Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/Pxo9ehHbXZebC306inRLM7y0iaU.roa
File:                     Pxo9ehHbXZebC306inRLM7y0iaU.roa (raw, json)
Hash identifier:          DAOuRN4HFLh3V3C0ykmvw7d38j+IxJOCGqFgIfyZtA4=
Subject key identifier:   3F:1A:3D:7A:11:DB:5D:97:9B:0B:7D:3A:8A:74:4B:33:BC:B4:89:A5
Certificate issuer:       /CN=d045cd00736e5a0ec23b908265870d560d551b02
Certificate serial:       019B797EB2F80608BB3FA78995C79091A6E5
Authority key identifier: D0:45:CD:00:73:6E:5A:0E:C2:3B:90:82:65:87:0D:56:0D:55:1B:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EXNAHNuWg7CO5CCZYcNVg1VGwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/Pxo9ehHbXZebC306inRLM7y0iaU.roa
Signing time:             Thu 01 Jan 2026 12:18:24 +0000
ROA not before:           Thu 01 Jan 2026 12:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8956
IP address blocks:        193.188.197.0/24 maxlen: 24
                          2001:678:bac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/0EXNAHNuWg7CO5CCZYcNVg1VGwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/0EXNAHNuWg7CO5CCZYcNVg1VGwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EXNAHNuWg7CO5CCZYcNVg1VGwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b2:f8:06:08:bb:3f:a7:89:95:c7:90:91:a6:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d045cd00736e5a0ec23b908265870d560d551b02
        Validity
            Not Before: Jan  1 12:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f1a3d7a11db5d979b0b7d3a8a744b33bcb489a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:23:73:0f:0c:88:f6:c1:79:9b:0b:a8:8e:0f:
                    31:1e:56:d3:fc:ed:c8:ce:cd:5c:e3:e6:56:83:e7:
                    b3:b1:5c:f4:79:54:bd:8e:65:00:e2:e1:bf:3d:e3:
                    e5:95:e3:bf:29:03:f0:71:61:5a:a0:dc:b1:85:01:
                    8c:48:88:50:39:0c:7c:1b:91:14:3c:94:32:86:2c:
                    99:90:d8:4f:7b:6c:10:d9:fd:26:cf:14:0c:b2:37:
                    e3:72:8b:31:af:e7:bf:be:e0:c7:8e:d7:8c:d8:c1:
                    93:1d:11:b3:37:ca:e4:81:2c:f1:1f:5d:94:50:b2:
                    a8:c4:42:51:ce:08:3e:33:42:0c:43:61:d9:a0:8f:
                    19:5e:5d:b8:af:02:0f:f7:c1:8f:56:18:cb:5a:ad:
                    0a:c8:38:50:ec:da:4e:19:34:7c:7e:eb:ed:97:48:
                    fe:c4:29:20:49:54:c0:29:4a:be:58:d3:b9:70:6e:
                    9f:01:a2:36:f1:15:c1:6f:b2:42:a9:24:a6:f2:ae:
                    89:7c:95:e6:f6:d7:ad:ee:da:e9:af:4d:89:b4:14:
                    ba:1e:bf:ea:ad:30:76:f0:4c:5f:07:63:b2:96:33:
                    81:ca:9d:fd:da:6b:7f:ea:34:97:37:6f:cb:e8:e8:
                    82:e2:aa:f2:f2:22:0e:3d:c0:45:5c:17:4b:26:2f:
                    77:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:1A:3D:7A:11:DB:5D:97:9B:0B:7D:3A:8A:74:4B:33:BC:B4:89:A5
            X509v3 Authority Key Identifier:
                keyid:D0:45:CD:00:73:6E:5A:0E:C2:3B:90:82:65:87:0D:56:0D:55:1B:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EXNAHNuWg7CO5CCZYcNVg1VGwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/Pxo9ehHbXZebC306inRLM7y0iaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/4625da-a982-4548-bee1-8e3ef39ecc12/1/0EXNAHNuWg7CO5CCZYcNVg1VGwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.197.0/24
                IPv6:
                  2001:678:bac::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:32:97:ef:7a:0c:33:b4:d9:c0:5a:fe:33:84:c5:fa:6c:dd:
         d5:6d:1e:50:ee:63:4b:2a:08:9b:43:6a:dc:ec:35:aa:b4:82:
         a0:ce:8d:67:cd:36:ab:c1:4b:4c:7b:07:2d:3f:66:a7:c9:bf:
         f1:90:ef:ac:51:c5:e3:92:4b:e9:11:dc:14:18:87:8b:69:ab:
         7c:05:a7:d6:0e:7a:6b:94:df:80:92:14:a7:5c:d9:f5:43:1c:
         11:f6:f8:cd:35:b6:0c:a7:c0:97:4e:aa:e3:4e:98:9d:0a:2a:
         75:b1:09:83:3c:7e:59:66:fb:e3:6f:d4:64:0d:22:5d:43:d1:
         a9:37:77:ba:db:c4:f5:7e:bc:18:77:42:af:6a:07:c0:e7:26:
         ee:71:2b:76:fc:43:f4:eb:77:f8:a5:71:77:db:bc:55:95:9d:
         84:b2:85:ad:22:c9:5f:a5:94:de:ac:fd:85:ba:87:bf:db:fd:
         34:3e:4b:c6:52:5f:4e:c7:a7:1e:32:c2:20:cb:d8:7b:ee:f3:
         1a:70:5e:28:7e:b1:c6:30:bd:57:78:b7:3d:a0:a3:65:e5:a7:
         0c:39:8d:6f:3c:06:c5:3c:66:09:c6:c7:25:24:5b:6e:08:42:
         5c:83:e0:9e:fa:82:21:7d:f8:bc:cc:4e:0c:db:bf:96:f8:4b:
         a7:16:19:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt5frL4Bgi7P6eJlceQkablMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDVjZDAwNzM2ZTVhMGVjMjNiOTA4MjY1ODcwZDU2MGQ1
NTFiMDIwHhcNMjYwMTAxMTIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjFhM2Q3YTExZGI1ZDk3OWIwYjdkM2E4YTc0NGIzM2JjYjQ4OWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCNzDwyI9sF5mwuojg8xHlbT/O3I
zs1c4+ZWg+ezsVz0eVS9jmUA4uG/PePlleO/KQPwcWFaoNyxhQGMSIhQOQx8G5EU
PJQyhiyZkNhPe2wQ2f0mzxQMsjfjcosxr+e/vuDHjteM2MGTHRGzN8rkgSzxH12U
ULKoxEJRzgg+M0IMQ2HZoI8ZXl24rwIP98GPVhjLWq0KyDhQ7NpOGTR8fuvtl0j+
xCkgSVTAKUq+WNO5cG6fAaI28RXBb7JCqSSm8q6JfJXm9tet7trpr02JtBS6Hr/q
rTB28ExfB2OyljOByp392mt/6jSXN2/L6OiC4qry8iIOPcBFXBdLJi93fQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD8aPXoR212Xmwt9Oop0SzO8tImlMB8GA1UdIwQY
MBaAFNBFzQBzbloOwjuQgmWHDVYNVRsCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVYTkFITnVXZzdDTzVDQ1pZY05WZzFWR3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80NjI1ZGEtYTk4Mi00NTQ4LWJlZTEt
OGUzZWYzOWVjYzEyLzEvUHhvOWVoSGJYWmViQzMwNmluUkxNN3kwaWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80NjI1ZGEtYTk4Mi00NTQ4LWJlZTEtOGUzZWYzOWVjYzEy
LzEvMEVYTkFITnVXZzdDTzVDQ1pZY05WZzFWR3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbzFMA8E
AgACMAkDBwAgAQZ4C6wwDQYJKoZIhvcNAQELBQADggEBABoyl+96DDO02cBa/jOE
xfps3dVtHlDuY0sqCJtDatzsNaq0gqDOjWfNNqvBS0x7By0/ZqfJv/GQ76xRxeOS
S+kR3BQYh4tpq3wFp9YOemuU34CSFKdc2fVDHBH2+M01tgynwJdOquNOmJ0KKnWx
CYM8fllm++Nv1GQNIl1D0ak3d7rbxPV+vBh3Qq9qB8DnJu5xK3b8Q/Trd/ilcXfb
vFWVnYSyha0iyV+llN6s/YW6h7/b/TQ+S8ZSX07Hpx4ywiDL2Hvu8xpwXih+scYw
vVd4tz2go2Xlpww5jW88BsU8ZgnGxyUkW24IQlyD4J76giF9+LzMTgzbv5b4S6cW
GX8=
-----END CERTIFICATE-----