Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/PNtLjxOL7gRSUmnaVLmWWzAdAvM.roa
File:                     PNtLjxOL7gRSUmnaVLmWWzAdAvM.roa (raw, json)
Hash identifier:          BRRmmysrxzY2RZDQDWvnLLEjHznI64v1YrJqfUUVaUA=
Subject key identifier:   3C:DB:4B:8F:13:8B:EE:04:52:52:69:DA:54:B9:96:5B:30:1D:02:F3
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0199F2050475F775D76FFAD203D0EAC07A69
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/PNtLjxOL7gRSUmnaVLmWWzAdAvM.roa
Signing time:             Fri 17 Oct 2025 11:53:59 +0000
ROA not before:           Fri 17 Oct 2025 11:53:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        178.219.6.0/24 maxlen: 24
                          178.253.229.0/24 maxlen: 24
                          185.47.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:05:04:75:f7:75:d7:6f:fa:d2:03:d0:ea:c0:7a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 17 11:53:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cdb4b8f138bee04525269da54b9965b301d02f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bb:f2:86:e4:11:6e:08:65:36:03:26:17:4a:
                    1f:8b:50:dc:90:da:fd:be:45:0e:c0:91:82:b3:1d:
                    0c:bf:0a:5c:85:0d:23:b8:3b:c7:da:68:a3:b4:b2:
                    a3:d6:a0:dc:cc:11:65:66:96:10:6c:9a:6f:62:7b:
                    36:44:4a:7e:85:30:4a:92:b2:b7:32:b1:05:4d:1a:
                    c4:56:de:11:2d:fc:5c:a1:b4:c3:98:f7:1d:6d:2f:
                    84:99:be:bc:57:f0:e7:88:dc:ba:96:20:ef:cc:95:
                    f5:c9:22:a8:68:81:e5:6c:76:77:b8:44:05:25:29:
                    bc:3a:43:89:d7:ad:73:01:2f:4f:d8:ea:d5:26:58:
                    af:44:a5:46:d7:b4:b1:82:dc:04:88:97:6b:9e:5b:
                    9f:10:21:01:45:d7:ea:a7:55:95:a8:83:4e:0b:28:
                    2d:5a:91:c8:26:62:4e:56:84:5b:9f:48:78:57:f5:
                    a8:8e:76:f8:bd:a8:1e:c7:95:22:56:ce:9c:20:c1:
                    6d:77:65:b5:68:ad:58:4d:00:f3:12:2c:e0:d6:0d:
                    76:2a:f2:ba:2a:33:13:80:1e:f2:67:4e:5e:72:73:
                    55:1b:6e:67:e2:92:d1:30:92:f2:9b:78:d2:63:36:
                    fc:1e:6b:94:45:81:e4:b6:89:15:3d:05:49:20:13:
                    9f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DB:4B:8F:13:8B:EE:04:52:52:69:DA:54:B9:96:5B:30:1D:02:F3
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/PNtLjxOL7gRSUmnaVLmWWzAdAvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.6.0/24
                  178.253.229.0/24
                  185.47.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0f:f7:ed:ab:01:d5:45:a3:a8:fc:cf:2b:28:2f:10:a8:cb:
         46:51:d0:92:83:c8:ff:82:66:1c:6d:ea:36:33:b1:fb:aa:35:
         1d:2f:96:6c:0b:ad:8a:3e:55:af:16:df:e5:96:49:a2:f2:71:
         af:1e:a7:b8:5f:0e:a9:ea:04:78:fc:a4:a2:f7:d0:7d:b5:67:
         64:10:2e:67:67:d3:ea:c7:f7:94:8f:45:8a:c9:6a:74:17:7c:
         e1:2d:50:0a:b0:af:e9:b1:f6:c6:b4:f7:5d:fd:25:e4:b4:08:
         c6:12:a7:38:35:71:0b:a2:b5:28:e9:b4:aa:33:76:8a:44:0a:
         cc:fa:1a:d7:b9:4b:c6:eb:b2:32:2f:2e:94:ef:84:5b:91:18:
         73:29:d4:e7:c7:03:d4:2e:77:9b:b3:85:97:cb:22:bf:06:64:
         c4:bf:df:95:70:99:23:bd:7c:bd:33:52:bd:d2:6e:b8:9a:9d:
         e9:fb:0d:23:01:fa:97:b6:56:03:85:0b:ec:a0:cb:07:80:59:
         c8:12:0e:ea:d1:d9:6c:0a:5e:b6:d3:66:c8:de:10:d0:3e:93:
         09:ea:01:97:c6:b4:42:64:bf:8c:a4:8d:f1:c6:48:df:d2:cd:
         d8:16:4a:27:df:fa:ea:4d:62:4f:6d:3d:3c:c2:58:40:70:ea:
         3f:9c:c8:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnyBQR193XXb/rSA9DqwHppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDE3MTE1MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RiNGI4ZjEzOGJlZTA0NTI1MjY5ZGE1NGI5OTY1YjMwMWQwMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorvyhuQRbghlNgMmF0ofi1DckNr9
vkUOwJGCsx0MvwpchQ0juDvH2mijtLKj1qDczBFlZpYQbJpvYns2REp+hTBKkrK3
MrEFTRrEVt4RLfxcobTDmPcdbS+Emb68V/DniNy6liDvzJX1ySKoaIHlbHZ3uEQF
JSm8OkOJ161zAS9P2OrVJlivRKVG17SxgtwEiJdrnlufECEBRdfqp1WVqINOCygt
WpHIJmJOVoRbn0h4V/Wojnb4vagex5UiVs6cIMFtd2W1aK1YTQDzEizg1g12KvK6
KjMTgB7yZ05ecnNVG25n4pLRMJLym3jSYzb8HmuURYHktokVPQVJIBOfTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDzbS48Ti+4EUlJp2lS5llswHQLzMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvUE50TGp4T0w3Z1JTVW1uYVZMbVdXekFkQXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAstsGAwQA
sv3lAwQAuS9bMA0GCSqGSIb3DQEBCwUAA4IBAQB2D/ftqwHVRaOo/M8rKC8QqMtG
UdCSg8j/gmYcbeo2M7H7qjUdL5ZsC62KPlWvFt/llkmi8nGvHqe4Xw6p6gR4/KSi
99B9tWdkEC5nZ9Pqx/eUj0WKyWp0F3zhLVAKsK/psfbGtPdd/SXktAjGEqc4NXEL
orUo6bSqM3aKRArM+hrXuUvG67IyLy6U74RbkRhzKdTnxwPULnebs4WXyyK/BmTE
v9+VcJkjvXy9M1K90m64mp3p+w0jAfqXtlYDhQvsoMsHgFnIEg7q0dlsCl6202bI
3hDQPpMJ6gGXxrRCZL+MpI3xxkjf0s3YFkon3/rqTWJPbT08wlhAcOo/nMhU
-----END CERTIFICATE-----