Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/Pzk4TDA-h9RVuxch0U3icXkl6Rw.roa
File:                     Pzk4TDA-h9RVuxch0U3icXkl6Rw.roa (raw, json)
Hash identifier:          oUr86fQqVuN8AdhLCsQUi45dZ5KEwK640rHZ20VyoXs=
Subject key identifier:   3F:39:38:4C:30:3E:87:D4:55:BB:17:21:D1:4D:E2:71:79:25:E9:1C
Certificate issuer:       /CN=e7d19a8fd98541ed89170a90401977a4be0bec37
Certificate serial:       019CDC6FA7A1D8FCC7BDF36D25E4642FC0C4
Authority key identifier: E7:D1:9A:8F:D9:85:41:ED:89:17:0A:90:40:19:77:A4:BE:0B:EC:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/Pzk4TDA-h9RVuxch0U3icXkl6Rw.roa
Signing time:             Wed 11 Mar 2026 10:27:10 +0000
ROA not before:           Wed 11 Mar 2026 10:27:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43341
IP address blocks:        45.141.38.0/23 maxlen: 23
                          95.156.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:6f:a7:a1:d8:fc:c7:bd:f3:6d:25:e4:64:2f:c0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d19a8fd98541ed89170a90401977a4be0bec37
        Validity
            Not Before: Mar 11 10:27:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f39384c303e87d455bb1721d14de2717925e91c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1e:43:1c:e5:91:d4:c4:eb:d1:2b:b3:11:a5:
                    21:2c:62:47:44:31:ca:8e:da:c2:4f:d0:81:c4:38:
                    57:60:ec:2e:83:e0:f3:12:47:3c:e6:48:05:1b:87:
                    b3:89:94:39:f3:7f:20:3f:7c:ec:ff:80:4d:2a:27:
                    0e:e1:21:7f:9c:b8:25:64:b8:a3:b7:53:53:7d:45:
                    70:db:8b:4c:ba:b5:db:76:15:cf:c1:33:07:2d:8f:
                    7f:aa:1d:1f:f7:44:b6:f1:28:df:3b:f6:7a:16:db:
                    d8:b6:ce:c3:be:c9:e4:e5:12:ce:74:66:84:c7:87:
                    b2:87:be:a1:ad:06:02:2d:c9:65:02:ac:5d:04:31:
                    9b:fd:d0:aa:d2:8d:fa:a5:d2:4d:14:69:c2:58:77:
                    f7:83:a6:13:e6:16:b4:f9:12:cb:78:04:d9:39:f4:
                    9c:33:c0:82:a3:40:19:a7:cc:51:6f:b7:b8:d9:db:
                    f0:dd:1d:0d:cd:b9:94:17:52:52:dd:41:2d:ed:eb:
                    2e:d0:db:65:47:21:29:ff:fa:43:38:24:ed:3b:31:
                    e9:e8:21:5c:fe:f5:40:d7:1f:8a:2a:81:24:ee:75:
                    55:ec:3e:cb:5a:12:c2:b0:08:e5:c1:68:27:fe:0c:
                    64:7a:84:6a:12:d3:57:28:ac:b6:d9:65:62:86:5b:
                    d9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:39:38:4C:30:3E:87:D4:55:BB:17:21:D1:4D:E2:71:79:25:E9:1C
            X509v3 Authority Key Identifier:
                keyid:E7:D1:9A:8F:D9:85:41:ED:89:17:0A:90:40:19:77:A4:BE:0B:EC:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/Pzk4TDA-h9RVuxch0U3icXkl6Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62da3-bc4f-47b0-bc9f-b42a418b3036/1/59Gaj9mFQe2JFwqQQBl3pL4L7Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.38.0/23
                  95.156.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:71:c8:ee:b9:1b:da:20:06:c1:18:b7:ad:67:6f:b7:d6:79:
         91:e7:d0:7d:f0:a0:7c:34:85:3f:ad:c8:83:77:fd:a9:25:68:
         64:d9:06:9c:16:93:11:49:7a:03:6e:0b:53:b2:b3:30:68:e3:
         38:78:48:4f:6b:6a:ef:ef:40:35:1e:ca:a0:52:12:db:fd:47:
         e5:16:03:82:1f:ef:a2:30:83:bf:00:0d:4c:c7:38:e6:43:7e:
         87:a3:9c:bf:65:a0:94:bf:da:ad:45:3f:39:12:1a:f1:72:9e:
         a3:72:b8:e4:b1:5a:54:3d:16:74:aa:84:8b:c2:10:13:8c:ae:
         e4:80:ff:cc:0f:0f:4f:63:a3:22:cd:f2:42:41:48:52:06:78:
         4b:65:e8:f3:42:bc:85:24:9d:03:1a:9e:e9:79:a4:42:61:2a:
         6e:7a:09:1b:96:be:30:95:c8:db:b4:8e:ff:13:54:63:60:ef:
         55:23:54:09:47:11:0e:c0:28:69:b9:10:80:c4:1e:ec:a9:6a:
         53:77:df:a2:08:c9:08:2f:2c:f1:28:86:62:8f:95:a3:54:0c:
         c2:24:f0:12:3c:fc:4c:d7:12:72:8e:ab:5f:ca:5d:25:7c:8d:
         1c:d4:0b:d1:ea:44:0a:76:9c:1f:29:d5:77:da:24:e7:a3:a7:
         6a:f4:bc:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzcb6eh2PzHvfNtJeRkL8DEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDE5YThmZDk4NTQxZWQ4OTE3MGE5MDQwMTk3N2E0YmUw
YmVjMzcwHhcNMjYwMzExMTAyNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM5Mzg0YzMwM2U4N2Q0NTViYjE3MjFkMTRkZTI3MTc5MjVlOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5DHOWR1MTr0SuzEaUhLGJHRDHK
jtrCT9CBxDhXYOwug+DzEkc85kgFG4eziZQ5838gP3zs/4BNKicO4SF/nLglZLij
t1NTfUVw24tMurXbdhXPwTMHLY9/qh0f90S28SjfO/Z6FtvYts7Dvsnk5RLOdGaE
x4eyh76hrQYCLcllAqxdBDGb/dCq0o36pdJNFGnCWHf3g6YT5ha0+RLLeATZOfSc
M8CCo0AZp8xRb7e42dvw3R0NzbmUF1JS3UEt7esu0NtlRyEp//pDOCTtOzHp6CFc
/vVA1x+KKoEk7nVV7D7LWhLCsAjlwWgn/gxkeoRqEtNXKKy22WVihlvZfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD85OEwwPofUVbsXIdFN4nF5JekcMB8GA1UdIwQY
MBaAFOfRmo/ZhUHtiRcKkEAZd6S+C+w3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTlHYWo5bUZRZTJKRndxUVFCbDNwTDRMN0RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9lNjJkYTMtYmM0Zi00N2IwLWJjOWYt
YjQyYTQxOGIzMDM2LzEvUHprNFREQS1oOVJWdXhjaDBVM2ljWGtsNlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9lNjJkYTMtYmM0Zi00N2IwLWJjOWYtYjQyYTQxOGIzMDM2
LzEvNTlHYWo5bUZRZTJKRndxUVFCbDNwTDRMN0RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY0mAwQA
X5zAMA0GCSqGSIb3DQEBCwUAA4IBAQAqccjuuRvaIAbBGLetZ2+31nmR59B98KB8
NIU/rciDd/2pJWhk2QacFpMRSXoDbgtTsrMwaOM4eEhPa2rv70A1HsqgUhLb/Ufl
FgOCH++iMIO/AA1MxzjmQ36Ho5y/ZaCUv9qtRT85Ehrxcp6jcrjksVpUPRZ0qoSL
whATjK7kgP/MDw9PY6MizfJCQUhSBnhLZejzQryFJJ0DGp7peaRCYSpuegkblr4w
lcjbtI7/E1RjYO9VI1QJRxEOwChpuRCAxB7sqWpTd9+iCMkILyzxKIZij5WjVAzC
JPASPPxM1xJyjqtfyl0lfI0c1AvR6kQKdpwfKdV32iTno6dq9LwX
-----END CERTIFICATE-----