identifier:   3C:CF:96:99:40:1D:37:09:EE:AC:5F:EC:08:DB:BD:47:F1:7A:E1:22
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019DE243D41E3970023C1D72BDD3DFDA9BB3
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PM-WmUAdNwnurF_sCNu9R_F64SI.roa
Signing time:             Fri 01 May 2026 06:39:49 +0000
ROA not before:           Fri 01 May 2026 06:39:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201028
IP address blocks:        91.226.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:19:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:43:d4:1e:39:70:02:3c:1d:72:bd:d3:df:da:9b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  1 06:39:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ccf9699401d3709eeac5fec08dbbd47f17ae122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9c:35:bf:25:ea:e0:8a:b1:5e:f2:4d:b9:8c:
                    11:62:9c:45:58:d7:71:06:cf:1d:69:ae:5e:17:b8:
                    4d:96:bc:24:b1:cb:09:09:52:c0:71:70:55:0a:cb:
                    df:fb:35:ef:f9:7c:65:29:86:e2:6c:c9:78:13:78:
                    46:6d:8a:13:0b:3b:bb:ff:e1:ca:65:c6:63:28:00:
                    60:ba:3a:1d:2e:5a:0f:4c:b7:67:c9:5d:fa:e9:75:
                    53:ca:7d:47:67:02:f7:be:60:7e:0a:29:09:2c:b9:
                    e8:ee:89:33:bb:d4:b7:a4:4f:1b:66:34:76:c7:b5:
                    a3:83:84:2e:88:cc:49:9e:3f:d8:a9:67:cb:9f:05:
                    f2:e3:4b:5d:f1:bd:f4:42:01:94:f1:9c:65:0b:03:
                    73:ce:ee:5e:87:e6:47:71:05:f1:7f:5b:aa:5a:d2:
                    01:7d:ef:e8:75:fe:14:ed:56:cd:b5:7d:f8:b6:94:
                    52:46:77:da:2a:06:90:fa:9c:f1:f7:88:5e:f9:3d:
                    3d:2b:65:67:88:4d:43:cd:bf:72:6c:80:0d:31:9d:
                    4d:4d:f2:45:87:00:7f:20:b4:a7:2e:4e:ec:10:cc:
                    8c:85:a9:01:90:bc:a1:e1:48:03:12:20:c8:98:fc:
                    fd:8e:c0:ae:f9:d1:34:b0:b5:58:b1:c6:8f:94:22:
                    8a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CF:96:99:40:1D:37:09:EE:AC:5F:EC:08:DB:BD:47:F1:7A:E1:22
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PM-WmUAdNwnurF_sCNu9R_F64SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:0c:84:1f:f2:ea:b4:21:d1:94:11:2c:fc:b3:3d:72:3b:be:
         5b:c3:0b:a3:2a:31:ef:ee:5d:26:ec:e2:8f:b9:eb:84:b0:71:
         d7:ac:b0:e2:57:08:06:cb:db:c2:fb:56:96:40:9a:0f:08:7f:
         11:d9:99:85:28:a3:5b:e5:20:26:ac:4b:de:2e:72:f0:a7:f4:
         a9:ff:7f:ef:ae:d4:e9:ca:69:d5:67:f6:55:01:ff:d0:1d:90:
         c3:92:29:ff:ce:de:d0:30:0b:f9:cc:4c:81:b3:c6:b9:c8:4b:
         15:f6:f7:c4:b0:dd:c0:aa:75:2f:6b:8c:d4:ef:45:84:79:fd:
         d7:67:e3:ff:d4:60:b7:65:ec:96:8c:e4:e0:f8:98:0d:5c:7d:
         c9:4b:3c:c5:79:f6:b3:58:80:36:61:07:d0:8e:66:a6:59:5e:
         6e:91:70:bf:27:ea:15:64:c3:be:e4:6e:f5:8e:16:15:74:ff:
         d2:13:04:88:69:5c:f9:ed:bd:b6:31:eb:d6:0f:03:88:05:14:
         99:f4:45:d9:11:40:96:8f:27:0a:a7:5e:19:ac:df:97:3f:b8:
         2c:63:2b:3c:17:ff:d7:93:94:68:70:52:50:a7:38:d7:aa:8c:
         5f:a5:49:cd:0f:9d:b7:97:a6:de:52:4b:04:3b:6a:64:0d:38:
         d4:60:f0:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3iQ9QeOXACPB1yvdPf2puzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTAxMDYzOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2NmOTY5OTQwMWQzNzA5ZWVhYzVmZWMwOGRiYmQ0N2YxN2FlMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJw1vyXq4IqxXvJNuYwRYpxFWNdx
Bs8daa5eF7hNlrwkscsJCVLAcXBVCsvf+zXv+XxlKYbibMl4E3hGbYoTCzu7/+HK
ZcZjKABgujodLloPTLdnyV366XVTyn1HZwL3vmB+CikJLLno7okzu9S3pE8bZjR2
x7Wjg4QuiMxJnj/YqWfLnwXy40td8b30QgGU8ZxlCwNzzu5eh+ZHcQXxf1uqWtIB
fe/odf4U7VbNtX34tpRSRnfaKgaQ+pzx94he+T09K2VniE1Dzb9ybIANMZ1NTfJF
hwB/ILSnLk7sEMyMhakBkLyh4UgDEiDImPz9jsCu+dE0sLVYscaPlCKKVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzPlplAHTcJ7qxf7AjbvUfxeuEiMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUE0tV21VQWROd251ckZfc0NOdTlSX0Y2NFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+I4MA0G
CSqGSIb3DQEBCwUAA4IBAQBUDIQf8uq0IdGUESz8sz1yO75bwwujKjHv7l0m7OKP
ueuEsHHXrLDiVwgGy9vC+1aWQJoPCH8R2ZmFKKNb5SAmrEveLnLwp/Sp/3/vrtTp
ymnVZ/ZVAf/QHZDDkin/zt7QMAv5zEyBs8a5yEsV9vfEsN3AqnUva4zU70WEef3X
Z+P/1GC3ZeyWjOTg+JgNXH3JSzzFefazWIA2YQfQjmamWV5ukXC/J+oVZMO+5G71
jhYVdP/SEwSIaVz57b22MevWDwOIBRSZ9EXZEUCWjycKp14ZrN+XP7gsYys8F//X
k5RocFJQpzjXqoxfpUnND523l6beUksEO2pkDTjUYPDR
-----END CERTIFICATE-----