Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/PzE_8e48NSrjuEXwETdW0v6zNSY.roa
File:                     PzE_8e48NSrjuEXwETdW0v6zNSY.roa (raw, json)
Hash identifier:          Gt3prVp6LYLN+xJ8+Sn4cyYMDMXLHyapcc6UlbYLHJY=
Subject key identifier:   3F:31:3F:F1:EE:3C:35:2A:E3:B8:45:F0:11:37:56:D2:FE:B3:35:26
Certificate issuer:       /CN=188f13c9cc14f55ee2220b44976992d11d5de871
Certificate serial:       019B797EE673AB5AE60DE1E6D67E9AF8220E
Authority key identifier: 18:8F:13:C9:CC:14:F5:5E:E2:22:0B:44:97:69:92:D1:1D:5D:E8:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GI8TycwU9V7iIgtEl2mS0R1d6HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/PzE_8e48NSrjuEXwETdW0v6zNSY.roa
Signing time:             Thu 01 Jan 2026 12:18:38 +0000
ROA not before:           Thu 01 Jan 2026 12:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206272
IP address blocks:        171.22.28.0/24 maxlen: 24
                          2a0a:b680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/GI8TycwU9V7iIgtEl2mS0R1d6HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/GI8TycwU9V7iIgtEl2mS0R1d6HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GI8TycwU9V7iIgtEl2mS0R1d6HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:e6:73:ab:5a:e6:0d:e1:e6:d6:7e:9a:f8:22:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=188f13c9cc14f55ee2220b44976992d11d5de871
        Validity
            Not Before: Jan  1 12:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f313ff1ee3c352ae3b845f0113756d2feb33526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:17:28:a8:3e:6a:96:ca:1c:66:5e:bd:5c:dc:
                    96:5a:18:45:a2:a0:d9:d0:55:1e:f0:f6:b7:54:38:
                    3a:70:c3:bf:69:f4:c0:e4:f0:12:e6:51:71:1e:92:
                    63:f7:ee:e2:8a:3e:73:14:d4:6f:ee:7b:aa:e9:a6:
                    ba:2e:c2:32:e5:06:73:98:b0:65:13:7c:12:26:73:
                    33:15:4b:18:c1:b3:0b:60:f3:20:67:df:6c:e0:a8:
                    72:c7:53:97:0c:11:5b:62:c9:0c:6a:bf:ad:63:53:
                    e2:fd:db:e1:a1:c7:eb:a3:55:04:84:5e:9a:8b:4f:
                    5b:c8:62:fe:49:ee:16:d0:64:16:10:37:da:13:b4:
                    bc:6b:2d:06:2a:f3:f6:5b:77:20:bc:d4:86:e3:82:
                    81:d5:c8:04:b1:c8:5e:94:63:80:6a:a0:f0:e6:da:
                    5b:d1:bd:99:11:69:f5:8a:c0:d0:db:58:22:88:f8:
                    1c:8e:90:5d:87:63:0b:0d:52:68:22:d3:a6:c1:33:
                    22:ed:09:fb:87:17:c8:b0:bf:6e:48:04:d4:e4:a9:
                    44:b9:47:b5:6c:f4:b2:dd:b7:3a:a8:08:34:fc:d7:
                    83:fe:75:dc:a3:39:c0:07:8b:47:c1:4f:85:1a:9f:
                    1b:6d:43:97:1f:c5:6d:4d:a3:a6:b5:49:34:59:39:
                    48:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:31:3F:F1:EE:3C:35:2A:E3:B8:45:F0:11:37:56:D2:FE:B3:35:26
            X509v3 Authority Key Identifier:
                keyid:18:8F:13:C9:CC:14:F5:5E:E2:22:0B:44:97:69:92:D1:1D:5D:E8:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GI8TycwU9V7iIgtEl2mS0R1d6HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/PzE_8e48NSrjuEXwETdW0v6zNSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c2cf4c-78e2-49b5-80e7-57b0dcd7e8af/1/GI8TycwU9V7iIgtEl2mS0R1d6HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.28.0/24
                IPv6:
                  2a0a:b680::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:eb:09:66:55:47:9d:00:53:50:97:3b:2b:6f:35:d8:6d:ec:
         60:be:47:26:f9:5d:3f:65:cb:92:b1:0f:87:b8:b6:53:02:5a:
         8b:a0:8d:a5:3f:29:9b:a1:03:c4:18:e0:01:e7:c4:9f:61:8f:
         3a:0e:6f:7f:8a:a6:14:93:7d:78:83:c0:ba:13:42:25:5c:c2:
         db:e8:73:d4:b0:be:64:ce:6d:28:49:9e:05:94:c0:81:58:95:
         29:b3:dd:33:33:66:30:74:f9:33:12:4f:ac:88:72:ac:79:ed:
         70:7c:ba:d9:99:c7:35:aa:b4:2b:b7:a9:f5:f1:94:13:02:37:
         36:2b:19:a1:28:48:f2:c1:6f:99:7c:2a:a7:61:95:b7:04:53:
         fe:07:5d:34:45:cf:66:31:42:b0:29:f1:d7:6d:5c:b8:29:71:
         61:24:ec:c8:1e:70:76:22:c6:a3:7d:74:81:c0:9e:d3:88:93:
         20:88:1d:e1:10:52:53:05:38:fe:3b:21:f3:86:32:0f:31:97:
         ef:25:04:b8:fa:df:0f:5a:64:94:a5:82:ca:21:c7:be:91:53:
         7d:c8:64:16:5b:4d:00:34:45:18:0f:07:55:8f:a1:0c:20:c4:
         b5:58:43:68:04:2e:ed:33:4d:0d:72:1e:37:4b:51:b0:fd:d1:
         4c:5a:fb:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fuZzq1rmDeHm1n6a+CIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OGYxM2M5Y2MxNGY1NWVlMjIyMGI0NDk3Njk5MmQxMWQ1
ZGU4NzEwHhcNMjYwMTAxMTIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjMxM2ZmMWVlM2MzNTJhZTNiODQ1ZjAxMTM3NTZkMmZlYjMzNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBcoqD5qlsocZl69XNyWWhhFoqDZ
0FUe8Pa3VDg6cMO/afTA5PAS5lFxHpJj9+7iij5zFNRv7nuq6aa6LsIy5QZzmLBl
E3wSJnMzFUsYwbMLYPMgZ99s4Khyx1OXDBFbYskMar+tY1Pi/dvhocfro1UEhF6a
i09byGL+Se4W0GQWEDfaE7S8ay0GKvP2W3cgvNSG44KB1cgEschelGOAaqDw5tpb
0b2ZEWn1isDQ21giiPgcjpBdh2MLDVJoItOmwTMi7Qn7hxfIsL9uSATU5KlEuUe1
bPSy3bc6qAg0/NeD/nXcoznAB4tHwU+FGp8bbUOXH8VtTaOmtUk0WTlI+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD8xP/HuPDUq47hF8BE3VtL+szUmMB8GA1UdIwQY
MBaAFBiPE8nMFPVe4iILRJdpktEdXehxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0k4VHljd1U5VjdpSWd0RWwybVMwUjFkNkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9jMmNmNGMtNzhlMi00OWI1LTgwZTct
NTdiMGRjZDdlOGFmLzEvUHpFXzhlNDhOU3JqdUVYd0VUZFcwdjZ6TlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9jMmNmNGMtNzhlMi00OWI1LTgwZTctNTdiMGRjZDdlOGFm
LzEvR0k4VHljd1U5VjdpSWd0RWwybVMwUjFkNkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAqxYcMA0E
AgACMAcDBQMqCraAMA0GCSqGSIb3DQEBCwUAA4IBAQCl6wlmVUedAFNQlzsrbzXY
bexgvkcm+V0/ZcuSsQ+HuLZTAlqLoI2lPymboQPEGOAB58SfYY86Dm9/iqYUk314
g8C6E0IlXMLb6HPUsL5kzm0oSZ4FlMCBWJUps90zM2YwdPkzEk+siHKsee1wfLrZ
mcc1qrQrt6n18ZQTAjc2KxmhKEjywW+ZfCqnYZW3BFP+B100Rc9mMUKwKfHXbVy4
KXFhJOzIHnB2IsajfXSBwJ7TiJMgiB3hEFJTBTj+OyHzhjIPMZfvJQS4+t8PWmSU
pYLKIce+kVN9yGQWW00ANEUYDwdVj6EMIMS1WENoBC7tM00Nch43S1Gw/dFMWvv6
-----END CERTIFICATE-----