Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/PFZpLIhhyuxMIxoL3doX43uXr_0.roa
File:                     PFZpLIhhyuxMIxoL3doX43uXr_0.roa (raw, json)
Hash identifier:          vtL2UJAi6kU5TeC3dZFl0hJ0UyS0aR5hnJoB/XiExRo=
Subject key identifier:   3C:56:69:2C:88:61:CA:EC:4C:23:1A:0B:DD:DA:17:E3:7B:97:AF:FD
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       0199D8BB00B303E7D1A8193EE121ABFABF3C
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/PFZpLIhhyuxMIxoL3doX43uXr_0.roa
Signing time:             Sun 12 Oct 2025 14:02:38 +0000
ROA not before:           Sun 12 Oct 2025 14:02:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8038
IP address blocks:        185.54.92.0/23 maxlen: 24
                          2a00:8642::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d8:bb:00:b3:03:e7:d1:a8:19:3e:e1:21:ab:fa:bf:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Oct 12 14:02:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c56692c8861caec4c231a0bddda17e37b97affd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ff:c4:48:d9:4b:10:e3:ef:16:b5:d7:9a:d8:
                    64:ca:44:81:18:bf:15:34:a2:18:eb:cb:17:2b:e5:
                    9d:01:14:f9:55:06:08:00:5a:26:f5:28:ab:e5:99:
                    ed:c6:1f:90:d3:48:f3:42:6d:13:04:1f:53:19:d0:
                    08:11:f2:71:3e:83:03:0f:6e:d9:ba:7a:32:1b:4a:
                    a9:9d:f2:9f:8b:6a:c6:8b:af:6c:16:37:de:bb:c6:
                    31:b9:c4:7d:8e:00:e0:64:fa:57:2f:cf:93:93:55:
                    1b:92:dd:c3:c4:45:86:39:2b:c8:53:b6:af:55:31:
                    fb:1a:03:ae:57:cf:47:14:b4:79:16:05:0c:ee:27:
                    79:ee:4a:33:72:e1:eb:e2:4d:43:f4:a8:09:0a:8b:
                    9c:25:db:a0:11:e8:ee:5e:84:63:f1:78:c5:69:ab:
                    f8:aa:07:3e:f7:f7:48:07:6c:46:89:59:9e:ad:6e:
                    12:d4:58:e2:fe:90:5b:26:43:70:6e:e8:d2:a4:61:
                    c2:d8:03:45:57:62:5f:cf:8c:72:48:4d:a4:63:e0:
                    24:a9:90:48:b4:85:37:ba:1c:66:72:ad:0a:ce:c8:
                    d6:8d:8e:2d:f4:13:5a:ae:55:df:b4:a1:db:0f:b8:
                    4d:a4:2c:68:3a:a5:29:7e:c1:22:9c:01:8d:c8:59:
                    2b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:56:69:2C:88:61:CA:EC:4C:23:1A:0B:DD:DA:17:E3:7B:97:AF:FD
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/PFZpLIhhyuxMIxoL3doX43uXr_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.92.0/23
                IPv6:
                  2a00:8642::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:c1:e2:82:55:19:ec:45:22:b8:ff:d1:84:d0:6b:3d:cf:21:
         db:2f:07:d0:91:05:e7:9f:e5:3e:59:6f:82:b3:63:93:d2:2c:
         48:88:17:ea:e2:af:d0:fb:c3:fd:ad:a1:08:40:78:c2:33:66:
         1b:73:28:c1:b8:23:e8:40:7a:76:0d:35:07:42:36:47:ef:34:
         6a:23:63:57:e1:cb:df:8f:0c:27:4c:7d:38:fb:89:cd:73:53:
         b2:99:e6:f3:f1:f5:fd:92:18:64:00:af:59:fe:b1:50:e1:e6:
         5a:aa:67:45:6b:cf:f6:48:c8:78:85:84:6e:0b:1b:ad:59:3f:
         5d:5e:5b:35:56:f6:ee:0e:14:54:33:da:cb:56:23:21:8d:26:
         e8:6f:75:09:7a:13:11:83:32:8e:55:3d:18:78:c5:7a:bb:a8:
         e8:ad:be:94:67:c8:5c:01:e2:8a:df:42:db:1a:4e:73:21:74:
         0d:a2:89:57:87:f5:62:f7:bb:77:be:d2:7b:2c:d6:40:e3:c4:
         87:6a:18:42:94:12:e4:2e:82:0b:28:e0:d4:4f:71:bf:9b:3c:
         32:0d:cc:95:2f:be:43:23:63:aa:f9:bd:e1:7a:40:77:73:b3:
         31:58:54:dc:42:7f:80:0d:0b:1b:8e:9a:46:bd:4d:b4:a1:d4:
         26:e7:47:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnYuwCzA+fRqBk+4SGr+r88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjUxMDEyMTQwMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU2NjkyYzg4NjFjYWVjNGMyMzFhMGJkZGRhMTdlMzdiOTdhZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf/ESNlLEOPvFrXXmthkykSBGL8V
NKIY68sXK+WdART5VQYIAFom9Sir5Zntxh+Q00jzQm0TBB9TGdAIEfJxPoMDD27Z
unoyG0qpnfKfi2rGi69sFjfeu8YxucR9jgDgZPpXL8+Tk1Ubkt3DxEWGOSvIU7av
VTH7GgOuV89HFLR5FgUM7id57kozcuHr4k1D9KgJCoucJdugEejuXoRj8XjFaav4
qgc+9/dIB2xGiVmerW4S1Fji/pBbJkNwbujSpGHC2ANFV2Jfz4xySE2kY+AkqZBI
tIU3uhxmcq0KzsjWjY4t9BNarlXftKHbD7hNpCxoOqUpfsEinAGNyFkrqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDxWaSyIYcrsTCMaC93aF+N7l6/9MB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvUEZacExJaGh5dXhNSXhvTDNkb1g0M3VYcl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuTZcMA0E
AgACMAcDBQAqAIZCMA0GCSqGSIb3DQEBCwUAA4IBAQBGweKCVRnsRSK4/9GE0Gs9
zyHbLwfQkQXnn+U+WW+Cs2OT0ixIiBfq4q/Q+8P9raEIQHjCM2YbcyjBuCPoQHp2
DTUHQjZH7zRqI2NX4cvfjwwnTH04+4nNc1Oymebz8fX9khhkAK9Z/rFQ4eZaqmdF
a8/2SMh4hYRuCxutWT9dXls1VvbuDhRUM9rLViMhjSbob3UJehMRgzKOVT0YeMV6
u6jorb6UZ8hcAeKK30LbGk5zIXQNoolXh/Vi97t3vtJ7LNZA48SHahhClBLkLoIL
KODUT3G/mzwyDcyVL75DI2Oq+b3hekB3c7MxWFTcQn+ADQsbjppGvU20odQm50fU
-----END CERTIFICATE-----