Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/PF6_QJj8YRzBUWzRDIQ4t1IPmnA.roa
File:                     PF6_QJj8YRzBUWzRDIQ4t1IPmnA.roa (raw, json)
Hash identifier:          h6piPoUmp38AjHoQiX6p9iBQOr+oUtxb1p4/tf2CUQ4=
Subject key identifier:   3C:5E:BF:40:98:FC:61:1C:C1:51:6C:D1:0C:84:38:B7:52:0F:9A:70
Certificate issuer:       /CN=e0370ab714db08f478d393d128274891b7932952
Certificate serial:       019C9FC2723C0E7F4A622D02B8CA7371369A
Authority key identifier: E0:37:0A:B7:14:DB:08:F4:78:D3:93:D1:28:27:48:91:B7:93:29:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4DcKtxTbCPR405PRKCdIkbeTKVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/PF6_QJj8YRzBUWzRDIQ4t1IPmnA.roa
Signing time:             Fri 27 Feb 2026 15:40:46 +0000
ROA not before:           Fri 27 Feb 2026 15:40:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51159
IP address blocks:        194.187.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/4DcKtxTbCPR405PRKCdIkbeTKVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/4DcKtxTbCPR405PRKCdIkbeTKVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4DcKtxTbCPR405PRKCdIkbeTKVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:c2:72:3c:0e:7f:4a:62:2d:02:b8:ca:73:71:36:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0370ab714db08f478d393d128274891b7932952
        Validity
            Not Before: Feb 27 15:40:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c5ebf4098fc611cc1516cd10c8438b7520f9a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2c:09:8d:67:f2:08:ad:48:b5:64:b8:82:bd:
                    59:b1:40:7c:0b:a7:1f:b6:0b:83:06:1f:41:5e:ce:
                    60:d9:d9:0b:88:63:65:fd:c3:16:a8:a6:c7:a7:fe:
                    87:22:50:29:ea:7c:e2:15:54:a9:12:5a:37:f6:a4:
                    71:e4:d5:e8:fd:93:63:c0:c3:69:d2:54:0c:ce:74:
                    f5:d4:af:d1:30:ea:74:3b:82:06:27:d0:56:4a:26:
                    dc:b6:59:8c:5e:b8:1d:a4:20:dd:62:61:62:78:a8:
                    eb:07:f7:6f:64:98:03:12:8e:b4:73:df:26:d3:ee:
                    f8:86:9d:06:7c:27:51:91:8b:18:fd:76:c8:bb:5b:
                    9f:fc:3a:aa:b9:29:14:d4:72:52:f6:09:c3:02:3f:
                    ec:cb:d2:8b:09:f4:ec:32:ab:46:49:1c:6c:8c:7a:
                    18:08:88:fb:aa:c5:3f:9a:a9:a2:5c:5e:b3:1d:24:
                    ab:b7:be:cd:98:7a:52:6a:f1:fc:51:8a:7b:9e:40:
                    d8:42:b5:b4:24:b8:22:e1:c6:7c:49:a1:51:65:8c:
                    cf:67:39:3a:b8:b4:18:8b:54:18:95:e7:04:a8:a0:
                    28:6d:8f:15:66:23:19:c5:d8:5e:2a:d6:35:01:c6:
                    5a:41:19:6e:9e:2f:75:b1:aa:a9:39:f8:07:07:c8:
                    95:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:5E:BF:40:98:FC:61:1C:C1:51:6C:D1:0C:84:38:B7:52:0F:9A:70
            X509v3 Authority Key Identifier:
                keyid:E0:37:0A:B7:14:DB:08:F4:78:D3:93:D1:28:27:48:91:B7:93:29:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4DcKtxTbCPR405PRKCdIkbeTKVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/PF6_QJj8YRzBUWzRDIQ4t1IPmnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/441e9e-5efb-43f8-991a-ed6885ca5679/1/4DcKtxTbCPR405PRKCdIkbeTKVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:50:c9:f8:79:28:ac:32:1f:b5:a2:c4:63:2e:c3:2e:1c:64:
         21:91:72:cc:1d:db:9e:9d:b0:22:51:f9:a8:b1:84:ec:96:86:
         7e:c5:80:3c:0d:41:81:9e:04:e6:42:17:c8:30:49:ab:37:ef:
         de:38:57:3d:66:19:de:19:eb:47:2d:5c:d2:8b:de:95:91:85:
         aa:c5:0c:41:08:ee:33:f4:5f:ae:2d:61:2b:d3:60:52:25:8d:
         54:8e:fd:61:25:92:b5:37:69:70:b1:db:0b:a5:fb:37:2a:74:
         60:41:67:63:26:c7:11:55:54:bb:80:74:67:0b:7b:8f:d0:f7:
         69:c3:d9:ef:90:16:c0:df:94:4c:33:bd:34:4b:6d:b1:7e:ce:
         04:a5:79:a0:86:0e:c7:f5:13:8d:cb:32:fa:d3:a4:94:85:be:
         4a:b0:b3:08:e6:e1:67:1b:9b:42:4d:30:28:d1:cc:56:cf:3d:
         d6:ea:a3:a4:62:3f:cb:d9:c3:7d:13:d7:87:5a:8c:34:17:3f:
         7f:fd:b5:2f:aa:16:37:ca:b0:5f:cd:c0:5c:24:e0:de:3e:e4:
         79:ab:eb:79:f9:68:c7:5c:d2:fc:34:80:36:87:96:e4:d0:0f:
         1f:1a:a5:ac:e0:47:6c:82:3a:91:40:5f:52:15:b9:58:06:f5:
         59:5e:85:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyfwnI8Dn9KYi0CuMpzcTaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMzcwYWI3MTRkYjA4ZjQ3OGQzOTNkMTI4Mjc0ODkxYjc5
MzI5NTIwHhcNMjYwMjI3MTU0MDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzVlYmY0MDk4ZmM2MTFjYzE1MTZjZDEwYzg0MzhiNzUyMGY5YTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApywJjWfyCK1ItWS4gr1ZsUB8C6cf
tguDBh9BXs5g2dkLiGNl/cMWqKbHp/6HIlAp6nziFVSpElo39qRx5NXo/ZNjwMNp
0lQMznT11K/RMOp0O4IGJ9BWSibctlmMXrgdpCDdYmFieKjrB/dvZJgDEo60c98m
0+74hp0GfCdRkYsY/XbIu1uf/DqquSkU1HJS9gnDAj/sy9KLCfTsMqtGSRxsjHoY
CIj7qsU/mqmiXF6zHSSrt77NmHpSavH8UYp7nkDYQrW0JLgi4cZ8SaFRZYzPZzk6
uLQYi1QYlecEqKAobY8VZiMZxdheKtY1AcZaQRluni91saqpOfgHB8iVswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxev0CY/GEcwVFs0QyEOLdSD5pwMB8GA1UdIwQY
MBaAFOA3CrcU2wj0eNOT0SgnSJG3kylSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNERjS3R4VGJDUFI0MDVQUktDZElrYmVUS1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80NDFlOWUtNWVmYi00M2Y4LTk5MWEt
ZWQ2ODg1Y2E1Njc5LzEvUEY2X1FKajhZUnpCVVd6UkRJUTR0MUlQbW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80NDFlOWUtNWVmYi00M2Y4LTk5MWEtZWQ2ODg1Y2E1Njc5
LzEvNERjS3R4VGJDUFI0MDVQUktDZElrYmVUS1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrv8MA0G
CSqGSIb3DQEBCwUAA4IBAQBqUMn4eSisMh+1osRjLsMuHGQhkXLMHduenbAiUfmo
sYTsloZ+xYA8DUGBngTmQhfIMEmrN+/eOFc9ZhneGetHLVzSi96VkYWqxQxBCO4z
9F+uLWEr02BSJY1Ujv1hJZK1N2lwsdsLpfs3KnRgQWdjJscRVVS7gHRnC3uP0Pdp
w9nvkBbA35RMM700S22xfs4EpXmghg7H9RONyzL606SUhb5KsLMI5uFnG5tCTTAo
0cxWzz3W6qOkYj/L2cN9E9eHWow0Fz9//bUvqhY3yrBfzcBcJODePuR5q+t5+WjH
XNL8NIA2h5bk0A8fGqWs4EdsgjqRQF9SFblYBvVZXoXY
-----END CERTIFICATE-----