Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PqnFRlU3auEehmJGUg7tx1eoOI4.roa
File:                     PqnFRlU3auEehmJGUg7tx1eoOI4.roa (raw, json)
Hash identifier:          y+ZqdFH//nqNia4+WQdWHgb5ondTsBRO27gyrZ9bSK4=
Subject key identifier:   3E:A9:C5:46:55:37:6A:E1:1E:86:62:46:52:0E:ED:C7:57:A8:38:8E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01997B77A957B7DCF914D936C93FEA721FBC
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PqnFRlU3auEehmJGUg7tx1eoOI4.roa
Signing time:             Wed 24 Sep 2025 11:24:23 +0000
ROA not before:           Wed 24 Sep 2025 11:24:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        212.135.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:77:a9:57:b7:dc:f9:14:d9:36:c9:3f:ea:72:1f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep 24 11:24:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ea9c54655376ae11e866246520eedc757a8388e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:21:07:0c:f2:4a:0c:10:b6:ee:fc:55:19:
                    87:da:76:27:d8:4a:b1:8c:f1:07:2a:3c:0c:30:78:
                    e9:fe:12:ad:dd:a5:14:a0:62:e9:f6:ea:db:d3:61:
                    4b:f5:53:90:fb:69:ed:d8:75:b9:01:4f:22:c1:4a:
                    e7:ba:1c:39:c7:cd:94:ad:26:1b:b8:1e:40:d5:dc:
                    c7:16:de:ef:3e:7c:01:11:50:49:f6:fb:b6:94:53:
                    11:b7:91:a6:d0:14:69:b9:17:85:ad:32:b9:6c:e7:
                    26:d9:18:47:d0:c3:ea:4f:76:9c:24:d6:a8:36:d1:
                    c0:e6:3d:ce:ef:ae:12:5c:6b:79:d7:b1:47:d0:c5:
                    1b:94:de:6f:f5:32:a7:67:f0:f1:87:ab:e1:b0:db:
                    1b:16:a5:a3:9f:fd:7c:00:a8:16:1a:b5:ba:ee:47:
                    9c:ee:db:5a:b6:de:ae:7c:81:f9:d2:3c:c6:d0:b7:
                    8e:49:ac:c1:98:2b:b7:76:6b:bf:f7:e5:b8:a0:b2:
                    f7:1d:af:96:26:6a:04:22:b6:f6:c8:1d:d9:98:4a:
                    60:42:fa:1b:71:d0:24:f0:d8:7c:34:0b:e6:ef:df:
                    d1:86:ae:98:be:19:31:9c:f7:6b:c8:83:6d:9a:c7:
                    eb:29:28:a7:d5:5a:08:bd:11:74:fe:9e:5e:0f:62:
                    59:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A9:C5:46:55:37:6A:E1:1E:86:62:46:52:0E:ED:C7:57:A8:38:8E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/PqnFRlU3auEehmJGUg7tx1eoOI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:e7:56:50:91:67:8e:45:f7:75:94:73:4b:9d:20:d0:0f:c1:
         48:1a:4f:b9:cd:32:0e:b8:01:4f:ed:49:8b:9f:62:65:9d:32:
         e4:5a:25:d9:9d:b1:71:7c:c5:e1:d7:6c:ad:95:62:f2:d2:5b:
         c1:95:23:7d:ab:50:30:b3:97:dd:6a:bc:28:f6:43:91:4d:2f:
         75:17:01:ee:2b:2b:59:5a:16:dd:fd:22:6f:35:69:89:06:c8:
         98:ac:04:02:b3:bc:06:d8:12:1a:cb:82:64:f8:5a:f4:0d:49:
         63:dc:76:ac:c0:e2:92:2c:c2:e2:9d:c9:39:6b:ea:bf:21:f6:
         38:37:9f:78:40:12:0f:af:d7:d1:e4:57:53:29:19:64:d9:15:
         97:74:f5:25:8e:99:8f:21:73:7a:35:c4:b6:64:fd:34:2c:9a:
         51:c7:a7:eb:d2:25:2f:3c:81:7e:cd:fe:bb:91:b5:6d:9f:84:
         98:88:fd:11:89:06:3f:1b:14:dd:bc:9d:88:a4:d2:f3:45:73:
         a9:b8:a3:88:27:2d:20:08:82:d2:7c:f9:79:d1:42:b8:b6:7f:
         03:55:08:e3:61:f7:df:19:df:af:2a:c7:ba:55:94:c8:96:a9:
         99:b4:81:ca:0e:ef:62:d9:41:19:c6:7d:74:8a:ca:9c:44:d8:
         08:10:8f:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7d6lXt9z5FNk2yT/qch+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTI0MTEyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWE5YzU0NjU1Mzc2YWUxMWU4NjYyNDY1MjBlZWRjNzU3YTgzODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdAhBwzySgwQtu78VRmH2nYn2Eqx
jPEHKjwMMHjp/hKt3aUUoGLp9urb02FL9VOQ+2nt2HW5AU8iwUrnuhw5x82UrSYb
uB5A1dzHFt7vPnwBEVBJ9vu2lFMRt5Gm0BRpuReFrTK5bOcm2RhH0MPqT3acJNao
NtHA5j3O764SXGt517FH0MUblN5v9TKnZ/Dxh6vhsNsbFqWjn/18AKgWGrW67kec
7ttatt6ufIH50jzG0LeOSazBmCu3dmu/9+W4oLL3Ha+WJmoEIrb2yB3ZmEpgQvob
cdAk8Nh8NAvm79/Rhq6YvhkxnPdryINtmsfrKSin1VoIvRF0/p5eD2JZXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6pxUZVN2rhHoZiRlIO7cdXqDiOMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUHFuRlJsVTNhdUVlaG1KR1VnN3R4MWVvT0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IejMA0G
CSqGSIb3DQEBCwUAA4IBAQAm51ZQkWeORfd1lHNLnSDQD8FIGk+5zTIOuAFP7UmL
n2JlnTLkWiXZnbFxfMXh12ytlWLy0lvBlSN9q1Aws5fdarwo9kORTS91FwHuKytZ
Whbd/SJvNWmJBsiYrAQCs7wG2BIay4Jk+Fr0DUlj3HaswOKSLMLinck5a+q/IfY4
N594QBIPr9fR5FdTKRlk2RWXdPUljpmPIXN6NcS2ZP00LJpRx6fr0iUvPIF+zf67
kbVtn4SYiP0RiQY/GxTdvJ2IpNLzRXOpuKOIJy0gCILSfPl50UK4tn8DVQjjYfff
Gd+vKse6VZTIlqmZtIHKDu9i2UEZxn10isqcRNgIEI9L
-----END CERTIFICATE-----