Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/PFBKsrtOCbGhBn0cYx9bOrROX78.roa
File:                     PFBKsrtOCbGhBn0cYx9bOrROX78.roa (raw, json)
Hash identifier:          7K+faRfy2CkTQM6e5qFvQ/b7USgvSKY/AFQOmLzDB3g=
Subject key identifier:   3C:50:4A:B2:BB:4E:09:B1:A1:06:7D:1C:63:1F:5B:3A:B4:4E:5F:BF
Certificate issuer:       /CN=866571b406976c9faf8877302819cf550e79e29d
Certificate serial:       019DFCBF0DE05B62205CC2406530AD74E2C7
Authority key identifier: 86:65:71:B4:06:97:6C:9F:AF:88:77:30:28:19:CF:55:0E:79:E2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hmVxtAaXbJ-viHcwKBnPVQ554p0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/PFBKsrtOCbGhBn0cYx9bOrROX78.roa
Signing time:             Wed 06 May 2026 10:04:32 +0000
ROA not before:           Wed 06 May 2026 10:04:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2094
IP address blocks:        157.159.196.0/24 maxlen: 26
                          157.159.198.0/24 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/hmVxtAaXbJ-viHcwKBnPVQ554p0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/hmVxtAaXbJ-viHcwKBnPVQ554p0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hmVxtAaXbJ-viHcwKBnPVQ554p0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:bf:0d:e0:5b:62:20:5c:c2:40:65:30:ad:74:e2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=866571b406976c9faf8877302819cf550e79e29d
        Validity
            Not Before: May  6 10:04:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c504ab2bb4e09b1a1067d1c631f5b3ab44e5fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:88:8f:b3:00:2f:d7:03:6a:e8:fc:84:eb:2c:
                    de:b1:31:0b:f4:44:cf:f9:19:7f:60:f2:44:78:27:
                    60:2f:f7:c3:71:8a:8a:4b:9c:2c:2b:06:6f:20:82:
                    82:cc:02:b6:cb:13:c9:9e:9b:82:25:d0:f0:98:6f:
                    dc:0b:3c:9f:25:7e:a0:2f:1b:35:82:cc:34:40:20:
                    34:0b:90:57:db:fe:a6:9c:50:57:4d:83:35:aa:61:
                    aa:25:8e:f8:39:ab:5a:28:74:f6:72:a3:54:c2:11:
                    2f:b2:1e:3f:61:da:51:79:b8:34:c7:8d:42:37:6c:
                    46:72:37:bc:1c:c3:52:d8:2f:a1:97:6a:84:e3:3c:
                    e3:5c:cd:c7:9f:9b:f9:6d:25:f0:c2:4b:c3:0d:a3:
                    37:a4:d4:30:28:df:f0:5e:7c:3c:0b:a4:95:eb:52:
                    29:7b:9a:3f:2f:13:29:1f:61:68:b4:29:3b:60:4a:
                    3b:1e:fa:dc:8a:01:c8:f9:c7:07:14:8a:4f:11:39:
                    7b:4b:a6:e1:4b:2c:1a:7f:cc:e0:ab:2a:af:7f:41:
                    ab:db:26:14:f8:ce:7a:ea:2f:c3:c0:74:12:64:ff:
                    7a:cb:e8:55:0b:0b:40:36:37:bd:76:a5:8b:a8:8d:
                    b3:c2:5e:13:f8:fe:61:37:15:dc:79:53:29:dc:12:
                    88:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:50:4A:B2:BB:4E:09:B1:A1:06:7D:1C:63:1F:5B:3A:B4:4E:5F:BF
            X509v3 Authority Key Identifier:
                keyid:86:65:71:B4:06:97:6C:9F:AF:88:77:30:28:19:CF:55:0E:79:E2:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hmVxtAaXbJ-viHcwKBnPVQ554p0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/PFBKsrtOCbGhBn0cYx9bOrROX78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/fdc741-5f66-446d-a944-5bc9a63ceaf6/1/hmVxtAaXbJ-viHcwKBnPVQ554p0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.159.196.0/24
                  157.159.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:af:2f:78:4f:53:2c:8f:ec:8e:42:64:59:ad:7d:fc:44:8e:
         75:29:a3:0f:90:88:b6:fd:31:c2:d4:9a:71:9c:11:d1:12:9f:
         ce:4e:c9:c0:a2:51:b6:ec:ad:28:42:97:87:35:4e:cd:c1:8f:
         64:87:1e:83:58:5f:0a:59:e4:69:b2:f0:62:60:ca:8a:0c:e7:
         46:14:c1:a5:59:12:7b:f7:06:f7:dc:60:dd:f1:8c:76:d6:51:
         fc:c2:c8:e0:97:85:56:39:18:09:4f:18:a1:fb:4c:1e:f2:9b:
         dc:dd:cb:76:25:e3:c5:62:f4:d0:92:76:09:6c:f7:f4:c6:6c:
         db:93:43:ae:3a:3a:16:80:23:28:5f:b3:ac:aa:10:9d:be:e1:
         de:41:72:60:14:1a:a5:9e:0c:94:4f:1b:a0:be:8e:2d:5c:33:
         ce:f6:b1:20:5e:fb:b9:ba:b6:b5:3e:25:81:b9:bb:84:78:a8:
         30:3f:fc:f6:49:bf:37:9a:3c:8d:22:2c:be:d3:f0:06:48:4f:
         77:7a:86:4d:1d:74:6c:5e:10:39:8d:2b:8f:4e:78:80:7c:66:
         88:03:19:b0:44:62:69:2c:45:0f:0c:ec:09:d7:ef:33:73:5f:
         26:d5:82:49:d9:39:19:e7:bb:65:72:bb:86:45:b0:5f:88:ee:
         63:6f:bb:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ38vw3gW2IgXMJAZTCtdOLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NjU3MWI0MDY5NzZjOWZhZjg4NzczMDI4MTljZjU1MGU3
OWUyOWQwHhcNMjYwNTA2MTAwNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzUwNGFiMmJiNGUwOWIxYTEwNjdkMWM2MzFmNWIzYWI0NGU1ZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYiPswAv1wNq6PyE6yzesTEL9ETP
+Rl/YPJEeCdgL/fDcYqKS5wsKwZvIIKCzAK2yxPJnpuCJdDwmG/cCzyfJX6gLxs1
gsw0QCA0C5BX2/6mnFBXTYM1qmGqJY74OataKHT2cqNUwhEvsh4/YdpRebg0x41C
N2xGcje8HMNS2C+hl2qE4zzjXM3Hn5v5bSXwwkvDDaM3pNQwKN/wXnw8C6SV61Ip
e5o/LxMpH2FotCk7YEo7HvrcigHI+ccHFIpPETl7S6bhSywaf8zgqyqvf0Gr2yYU
+M566i/DwHQSZP96y+hVCwtANje9dqWLqI2zwl4T+P5hNxXceVMp3BKIMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDxQSrK7TgmxoQZ9HGMfWzq0Tl+/MB8GA1UdIwQY
MBaAFIZlcbQGl2yfr4h3MCgZz1UOeeKdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG1WeHRBYVhiSi12aUhjd0tCblBWUTU1NHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9mZGM3NDEtNWY2Ni00NDZkLWE5NDQt
NWJjOWE2M2NlYWY2LzEvUEZCS3NydE9DYkdoQm4wY1l4OWJPclJPWDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9mZGM3NDEtNWY2Ni00NDZkLWE5NDQtNWJjOWE2M2NlYWY2
LzEvaG1WeHRBYVhiSi12aUhjd0tCblBWUTU1NHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnZ/EAwQA
nZ/GMA0GCSqGSIb3DQEBCwUAA4IBAQAary94T1Msj+yOQmRZrX38RI51KaMPkIi2
/THC1JpxnBHREp/OTsnAolG27K0oQpeHNU7NwY9khx6DWF8KWeRpsvBiYMqKDOdG
FMGlWRJ79wb33GDd8Yx21lH8wsjgl4VWORgJTxih+0we8pvc3ct2JePFYvTQknYJ
bPf0xmzbk0OuOjoWgCMoX7OsqhCdvuHeQXJgFBqlngyUTxugvo4tXDPO9rEgXvu5
ura1PiWBubuEeKgwP/z2Sb83mjyNIiy+0/AGSE93eoZNHXRsXhA5jSuPTniAfGaI
AxmwRGJpLEUPDOwJ1+8zc18m1YJJ2TkZ57tlcruGRbBfiO5jb7uZ
-----END CERTIFICATE-----