Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PKGJT5eJw2U4JKND_HZMvgOhzKY.roa
File:                     PKGJT5eJw2U4JKND_HZMvgOhzKY.roa (raw, json)
Hash identifier:          jpouUgSuXNEM0e/S1Dp/I879U8ZstyVXS6i+EgHZ0Fw=
Subject key identifier:   3C:A1:89:4F:97:89:C3:65:38:24:A3:43:FC:76:4C:BE:03:A1:CC:A6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E9177D745E39ED6FFE5B3D8CA0F9EDEF6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PKGJT5eJw2U4JKND_HZMvgOhzKY.roa
Signing time:             Thu 04 Jun 2026 07:10:10 +0000
ROA not before:           Thu 04 Jun 2026 07:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        194.87.114.0/23 maxlen: 23
                          194.87.134.0/23 maxlen: 23
                          195.133.84.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:77:d7:45:e3:9e:d6:ff:e5:b3:d8:ca:0f:9e:de:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  4 07:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ca1894f9789c3653824a343fc764cbe03a1cca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:60:73:8a:f8:a7:73:7f:51:0f:a1:75:c3:69:
                    e7:30:2a:22:4a:22:9c:69:4e:46:0d:82:c8:a2:a4:
                    11:46:97:1f:d8:80:63:be:72:0b:22:9d:1d:cc:4a:
                    98:bd:35:23:94:0e:39:20:fc:3d:89:6d:7a:1a:d4:
                    9e:33:dc:4a:46:7a:4b:bb:ae:6f:99:00:59:09:1a:
                    1e:bd:14:bc:07:59:91:ac:5a:e0:00:9d:a6:7e:07:
                    f8:cd:88:38:b4:c1:c4:c3:d4:02:17:4d:37:b5:52:
                    8a:6d:e1:90:f9:c2:08:5a:d3:e4:18:d0:a7:f7:5c:
                    7f:04:8a:25:f0:6e:95:66:d0:e1:ca:67:5b:a0:98:
                    be:3b:b0:23:33:26:87:56:82:c9:31:1b:f1:ae:7c:
                    75:0a:63:0d:8b:ae:cd:6b:05:26:2f:03:41:ba:e6:
                    0f:97:16:2f:fc:7e:91:55:be:b4:b3:3f:ce:0d:fd:
                    77:0c:30:88:32:a5:0e:c5:ea:b5:ac:d3:cd:15:5f:
                    b6:be:1c:32:fb:d6:e3:d7:f4:4b:ca:a5:37:68:33:
                    9b:49:50:83:f7:d3:87:6f:be:f2:fd:c0:01:ed:ee:
                    c8:10:9f:06:60:37:a8:b3:62:68:b5:51:c2:9d:fe:
                    3d:1d:0b:a7:93:7f:7d:b0:89:05:ea:d3:c0:ae:a8:
                    a4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A1:89:4F:97:89:C3:65:38:24:A3:43:FC:76:4C:BE:03:A1:CC:A6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PKGJT5eJw2U4JKND_HZMvgOhzKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.114.0/23
                  194.87.134.0/23
                  195.133.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:c1:bd:ee:3b:e2:63:5d:88:24:72:06:47:55:c6:8a:ea:4c:
         7f:3c:04:44:9b:89:df:27:1a:d5:b1:d4:9a:e1:ff:30:4e:05:
         cb:24:de:f4:22:58:d8:7f:17:b8:10:dd:77:4b:7d:5c:ec:aa:
         af:95:4b:f3:53:ac:1e:5c:9a:24:4b:2c:6e:98:9b:9a:bf:20:
         36:1e:d6:31:4e:a7:eb:01:b2:32:9f:4d:c8:3c:b3:e1:d2:57:
         3a:c8:a7:10:48:94:72:ae:6c:7e:9c:a3:91:e0:91:df:8f:7c:
         45:cb:c0:14:9c:04:f0:bd:29:9d:fa:b1:35:e8:aa:59:1d:fc:
         4a:ed:24:c8:d1:4b:b8:f9:a3:50:b3:f8:1b:bb:8d:4a:2b:cf:
         6a:58:12:d0:4b:ed:35:3f:34:de:2c:da:43:8a:34:fd:0b:6c:
         51:0c:d5:86:8c:10:20:3b:87:ab:60:2d:98:08:15:f5:86:05:
         fd:ee:ce:57:10:2e:94:61:62:48:c3:ac:27:f9:03:4d:9e:ad:
         bc:18:d3:5c:e7:36:c4:ed:4d:a6:49:75:df:81:43:b5:e8:7b:
         05:4f:43:63:62:bd:19:2e:89:d2:38:f4:b8:35:c1:3b:85:8f:
         ce:8c:c1:10:78:3a:74:e6:5d:1b:b0:1b:33:b3:fe:63:dc:66:
         c2:5a:e8:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6Rd9dF457W/+Wz2MoPnt72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjA0MDcxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ExODk0Zjk3ODljMzY1MzgyNGEzNDNmYzc2NGNiZTAzYTFjY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2Bzivinc39RD6F1w2nnMCoiSiKc
aU5GDYLIoqQRRpcf2IBjvnILIp0dzEqYvTUjlA45IPw9iW16GtSeM9xKRnpLu65v
mQBZCRoevRS8B1mRrFrgAJ2mfgf4zYg4tMHEw9QCF003tVKKbeGQ+cIIWtPkGNCn
91x/BIol8G6VZtDhymdboJi+O7AjMyaHVoLJMRvxrnx1CmMNi67NawUmLwNBuuYP
lxYv/H6RVb60sz/ODf13DDCIMqUOxeq1rNPNFV+2vhwy+9bj1/RLyqU3aDObSVCD
99OHb77y/cAB7e7IEJ8GYDeos2JotVHCnf49HQunk399sIkF6tPArqikTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDyhiU+XicNlOCSjQ/x2TL4DocymMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUEtHSlQ1ZUp3MlU0SktORF9IWk12Z09oektZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwldyAwQB
wleGAwQBw4VUMA0GCSqGSIb3DQEBCwUAA4IBAQBxwb3uO+JjXYgkcgZHVcaK6kx/
PAREm4nfJxrVsdSa4f8wTgXLJN70IljYfxe4EN13S31c7KqvlUvzU6weXJokSyxu
mJuavyA2HtYxTqfrAbIyn03IPLPh0lc6yKcQSJRyrmx+nKOR4JHfj3xFy8AUnATw
vSmd+rE16KpZHfxK7STI0Uu4+aNQs/gbu41KK89qWBLQS+01PzTeLNpDijT9C2xR
DNWGjBAgO4erYC2YCBX1hgX97s5XEC6UYWJIw6wn+QNNnq28GNNc5zbE7U2mSXXf
gUO16HsFT0NjYr0ZLonSOPS4NcE7hY/OjMEQeDp05l0bsBszs/5j3GbCWuhy
-----END CERTIFICATE-----