Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/PmWybA9-N8dc8PEujc3ISmvp274.roa
File:                     PmWybA9-N8dc8PEujc3ISmvp274.roa (raw, json)
Hash identifier:          RlrXWXlyD6hg5OOiK56C8Z6t9rRYFEPrd9C1t8eKLHU=
Subject key identifier:   3E:65:B2:6C:0F:7E:37:C7:5C:F0:F1:2E:8D:CD:C8:4A:6B:E9:DB:BE
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       0199BCF2A334D84F2650BF8FF1C8001E87F2
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/PmWybA9-N8dc8PEujc3ISmvp274.roa
Signing time:             Tue 07 Oct 2025 04:34:02 +0000
ROA not before:           Tue 07 Oct 2025 04:34:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        194.246.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bc:f2:a3:34:d8:4f:26:50:bf:8f:f1:c8:00:1e:87:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Oct  7 04:34:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e65b26c0f7e37c75cf0f12e8dcdc84a6be9dbbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6b:2a:54:9a:9b:6f:fe:d9:5e:93:44:6f:96:
                    16:80:b7:a3:58:85:0b:eb:ad:e0:ad:ba:8c:58:ce:
                    48:63:f3:1b:6e:16:be:d3:ec:6f:dc:ba:00:bf:a3:
                    8c:94:63:3f:c4:86:fc:86:82:5c:10:c7:47:95:4f:
                    91:e1:67:6c:a0:98:0b:00:6b:15:ce:14:0a:4e:7b:
                    12:9e:bc:e3:be:c0:77:ee:0c:e0:af:5a:91:60:ed:
                    32:ea:9f:5b:8e:af:5d:af:df:70:e8:20:ca:aa:5f:
                    db:b6:26:1a:8a:d0:d4:de:37:5c:b4:ed:b5:2c:7d:
                    09:c2:4d:74:71:a9:4d:17:39:d9:a7:37:40:d8:f3:
                    5c:8d:d8:91:ba:03:ba:e2:af:6b:7f:96:48:d0:8d:
                    45:cb:63:bf:cf:d3:ed:f8:c9:04:fa:85:f0:81:bd:
                    b5:20:e4:58:5e:d7:bc:8b:f3:07:6e:73:15:e0:23:
                    c8:74:aa:63:b5:67:1c:35:3a:bc:c9:8e:6e:ad:53:
                    12:a9:c4:2d:7d:0e:6b:0e:78:38:0d:10:d3:9e:88:
                    22:7a:5a:a7:e5:d5:04:01:a2:ff:cc:42:d4:3a:9d:
                    6e:36:39:e4:18:b7:c9:74:74:39:f8:d6:e7:31:e8:
                    22:d1:f0:a7:0a:cb:b7:1e:79:fc:df:f5:25:5a:c5:
                    18:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:65:B2:6C:0F:7E:37:C7:5C:F0:F1:2E:8D:CD:C8:4A:6B:E9:DB:BE
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/PmWybA9-N8dc8PEujc3ISmvp274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:22:21:72:a3:0d:6a:f3:b1:79:7c:8a:7f:79:07:f3:7f:d7:
         53:a4:b7:c6:ca:67:b5:aa:e4:8e:1e:35:3c:9a:3c:e2:84:ed:
         13:13:3b:5d:42:46:38:7b:d0:a5:f1:f1:2d:f8:67:b7:05:de:
         a5:6e:d5:3a:e3:aa:d1:27:b9:0a:77:91:40:c5:8d:9b:ce:29:
         ff:1f:85:b0:23:ab:15:1d:91:9b:7c:25:f6:b2:b3:9f:a8:67:
         d2:fd:1f:1a:a1:a8:28:49:6b:24:01:f8:a1:f1:c6:d6:2a:27:
         df:cb:63:52:9d:40:26:b2:10:0e:8f:fa:ef:3b:64:72:cd:cd:
         7c:89:cf:07:fa:a5:f9:03:3c:7c:ee:83:08:3c:b4:a4:48:06:
         9f:b6:ec:5d:90:6d:7e:f1:34:4d:a1:ac:32:69:99:33:28:c4:
         73:79:dc:e4:63:c5:88:8d:5f:3d:af:2a:79:ba:a0:1b:db:d3:
         07:9d:81:57:9a:26:67:25:a8:cd:2a:cd:f8:e8:d9:e3:da:0c:
         b2:df:41:a3:35:4f:71:a7:8d:fb:57:3d:7f:47:f8:d3:a5:e0:
         3f:38:25:b0:fb:22:5f:60:e5:d8:89:fe:c6:b3:d3:9e:92:14:
         b0:11:34:a1:c3:d6:13:f2:1d:5f:bf:31:68:64:8c:46:85:16:
         8c:19:43:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm88qM02E8mUL+P8cgAHofyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjUxMDA3MDQzNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTY1YjI2YzBmN2UzN2M3NWNmMGYxMmU4ZGNkYzg0YTZiZTlkYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWsqVJqbb/7ZXpNEb5YWgLejWIUL
663grbqMWM5IY/Mbbha+0+xv3LoAv6OMlGM/xIb8hoJcEMdHlU+R4WdsoJgLAGsV
zhQKTnsSnrzjvsB37gzgr1qRYO0y6p9bjq9dr99w6CDKql/btiYaitDU3jdctO21
LH0Jwk10calNFznZpzdA2PNcjdiRugO64q9rf5ZI0I1Fy2O/z9Pt+MkE+oXwgb21
IORYXte8i/MHbnMV4CPIdKpjtWccNTq8yY5urVMSqcQtfQ5rDng4DRDTnogielqn
5dUEAaL/zELUOp1uNjnkGLfJdHQ5+NbnMegi0fCnCsu3Hnn83/UlWsUYIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5lsmwPfjfHXPDxLo3NyEpr6du+MB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEvUG1XeWJBOS1OOGRjOFBFdWpjM0lTbXZwMjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYkMA0G
CSqGSIb3DQEBCwUAA4IBAQCbIiFyow1q87F5fIp/eQfzf9dTpLfGyme1quSOHjU8
mjzihO0TEztdQkY4e9Cl8fEt+Ge3Bd6lbtU646rRJ7kKd5FAxY2bzin/H4WwI6sV
HZGbfCX2srOfqGfS/R8aoagoSWskAfih8cbWKiffy2NSnUAmshAOj/rvO2Ryzc18
ic8H+qX5Azx87oMIPLSkSAaftuxdkG1+8TRNoawyaZkzKMRzedzkY8WIjV89ryp5
uqAb29MHnYFXmiZnJajNKs346Nnj2gyy30GjNU9xp437Vz1/R/jTpeA/OCWw+yJf
YOXYif7Gs9OekhSwETShw9YT8h1fvzFoZIxGhRaMGUNF
-----END CERTIFICATE-----