Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/pZAFv0jFSIg3T6apn7mzvuziSbo.roa
File:                     pZAFv0jFSIg3T6apn7mzvuziSbo.roa (raw, json)
Hash identifier:          Mivi7UE7PO7E6vo4gXQ02GjqhdIj6xXgGbCncGPuXD8=
Subject key identifier:   A5:90:05:BF:48:C5:48:88:37:4F:A6:A9:9F:B9:B3:BE:EC:E2:49:BA
Certificate issuer:       /CN=a8ef61bdc034fb5638bcf19e07ec21d90019d42c
Certificate serial:       019B7B3666F536CF4C89B8C0C42BCB06444F
Authority key identifier: A8:EF:61:BD:C0:34:FB:56:38:BC:F1:9E:07:EC:21:D9:00:19:D4:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/pZAFv0jFSIg3T6apn7mzvuziSbo.roa
Signing time:             Thu 01 Jan 2026 20:18:41 +0000
ROA not before:           Thu 01 Jan 2026 20:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39848
IP address blocks:        84.234.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:66:f5:36:cf:4c:89:b8:c0:c4:2b:cb:06:44:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8ef61bdc034fb5638bcf19e07ec21d90019d42c
        Validity
            Not Before: Jan  1 20:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a59005bf48c54888374fa6a99fb9b3beece249ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:21:fa:9b:e0:e2:f0:12:40:e2:df:7a:16:bc:
                    1f:d8:52:d8:a7:03:ed:5b:0c:97:ba:6b:92:bf:22:
                    d5:49:d1:6c:2f:ab:7a:ce:01:91:11:5a:c5:05:3b:
                    84:95:fd:30:ab:ed:39:24:b3:d7:b2:3d:30:9f:cc:
                    43:d3:01:86:14:24:39:07:bb:50:fb:9f:e2:42:34:
                    50:1b:39:47:10:e3:89:44:ca:34:5d:82:0d:f4:bd:
                    35:f6:77:55:5c:17:ea:93:0b:4b:63:96:69:d5:4f:
                    ef:09:59:c4:3f:cc:c0:08:0d:e8:59:8e:ed:9a:f6:
                    76:66:a8:4a:6b:17:4e:46:9c:b4:42:09:01:9c:76:
                    9f:52:23:25:71:cd:0f:4f:c4:5f:63:19:ee:fc:4d:
                    fc:1b:b5:38:e5:41:2a:91:83:4c:57:8d:0a:12:3e:
                    60:c9:a5:a0:4d:48:3f:f6:34:bd:d0:69:fd:8a:bf:
                    92:80:93:7c:bf:6a:06:d0:06:11:6b:f4:29:3b:be:
                    c8:43:66:be:2c:dc:cd:d9:d8:b9:78:dc:de:3d:b5:
                    87:e6:f3:51:dc:90:cc:a0:9f:29:1b:99:f7:5f:0c:
                    46:22:6f:2f:e2:c6:ef:28:7c:e0:cc:a2:ef:cb:79:
                    3b:40:c6:3a:16:f8:75:7d:b3:13:7c:4f:96:64:08:
                    40:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:90:05:BF:48:C5:48:88:37:4F:A6:A9:9F:B9:B3:BE:EC:E2:49:BA
            X509v3 Authority Key Identifier:
                keyid:A8:EF:61:BD:C0:34:FB:56:38:BC:F1:9E:07:EC:21:D9:00:19:D4:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/pZAFv0jFSIg3T6apn7mzvuziSbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.234.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:42:a7:38:25:0b:50:bf:dc:34:f8:d0:62:d3:1e:79:09:32:
         31:de:b2:e1:ef:2f:2d:e6:8f:01:ce:d1:d2:7e:63:42:0a:96:
         a4:22:8e:d0:dc:b7:60:25:b3:77:e5:77:11:0f:35:7e:21:ef:
         19:1d:21:92:eb:47:3b:24:b0:1d:36:c3:62:12:15:0d:9d:1b:
         71:70:93:d9:4a:8b:13:29:6d:e8:48:f7:ef:20:74:1d:93:e2:
         45:90:b5:7f:de:32:e2:68:f4:6d:8e:f6:9e:bd:dd:07:24:65:
         50:10:0c:5b:77:d6:2f:56:94:ea:69:df:10:83:15:37:ce:63:
         2b:00:bb:2e:84:22:2e:b5:37:25:bf:00:d6:6a:c8:30:f5:25:
         4a:bc:cb:04:76:70:4b:5b:25:93:f9:e2:ec:9c:e7:e5:0b:83:
         bd:24:1e:35:99:bc:ec:70:c9:a3:a7:0e:c2:11:a8:ca:dc:b3:
         b8:88:fb:93:7e:2d:c9:9f:7c:11:32:24:6d:44:03:9a:4d:f9:
         cb:b1:0a:fe:78:c2:32:c2:6e:08:7a:72:15:bd:0e:67:31:cd:
         d3:25:0d:f5:a5:9f:0e:6b:17:16:b3:dd:ca:2d:6a:d7:23:83:
         fa:a1:16:f2:32:5c:5c:52:79:93:28:ea:7f:c4:f2:ca:7d:08:
         54:58:0e:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nmb1Ns9MibjAxCvLBkRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZWY2MWJkYzAzNGZiNTYzOGJjZjE5ZTA3ZWMyMWQ5MDAx
OWQ0MmMwHhcNMjYwMTAxMjAxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTkwMDViZjQ4YzU0ODg4Mzc0ZmE2YTk5ZmI5YjNiZWVjZTI0OWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyH6m+Di8BJA4t96Frwf2FLYpwPt
WwyXumuSvyLVSdFsL6t6zgGREVrFBTuElf0wq+05JLPXsj0wn8xD0wGGFCQ5B7tQ
+5/iQjRQGzlHEOOJRMo0XYIN9L019ndVXBfqkwtLY5Zp1U/vCVnEP8zACA3oWY7t
mvZ2ZqhKaxdORpy0QgkBnHafUiMlcc0PT8RfYxnu/E38G7U45UEqkYNMV40KEj5g
yaWgTUg/9jS90Gn9ir+SgJN8v2oG0AYRa/QpO77IQ2a+LNzN2di5eNzePbWH5vNR
3JDMoJ8pG5n3XwxGIm8v4sbvKHzgzKLvy3k7QMY6Fvh1fbMTfE+WZAhAwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWQBb9IxUiIN0+mqZ+5s77s4km6MB8GA1UdIwQY
MBaAFKjvYb3ANPtWOLzxngfsIdkAGdQsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU85aHZjQTAtMVk0dlBHZUItd2gyUUFaMUN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMDAxNjUtMjVjNi00MDFiLTljYmYt
MWY0OWJjN2ZkM2JkLzEvcFpBRnYwakZTSWczVDZhcG43bXp2dXppU2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMDAxNjUtMjVjNi00MDFiLTljYmYtMWY0OWJjN2ZkM2Jk
LzEvcU85aHZjQTAtMVk0dlBHZUItd2gyUUFaMUN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVOpsMA0G
CSqGSIb3DQEBCwUAA4IBAQBPQqc4JQtQv9w0+NBi0x55CTIx3rLh7y8t5o8BztHS
fmNCCpakIo7Q3LdgJbN35XcRDzV+Ie8ZHSGS60c7JLAdNsNiEhUNnRtxcJPZSosT
KW3oSPfvIHQdk+JFkLV/3jLiaPRtjvaevd0HJGVQEAxbd9YvVpTqad8QgxU3zmMr
ALsuhCIutTclvwDWasgw9SVKvMsEdnBLWyWT+eLsnOflC4O9JB41mbzscMmjpw7C
EajK3LO4iPuTfi3Jn3wRMiRtRAOaTfnLsQr+eMIywm4IenIVvQ5nMc3TJQ31pZ8O
axcWs93KLWrXI4P6oRbyMlxcUnmTKOp/xPLKfQhUWA6y
-----END CERTIFICATE-----