Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PJ7ZW-VS2IiClcWaTPwNFcuexG4.roa
File:                     PJ7ZW-VS2IiClcWaTPwNFcuexG4.roa (raw, json)
Hash identifier:          dAx7hZvIGQhPdkt+h8cEOk+ermWGLJsdJOZUtRvGcSM=
Subject key identifier:   3C:9E:D9:5B:E5:52:D8:88:82:95:C5:9A:4C:FC:0D:15:CB:9E:C4:6E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E15D010A62808B8CB6F350FAD9952B1F4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PJ7ZW-VS2IiClcWaTPwNFcuexG4.roa
Signing time:             Mon 11 May 2026 06:53:37 +0000
ROA not before:           Mon 11 May 2026 06:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        80.240.90.0/24 maxlen: 24
                          81.168.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:d0:10:a6:28:08:b8:cb:6f:35:0f:ad:99:52:b1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 11 06:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c9ed95be552d8888295c59a4cfc0d15cb9ec46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:49:d0:fc:ae:b8:b3:20:43:c5:b7:f1:63:37:
                    78:40:52:9c:a3:10:dc:74:7b:6f:fb:2d:c0:93:5d:
                    50:a8:c2:1b:f1:cc:e8:18:a4:03:98:c8:e3:f4:02:
                    d3:2f:0d:43:44:65:79:26:b3:59:df:7f:85:c9:e2:
                    d2:bd:f8:4b:52:a0:0a:25:7b:4d:95:91:30:92:e3:
                    f6:c5:35:f4:8e:40:83:96:d2:9a:35:67:58:e1:28:
                    cb:3d:43:c4:25:12:cc:e6:22:b4:03:42:8e:41:3b:
                    d1:94:38:77:df:45:fa:ea:f0:87:ea:66:46:b0:b0:
                    99:e0:41:42:08:a9:bf:2c:fd:c5:1f:85:c4:e4:45:
                    ed:af:a3:f0:3a:b8:58:7d:bd:24:8a:c3:25:73:9f:
                    17:cb:26:4c:5a:85:38:3b:86:4e:a7:28:b0:b8:60:
                    7c:9c:ec:25:73:13:a3:89:48:b7:6e:4d:43:13:25:
                    5d:87:00:71:53:1b:1c:e7:fb:dd:18:e9:3d:71:b3:
                    77:99:88:98:47:9b:51:d4:05:95:79:aa:40:ec:ed:
                    d0:cc:27:e3:3d:c2:0b:83:00:a0:64:95:e5:b6:51:
                    1f:ed:56:ef:d3:26:94:c2:16:77:89:85:c6:a2:fa:
                    37:7d:4a:33:03:4c:97:f0:a6:c5:bf:9c:d9:7a:52:
                    ce:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:9E:D9:5B:E5:52:D8:88:82:95:C5:9A:4C:FC:0D:15:CB:9E:C4:6E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PJ7ZW-VS2IiClcWaTPwNFcuexG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.90.0/24
                  81.168.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:23:29:ca:9b:1e:f8:f6:18:82:dd:be:bd:9e:36:25:a0:aa:
         90:b6:45:be:a1:c5:70:be:13:a7:99:6d:89:53:c8:b0:cf:1e:
         2f:2a:4f:a2:84:6d:75:35:15:10:15:79:08:60:3f:5a:33:1a:
         0c:a0:10:1d:d4:ad:bc:aa:b1:19:22:1b:00:63:3b:03:4a:1d:
         ed:69:b1:77:86:b8:aa:63:f8:e3:3c:0b:76:41:2f:b7:2d:30:
         d3:08:27:4a:eb:a4:f0:0a:5d:67:e4:2a:de:61:65:de:53:e3:
         0d:d5:f7:59:e1:3f:19:ce:23:55:3d:3c:25:2b:b1:37:f5:41:
         4a:19:be:40:fc:c4:d2:63:7c:7d:23:cb:34:68:17:1f:1b:10:
         15:28:a3:28:01:8d:03:f2:5b:3e:16:e1:5f:27:c5:ab:01:72:
         40:35:b6:6a:14:30:23:15:15:dd:50:a9:25:19:b3:75:e0:02:
         64:94:43:12:e3:83:f6:f4:3e:73:91:5c:22:ae:89:f8:2b:e4:
         1b:30:82:bf:66:95:e7:42:5f:e8:bb:63:39:5a:8d:09:c7:7d:
         df:c9:79:39:68:30:6b:6a:a8:15:b3:d1:1b:45:4d:29:e1:d8:
         fb:f0:57:6d:9f:60:08:8e:28:b0:74:2b:a2:cd:2e:e7:0a:d1:
         a4:7e:05:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4V0BCmKAi4y281D62ZUrH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTExMDY1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzllZDk1YmU1NTJkODg4ODI5NWM1OWE0Y2ZjMGQxNWNiOWVjNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUnQ/K64syBDxbfxYzd4QFKcoxDc
dHtv+y3Ak11QqMIb8czoGKQDmMjj9ALTLw1DRGV5JrNZ33+FyeLSvfhLUqAKJXtN
lZEwkuP2xTX0jkCDltKaNWdY4SjLPUPEJRLM5iK0A0KOQTvRlDh330X66vCH6mZG
sLCZ4EFCCKm/LP3FH4XE5EXtr6PwOrhYfb0kisMlc58XyyZMWoU4O4ZOpyiwuGB8
nOwlcxOjiUi3bk1DEyVdhwBxUxsc5/vdGOk9cbN3mYiYR5tR1AWVeapA7O3QzCfj
PcILgwCgZJXltlEf7Vbv0yaUwhZ3iYXGovo3fUozA0yX8KbFv5zZelLOmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDye2VvlUtiIgpXFmkz8DRXLnsRuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUEo3WlctVlMySWlDbGNXYVRQd05GY3VleEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPBaAwQA
UaggMA0GCSqGSIb3DQEBCwUAA4IBAQCXIynKmx749hiC3b69njYloKqQtkW+ocVw
vhOnmW2JU8iwzx4vKk+ihG11NRUQFXkIYD9aMxoMoBAd1K28qrEZIhsAYzsDSh3t
abF3hriqY/jjPAt2QS+3LTDTCCdK66TwCl1n5CreYWXeU+MN1fdZ4T8ZziNVPTwl
K7E39UFKGb5A/MTSY3x9I8s0aBcfGxAVKKMoAY0D8ls+FuFfJ8WrAXJANbZqFDAj
FRXdUKklGbN14AJklEMS44P29D5zkVwiron4K+QbMIK/ZpXnQl/ou2M5Wo0Jx33f
yXk5aDBraqgVs9EbRU0p4dj78Fdtn2AIjiiwdCuizS7nCtGkfgVd
-----END CERTIFICATE-----