Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/PnKU_Q2HHtCU1pCr_1KaGPkN2ek.roa
File:                     PnKU_Q2HHtCU1pCr_1KaGPkN2ek.roa (raw, json)
Hash identifier:          GbYc2B1qBjTyAVup6jSWAzMh9yA2HZhkMGLtK25rTiQ=
Subject key identifier:   3E:72:94:FD:0D:87:1E:D0:94:D6:90:AB:FF:52:9A:18:F9:0D:D9:E9
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       01997A5AEE8453CF9582F71508CE385FEDA1
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/PnKU_Q2HHtCU1pCr_1KaGPkN2ek.roa
Signing time:             Wed 24 Sep 2025 06:13:23 +0000
ROA not before:           Wed 24 Sep 2025 06:13:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        95.173.53.0/24 maxlen: 24
                          95.173.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:5a:ee:84:53:cf:95:82:f7:15:08:ce:38:5f:ed:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Sep 24 06:13:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e7294fd0d871ed094d690abff529a18f90dd9e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a9:2c:67:7d:eb:49:3e:98:9f:52:3d:17:10:
                    40:36:85:b1:99:0d:cd:8b:ac:40:42:56:fa:04:a1:
                    bf:cc:fb:de:e3:93:88:4b:be:ce:99:63:3a:3a:b4:
                    9a:1b:75:35:3b:9e:10:41:81:9d:78:36:0a:73:a4:
                    2c:4c:d5:3f:b6:f2:59:58:01:22:1e:05:d7:e7:5b:
                    4e:df:78:78:3d:e8:65:e9:63:95:0d:6e:ee:19:7b:
                    21:ac:e7:3e:1a:19:0f:e2:79:c1:98:ac:9f:6c:7a:
                    13:e9:1d:6f:62:6e:89:22:ff:7c:e1:2f:93:e7:8e:
                    44:f2:32:47:0c:e3:fa:ce:e0:80:46:c3:aa:f6:7a:
                    ff:9b:ea:0c:dc:97:25:92:7c:91:69:a9:3e:02:d9:
                    12:ab:38:af:c9:7b:5b:7b:7e:c7:7c:5d:65:af:04:
                    fe:18:e9:87:87:2c:73:df:9f:f4:d6:95:78:ef:a0:
                    c5:93:b1:4f:07:f0:2a:01:60:7e:cd:44:5c:ce:57:
                    d5:ce:50:13:cf:87:9c:84:6c:4c:98:74:78:9c:92:
                    c3:5e:d4:be:05:22:d9:fa:9c:35:b3:88:84:1f:12:
                    a4:57:09:12:a7:0e:71:2a:6e:a6:90:20:ee:7a:23:
                    4f:99:0e:78:1a:22:23:53:71:2d:d8:2c:38:73:ba:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:72:94:FD:0D:87:1E:D0:94:D6:90:AB:FF:52:9A:18:F9:0D:D9:E9
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/PnKU_Q2HHtCU1pCr_1KaGPkN2ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.53.0/24
                  95.173.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:1b:9b:dd:de:8e:96:44:e7:34:7b:39:c6:34:c9:9f:5a:09:
         43:37:c1:d1:28:45:d2:1e:fd:3c:ef:d9:1b:a2:44:53:78:8f:
         8b:30:e5:9e:b8:ca:36:76:27:c1:c4:6d:52:71:34:56:d3:6a:
         b5:6c:ef:9b:fb:31:21:b5:72:07:0f:25:de:2e:e5:ce:c4:cc:
         fc:c1:58:2b:98:08:7a:b3:f1:37:c0:71:a9:cd:f0:c2:95:19:
         f0:fe:72:b1:14:02:6a:95:51:e1:fa:21:20:6d:55:fc:7d:ae:
         bd:65:18:8d:c8:05:34:1d:19:b6:03:54:42:e1:0c:77:01:77:
         99:66:15:df:93:a5:c0:09:4c:f0:90:87:70:9e:5b:63:31:ad:
         ba:fb:4b:10:a8:64:77:af:0a:aa:91:06:f2:d5:c3:f0:6e:c3:
         f1:d0:8f:3f:c5:77:7c:bb:7e:b1:98:0f:fb:a1:8f:ca:e5:12:
         f3:e4:a1:46:af:47:c2:4e:a0:bb:75:7d:6e:73:d3:94:8e:e6:
         3d:75:43:c7:ed:20:56:8e:40:1b:20:1d:36:09:ff:a9:27:e4:
         b5:f9:b1:b0:9e:41:37:dc:32:0c:16:3f:a5:49:af:68:9f:78:
         23:aa:b8:d7:30:65:4f:ba:4f:7a:90:8c:c1:7a:66:05:63:12:
         19:37:00:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl6Wu6EU8+VgvcVCM44X+2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwOTI0MDYxMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTcyOTRmZDBkODcxZWQwOTRkNjkwYWJmZjUyOWExOGY5MGRkOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaksZ33rST6Yn1I9FxBANoWxmQ3N
i6xAQlb6BKG/zPve45OIS77OmWM6OrSaG3U1O54QQYGdeDYKc6QsTNU/tvJZWAEi
HgXX51tO33h4Pehl6WOVDW7uGXshrOc+GhkP4nnBmKyfbHoT6R1vYm6JIv984S+T
545E8jJHDOP6zuCARsOq9nr/m+oM3JclknyRaak+AtkSqzivyXtbe37HfF1lrwT+
GOmHhyxz35/01pV476DFk7FPB/AqAWB+zURczlfVzlATz4echGxMmHR4nJLDXtS+
BSLZ+pw1s4iEHxKkVwkSpw5xKm6mkCDueiNPmQ54GiIjU3Et2Cw4c7o4mwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5ylP0Nhx7QlNaQq/9Smhj5DdnpMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvUG5LVV9RMkhIdENVMXBDcl8xS2FHUGtOMmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX601AwQA
X609MA0GCSqGSIb3DQEBCwUAA4IBAQByG5vd3o6WROc0eznGNMmfWglDN8HRKEXS
Hv0879kbokRTeI+LMOWeuMo2difBxG1ScTRW02q1bO+b+zEhtXIHDyXeLuXOxMz8
wVgrmAh6s/E3wHGpzfDClRnw/nKxFAJqlVHh+iEgbVX8fa69ZRiNyAU0HRm2A1RC
4Qx3AXeZZhXfk6XACUzwkIdwnltjMa26+0sQqGR3rwqqkQby1cPwbsPx0I8/xXd8
u36xmA/7oY/K5RLz5KFGr0fCTqC7dX1uc9OUjuY9dUPH7SBWjkAbIB02Cf+pJ+S1
+bGwnkE33DIMFj+lSa9on3gjqrjXMGVPuk96kIzBemYFYxIZNwBH
-----END CERTIFICATE-----