Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/PvWEdvUsvJApSHZ3R-d_9QNSJq0.roa
File:                     PvWEdvUsvJApSHZ3R-d_9QNSJq0.roa (raw, json)
Hash identifier:          xYfcRYRBET48veMPHeKzunQfZ4kzm7AxzpSV80PqYl4=
Subject key identifier:   3E:F5:84:76:F5:2C:BC:90:29:48:76:77:47:E7:7F:F5:03:52:26:AD
Certificate issuer:       /CN=38183150af290d0f6d25b036136f1cbf6b0f17c9
Certificate serial:       019B7C12A817BC35BF7E4186C285586558AC
Authority key identifier: 38:18:31:50:AF:29:0D:0F:6D:25:B0:36:13:6F:1C:BF:6B:0F:17:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBgxUK8pDQ9tJbA2E28cv2sPF8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/PvWEdvUsvJApSHZ3R-d_9QNSJq0.roa
Signing time:             Fri 02 Jan 2026 00:19:16 +0000
ROA not before:           Fri 02 Jan 2026 00:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213421
IP address blocks:        194.117.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/OBgxUK8pDQ9tJbA2E28cv2sPF8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/OBgxUK8pDQ9tJbA2E28cv2sPF8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OBgxUK8pDQ9tJbA2E28cv2sPF8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:a8:17:bc:35:bf:7e:41:86:c2:85:58:65:58:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38183150af290d0f6d25b036136f1cbf6b0f17c9
        Validity
            Not Before: Jan  2 00:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ef58476f52cbc902948767747e77ff5035226ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fc:79:1c:c5:2c:49:73:7c:9d:e0:9b:60:41:
                    14:b7:7c:3f:ad:01:42:99:fc:1e:0c:5f:52:45:a4:
                    a3:74:f2:90:9d:30:87:35:26:86:89:a8:1d:79:0a:
                    77:17:c8:50:28:eb:23:0b:de:49:98:8b:9a:a8:e3:
                    64:b0:98:74:da:ef:12:ca:a5:ca:76:6e:d4:45:d1:
                    36:bc:fb:6c:3e:55:cb:1f:1c:8f:58:63:9c:7e:3d:
                    09:d7:82:d0:89:87:48:f5:49:cf:89:ee:2b:e8:70:
                    a5:94:3c:a2:76:7b:cd:f9:46:7a:2d:0d:94:b3:0d:
                    10:86:99:bf:54:25:4b:0d:d9:36:87:d3:c6:ce:60:
                    b6:22:d8:69:f7:fd:1b:49:b5:30:68:23:a8:91:f7:
                    d3:b4:3d:89:7e:33:92:93:66:59:d9:a4:8b:18:fa:
                    58:59:b1:38:ee:32:34:6b:4b:9c:30:fe:3c:7e:f9:
                    7d:2c:a6:71:7d:36:37:35:68:96:7c:d1:a0:17:12:
                    ed:1e:60:0c:05:d9:c2:df:63:b3:a0:83:fe:a8:a6:
                    48:15:c1:34:c7:38:5f:f6:a1:bc:a8:3d:1d:10:05:
                    99:f4:f2:4d:35:0d:b6:b7:0c:99:26:2e:e2:e2:00:
                    fb:9a:12:84:df:58:32:4e:11:bc:57:06:32:a0:d7:
                    5f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F5:84:76:F5:2C:BC:90:29:48:76:77:47:E7:7F:F5:03:52:26:AD
            X509v3 Authority Key Identifier:
                keyid:38:18:31:50:AF:29:0D:0F:6D:25:B0:36:13:6F:1C:BF:6B:0F:17:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBgxUK8pDQ9tJbA2E28cv2sPF8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/PvWEdvUsvJApSHZ3R-d_9QNSJq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/59907f-7e5f-4d8a-acf2-7720d82f8345/1/OBgxUK8pDQ9tJbA2E28cv2sPF8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:25:37:b8:fa:19:14:0c:75:46:3f:dd:9b:c5:33:0f:60:af:
         fe:91:3f:5c:88:78:c8:66:93:be:f9:4d:c3:5e:8d:32:af:1e:
         b1:33:f7:35:17:e9:87:fd:e8:85:d7:38:b0:2b:c1:3a:57:a8:
         30:ec:3f:ed:7f:05:6a:51:06:b3:08:9f:39:5d:c4:94:f4:37:
         f7:0d:55:7e:4a:7a:5e:0e:61:d8:d9:db:fb:74:68:14:4f:71:
         6b:b1:85:e3:b7:c8:46:ca:d7:f5:21:7f:3c:95:fc:51:2e:c5:
         cf:d1:bd:18:5c:1d:1e:6b:ec:7b:25:8b:dd:6c:7a:35:aa:e0:
         e4:a2:72:ba:c9:ad:88:1b:e8:ac:f3:64:6b:88:4f:cb:33:57:
         f8:13:e4:c7:cf:6d:0e:d2:b1:8a:3d:70:35:40:22:2c:5c:f7:
         bb:12:24:6c:e1:f4:c0:67:02:20:67:22:0d:37:1b:5f:dc:55:
         f6:3e:7b:09:2a:83:ad:44:27:86:94:0e:18:b9:da:df:95:c5:
         72:b0:50:5e:fc:13:3e:d0:8e:de:e5:dd:7a:46:ec:6f:9d:ce:
         14:b9:2d:31:cc:05:ab:5c:80:53:ff:74:6a:44:2e:9d:89:bb:
         9e:f6:b0:fe:68:19:a0:82:ab:8f:c9:71:89:9b:08:fa:fa:90:
         ef:d6:02:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EqgXvDW/fkGGwoVYZVisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTgzMTUwYWYyOTBkMGY2ZDI1YjAzNjEzNmYxY2JmNmIw
ZjE3YzkwHhcNMjYwMTAyMDAxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY1ODQ3NmY1MmNiYzkwMjk0ODc2Nzc0N2U3N2ZmNTAzNTIyNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPx5HMUsSXN8neCbYEEUt3w/rQFC
mfweDF9SRaSjdPKQnTCHNSaGiagdeQp3F8hQKOsjC95JmIuaqONksJh02u8SyqXK
dm7URdE2vPtsPlXLHxyPWGOcfj0J14LQiYdI9UnPie4r6HCllDyidnvN+UZ6LQ2U
sw0Qhpm/VCVLDdk2h9PGzmC2Ithp9/0bSbUwaCOokffTtD2JfjOSk2ZZ2aSLGPpY
WbE47jI0a0ucMP48fvl9LKZxfTY3NWiWfNGgFxLtHmAMBdnC32OzoIP+qKZIFcE0
xzhf9qG8qD0dEAWZ9PJNNQ22twyZJi7i4gD7mhKE31gyThG8VwYyoNdfCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD71hHb1LLyQKUh2d0fnf/UDUiatMB8GA1UdIwQY
MBaAFDgYMVCvKQ0PbSWwNhNvHL9rDxfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JneFVLOHBEUTl0SmJBMkUyOGN2MnNQRjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS81OTkwN2YtN2U1Zi00ZDhhLWFjZjIt
NzcyMGQ4MmY4MzQ1LzEvUHZXRWR2VXN2SkFwU0haM1ItZF85UU5TSnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS81OTkwN2YtN2U1Zi00ZDhhLWFjZjItNzcyMGQ4MmY4MzQ1
LzEvT0JneFVLOHBEUTl0SmJBMkUyOGN2MnNQRjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnVMMA0G
CSqGSIb3DQEBCwUAA4IBAQALJTe4+hkUDHVGP92bxTMPYK/+kT9ciHjIZpO++U3D
Xo0yrx6xM/c1F+mH/eiF1ziwK8E6V6gw7D/tfwVqUQazCJ85XcSU9Df3DVV+Snpe
DmHY2dv7dGgUT3FrsYXjt8hGytf1IX88lfxRLsXP0b0YXB0ea+x7JYvdbHo1quDk
onK6ya2IG+is82RriE/LM1f4E+THz20O0rGKPXA1QCIsXPe7EiRs4fTAZwIgZyIN
Nxtf3FX2PnsJKoOtRCeGlA4YudrflcVysFBe/BM+0I7e5d16Ruxvnc4UuS0xzAWr
XIBT/3RqRC6dibue9rD+aBmggquPyXGJmwj6+pDv1gLt
-----END CERTIFICATE-----