Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pnzi6ky3lxdl2UiEd-YXJN9T3GQ.roa
File:                     pnzi6ky3lxdl2UiEd-YXJN9T3GQ.roa (raw, json)
Hash identifier:          CBYRD6p1egUcg2mdmVX7e/WNIMOkyTZ6spb77MENwv8=
Subject key identifier:   A6:7C:E2:EA:4C:B7:97:17:65:D9:48:84:77:E6:17:24:DF:53:DC:64
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D538349203C695DDBE1B366CBEDE8D7B3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pnzi6ky3lxdl2UiEd-YXJN9T3GQ.roa
Signing time:             Fri 03 Apr 2026 13:23:26 +0000
ROA not before:           Fri 03 Apr 2026 13:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        160.20.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:83:49:20:3c:69:5d:db:e1:b3:66:cb:ed:e8:d7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr  3 13:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a67ce2ea4cb7971765d9488477e61724df53dc64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d4:5f:6e:77:9c:87:75:01:07:48:81:a0:b6:
                    b3:b6:4c:ab:47:79:5b:48:b6:cc:0a:f2:f0:6c:3e:
                    4a:98:ee:34:d3:b5:6e:4d:c6:dd:74:a2:47:e4:81:
                    66:f3:3c:aa:fa:03:0c:8d:93:ba:bf:b4:17:90:4f:
                    13:82:ae:30:63:4e:a5:7d:65:99:39:51:e6:d6:f9:
                    75:31:85:86:d1:64:23:c5:76:2b:03:7b:50:26:03:
                    36:e1:06:d5:95:d2:b9:70:59:e2:24:fe:fb:81:67:
                    09:b6:66:25:d9:c3:c5:05:ec:e2:1e:5b:32:46:61:
                    4b:cc:9c:8f:45:b5:14:77:4d:c0:c2:e5:bd:da:61:
                    4f:94:7d:aa:7d:48:ad:69:5d:40:59:0e:63:9b:1b:
                    0c:1a:4c:d1:e6:d0:a1:e4:9a:ae:56:b1:0b:3c:48:
                    2f:f7:c1:35:6e:ea:00:fa:41:f5:02:85:57:99:ef:
                    9b:f8:f5:4f:bc:49:7f:44:c0:5c:d8:21:d4:28:71:
                    58:17:22:e4:47:e7:16:d5:5e:1b:60:22:0d:40:cf:
                    38:0e:1c:e0:ff:48:d7:df:f1:29:2c:63:e6:0e:c6:
                    1f:98:d6:c7:42:21:44:72:ef:93:13:26:d4:ca:1b:
                    4e:a3:ea:2c:65:c3:c2:7d:84:8d:d2:56:ab:08:89:
                    0e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7C:E2:EA:4C:B7:97:17:65:D9:48:84:77:E6:17:24:DF:53:DC:64
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pnzi6ky3lxdl2UiEd-YXJN9T3GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c2:71:29:42:6c:71:7e:4d:c7:18:3c:b9:30:bd:f8:b2:8a:
         50:86:a1:da:d8:cd:55:82:6d:55:e4:6f:df:d6:fb:a3:4c:9c:
         92:96:7a:4e:bd:93:41:62:a6:d3:42:1c:7c:ad:95:11:44:93:
         ce:dc:24:98:10:3b:3f:40:bb:a7:a2:4b:35:5d:7d:11:7b:a0:
         0a:e0:a7:ea:d0:8d:b3:5e:65:70:f0:68:b3:99:55:53:1a:00:
         6c:ef:42:a4:26:fb:7a:4f:03:c9:02:32:25:b0:5c:46:34:c7:
         ca:70:d6:73:ae:8a:11:6e:75:84:bb:67:0e:d3:d5:33:2c:7b:
         ca:ca:1e:d9:d6:79:ca:30:bc:be:bd:9f:62:b4:01:89:23:2a:
         0f:c9:78:ae:18:14:30:7d:b1:74:eb:ec:e8:c5:d4:f8:c4:da:
         da:21:4a:9a:91:05:dc:c2:13:b8:bc:48:78:19:a4:53:ea:9d:
         5e:fe:de:49:2a:32:d2:eb:1a:46:e8:a4:f7:80:68:3a:d1:2d:
         91:74:36:20:74:0f:ea:4b:6a:2e:c3:b5:64:1b:f0:fa:7d:c7:
         6c:11:13:b1:79:61:58:78:fc:25:71:fa:47:01:f9:ba:17:7e:
         27:d6:1f:7c:9b:50:2c:f5:21:52:2c:82:6c:14:ee:4e:79:6d:
         31:9f:33:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Tg0kgPGld2+GzZsvt6NezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDAzMTMyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjdjZTJlYTRjYjc5NzE3NjVkOTQ4ODQ3N2U2MTcyNGRmNTNkYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtRfbnech3UBB0iBoLaztkyrR3lb
SLbMCvLwbD5KmO4007VuTcbddKJH5IFm8zyq+gMMjZO6v7QXkE8Tgq4wY06lfWWZ
OVHm1vl1MYWG0WQjxXYrA3tQJgM24QbVldK5cFniJP77gWcJtmYl2cPFBeziHlsy
RmFLzJyPRbUUd03AwuW92mFPlH2qfUitaV1AWQ5jmxsMGkzR5tCh5JquVrELPEgv
98E1buoA+kH1AoVXme+b+PVPvEl/RMBc2CHUKHFYFyLkR+cW1V4bYCINQM84Dhzg
/0jX3/EpLGPmDsYfmNbHQiFEcu+TEybUyhtOo+osZcPCfYSN0larCIkOIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ84upMt5cXZdlIhHfmFyTfU9xkMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvcG56aTZreTNseGRsMlVpRWQtWVhKTjlUM0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBRtMA0G
CSqGSIb3DQEBCwUAA4IBAQAIwnEpQmxxfk3HGDy5ML34sopQhqHa2M1Vgm1V5G/f
1vujTJySlnpOvZNBYqbTQhx8rZURRJPO3CSYEDs/QLunoks1XX0Re6AK4Kfq0I2z
XmVw8GizmVVTGgBs70KkJvt6TwPJAjIlsFxGNMfKcNZzrooRbnWEu2cO09UzLHvK
yh7Z1nnKMLy+vZ9itAGJIyoPyXiuGBQwfbF06+zoxdT4xNraIUqakQXcwhO4vEh4
GaRT6p1e/t5JKjLS6xpG6KT3gGg60S2RdDYgdA/qS2ouw7VkG/D6fcdsEROxeWFY
ePwlcfpHAfm6F34n1h98m1As9SFSLIJsFO5OeW0xnzMq
-----END CERTIFICATE-----