Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/pnWsBwQgTGbr0aF4RTtyipKOi0c.roa
File:                     pnWsBwQgTGbr0aF4RTtyipKOi0c.roa (raw, json)
Hash identifier:          qCTG+kKuBg2QmgjBYvrLqkki8B73pYoU+eKEF8ElOag=
Subject key identifier:   A6:75:AC:07:04:20:4C:66:EB:D1:A1:78:45:3B:72:8A:92:8E:8B:47
Certificate issuer:       /CN=b31f64de5618f75c19df513953f6469879e08773
Certificate serial:       019B7AC8707B074682EB2EE75C952B3D9FA3
Authority key identifier: B3:1F:64:DE:56:18:F7:5C:19:DF:51:39:53:F6:46:98:79:E0:87:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sx9k3lYY91wZ31E5U_ZGmHngh3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/pnWsBwQgTGbr0aF4RTtyipKOi0c.roa
Signing time:             Thu 01 Jan 2026 18:18:34 +0000
ROA not before:           Thu 01 Jan 2026 18:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209486
IP address blocks:        194.36.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/sx9k3lYY91wZ31E5U_ZGmHngh3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/sx9k3lYY91wZ31E5U_ZGmHngh3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sx9k3lYY91wZ31E5U_ZGmHngh3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:70:7b:07:46:82:eb:2e:e7:5c:95:2b:3d:9f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31f64de5618f75c19df513953f6469879e08773
        Validity
            Not Before: Jan  1 18:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a675ac0704204c66ebd1a178453b728a928e8b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:2c:d9:a0:b0:7b:cf:36:19:b2:90:38:e5:
                    27:15:0b:aa:9b:20:ab:a0:28:a1:0b:6b:df:68:ce:
                    e9:21:50:fe:d4:b2:67:cc:22:4f:cd:ef:79:21:d9:
                    01:72:09:bc:7d:42:c6:e1:b5:e9:6f:f5:ad:6f:2e:
                    4d:e2:0d:6e:b1:a2:08:db:9e:17:1f:08:a5:25:3b:
                    34:98:b5:39:38:66:da:fc:a1:81:40:3f:15:de:7b:
                    70:52:f7:0c:b0:54:36:f2:e2:b4:7e:4a:59:27:03:
                    93:dc:9c:c2:94:4f:f4:5b:8c:c5:9a:21:ff:14:bd:
                    2c:a8:6c:21:7e:3f:85:3f:7e:06:d3:ff:36:ba:62:
                    e1:31:2e:3c:bd:72:a9:16:9c:ab:20:bb:09:92:dd:
                    cd:48:fb:c5:8f:ea:c4:fd:5f:05:b1:84:8b:ef:76:
                    67:04:c2:bd:ea:86:09:58:1e:8b:3f:2b:fe:b4:46:
                    cb:c4:13:c2:bc:2b:f6:86:04:13:57:95:cd:93:0c:
                    6d:37:8f:22:62:08:11:c4:80:dd:90:73:10:bd:17:
                    15:ac:40:bb:59:4b:e8:84:c2:a4:c0:d6:84:17:a8:
                    dd:f8:b8:4c:0b:3d:29:29:f1:b4:dd:28:fd:2c:df:
                    a6:80:64:a4:cb:ed:7b:7e:68:d5:1e:8c:89:c9:50:
                    62:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:75:AC:07:04:20:4C:66:EB:D1:A1:78:45:3B:72:8A:92:8E:8B:47
            X509v3 Authority Key Identifier:
                keyid:B3:1F:64:DE:56:18:F7:5C:19:DF:51:39:53:F6:46:98:79:E0:87:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sx9k3lYY91wZ31E5U_ZGmHngh3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/pnWsBwQgTGbr0aF4RTtyipKOi0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3fa007-f344-467e-b712-1cce5b58f8e3/1/sx9k3lYY91wZ31E5U_ZGmHngh3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:ee:8f:e8:de:91:db:76:d5:ca:a1:c3:1c:4e:f2:01:ba:1c:
         e7:fb:7e:ba:2e:35:eb:71:6e:20:cd:ec:73:9c:a0:8b:f0:8c:
         38:08:d9:4b:4b:39:b8:c7:56:87:31:d9:8f:fa:ea:c8:7b:4e:
         68:c4:29:87:78:f9:86:71:f7:be:3f:f7:e0:1c:bc:bd:60:1a:
         02:82:4b:fb:c8:3c:a3:55:1f:92:dd:d3:33:e5:a8:ca:fd:fd:
         90:33:5b:ec:b6:fb:db:3c:1a:77:fa:c2:d6:7c:60:69:1d:d2:
         1e:62:6f:46:38:2f:82:b5:f9:9a:12:89:41:86:e0:2a:3e:9d:
         72:59:c3:31:5a:e1:01:88:ea:dc:4d:2f:4a:46:f0:14:87:98:
         14:6a:ab:57:e6:bf:fb:b1:9a:7a:98:97:e9:33:45:ee:1c:9c:
         ba:7f:3e:dc:1e:72:92:e2:d3:23:83:e4:27:b5:06:43:c5:e5:
         c9:73:cf:74:92:7b:d3:00:28:7a:63:fd:02:9b:93:b3:bb:d1:
         5a:a1:83:ea:21:a1:ee:35:fa:fe:15:09:e8:c7:77:2d:68:45:
         4a:8f:a9:f6:93:f8:5d:8a:ae:3f:18:48:44:27:ae:0d:b0:d3:
         a0:bf:b3:31:74:22:94:fb:ad:26:8d:5f:08:a5:e7:1c:46:04:
         af:51:a6:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yHB7B0aC6y7nXJUrPZ+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWY2NGRlNTYxOGY3NWMxOWRmNTEzOTUzZjY0Njk4Nzll
MDg3NzMwHhcNMjYwMTAxMTgxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc1YWMwNzA0MjA0YzY2ZWJkMWExNzg0NTNiNzI4YTkyOGU4YjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooQs2aCwe882GbKQOOUnFQuqmyCr
oCihC2vfaM7pIVD+1LJnzCJPze95IdkBcgm8fULG4bXpb/Wtby5N4g1usaII254X
HwilJTs0mLU5OGba/KGBQD8V3ntwUvcMsFQ28uK0fkpZJwOT3JzClE/0W4zFmiH/
FL0sqGwhfj+FP34G0/82umLhMS48vXKpFpyrILsJkt3NSPvFj+rE/V8FsYSL73Zn
BMK96oYJWB6LPyv+tEbLxBPCvCv2hgQTV5XNkwxtN48iYggRxIDdkHMQvRcVrEC7
WUvohMKkwNaEF6jd+LhMCz0pKfG03Sj9LN+mgGSky+17fmjVHoyJyVBiXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ1rAcEIExm69GheEU7coqSjotHMB8GA1UdIwQY
MBaAFLMfZN5WGPdcGd9ROVP2Rph54IdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3g5azNsWVk5MXdaMzFFNVVfWkdtSG5naDNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zZmEwMDctZjM0NC00NjdlLWI3MTIt
MWNjZTViNThmOGUzLzEvcG5Xc0J3UWdUR2JyMGFGNFJUdHlpcEtPaTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zZmEwMDctZjM0NC00NjdlLWI3MTItMWNjZTViNThmOGUz
LzEvc3g5azNsWVk5MXdaMzFFNVVfWkdtSG5naDNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiS0MA0G
CSqGSIb3DQEBCwUAA4IBAQA47o/o3pHbdtXKocMcTvIBuhzn+366LjXrcW4gzexz
nKCL8Iw4CNlLSzm4x1aHMdmP+urIe05oxCmHePmGcfe+P/fgHLy9YBoCgkv7yDyj
VR+S3dMz5ajK/f2QM1vstvvbPBp3+sLWfGBpHdIeYm9GOC+CtfmaEolBhuAqPp1y
WcMxWuEBiOrcTS9KRvAUh5gUaqtX5r/7sZp6mJfpM0XuHJy6fz7cHnKS4tMjg+Qn
tQZDxeXJc890knvTACh6Y/0Cm5Ozu9FaoYPqIaHuNfr+FQnox3ctaEVKj6n2k/hd
iq4/GEhEJ64NsNOgv7MxdCKU+60mjV8IpeccRgSvUaYH
-----END CERTIFICATE-----