Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/PCViN5XjjWy3uXa6yVs2Quk_6To.roa
File:                     PCViN5XjjWy3uXa6yVs2Quk_6To.roa (raw, json)
Hash identifier:          Aquofks2bcfd5azy6+IqavH7O37I4bc+/mKKyjG/YPU=
Subject key identifier:   3C:25:62:37:95:E3:8D:6C:B7:B9:76:BA:C9:5B:36:42:E9:3F:E9:3A
Certificate issuer:       /CN=5e79acd4ee40fda43022a2c9642b071da649526c
Certificate serial:       0198321D1E9D1A38A253563B956910CB8242
Authority key identifier: 5E:79:AC:D4:EE:40:FD:A4:30:22:A2:C9:64:2B:07:1D:A6:49:52:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/PCViN5XjjWy3uXa6yVs2Quk_6To.roa
Signing time:             Tue 22 Jul 2025 12:30:25 +0000
ROA not before:           Tue 22 Jul 2025 12:30:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21000
IP address blocks:        80.78.10.0/24 maxlen: 24
                          80.78.12.0/24 maxlen: 24
                          80.78.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:1d:1e:9d:1a:38:a2:53:56:3b:95:69:10:cb:82:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e79acd4ee40fda43022a2c9642b071da649526c
        Validity
            Not Before: Jul 22 12:30:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c25623795e38d6cb7b976bac95b3642e93fe93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e4:6c:5c:76:da:ac:0a:03:fa:35:7d:29:53:
                    de:a6:86:87:30:df:cf:29:8c:3c:d1:f9:77:33:9c:
                    8b:31:b2:11:bd:d2:b8:5b:23:13:90:e9:fe:3d:13:
                    a4:e5:c2:49:73:3f:1f:25:b4:73:5b:d1:ff:7f:7f:
                    19:af:11:f8:c0:c3:dd:e7:a1:12:95:b5:3c:4b:63:
                    79:5d:d9:d5:e2:ba:66:19:c5:1b:b5:69:03:18:8d:
                    72:13:dc:b5:f5:16:06:ee:38:6f:10:44:2f:30:e3:
                    3a:31:8b:24:c4:9a:1d:c9:60:c5:50:3a:55:68:a0:
                    b1:36:12:04:cd:82:ac:85:04:00:ec:d7:d6:32:b9:
                    06:a0:8d:fe:b4:af:25:6f:58:9b:7c:2c:e8:f6:be:
                    3b:31:20:08:90:ab:9b:dd:01:0e:73:36:9b:5a:cc:
                    22:24:f3:a4:f6:da:f4:09:02:1f:83:02:37:6e:1e:
                    3e:0d:fa:18:c0:ec:fc:f9:72:9f:7e:17:a9:89:c9:
                    be:f0:ba:f3:5c:e4:43:82:11:db:48:38:65:57:9f:
                    7c:3c:3d:f5:11:86:08:42:d8:c9:4f:f0:d0:f7:05:
                    47:16:77:54:38:58:5d:e2:3f:a8:94:93:03:1f:2e:
                    c1:87:74:f4:58:2b:b9:ec:ed:67:e2:9e:73:d9:a7:
                    a6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:25:62:37:95:E3:8D:6C:B7:B9:76:BA:C9:5B:36:42:E9:3F:E9:3A
            X509v3 Authority Key Identifier:
                keyid:5E:79:AC:D4:EE:40:FD:A4:30:22:A2:C9:64:2B:07:1D:A6:49:52:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/PCViN5XjjWy3uXa6yVs2Quk_6To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.10.0/24
                  80.78.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:35:18:23:83:48:e6:ac:8a:6d:d3:4b:97:0f:70:48:dd:0d:
         49:b9:d9:4d:cc:71:fb:b9:86:c3:b5:db:76:13:5a:4f:58:90:
         3d:52:56:2c:df:eb:c0:5a:1b:1f:8b:39:cf:0a:6b:6b:aa:a8:
         f8:de:6e:27:cd:f5:55:8e:92:25:e4:bc:f4:ae:fc:0e:f1:5c:
         da:04:fe:6b:25:6b:4b:7b:f2:09:72:53:4d:8f:15:34:9e:aa:
         a3:82:2c:40:23:9f:81:b3:e3:4a:7b:18:ad:79:58:ff:02:4a:
         af:c0:0c:77:a1:bc:1f:57:53:ed:d9:0c:58:2e:e6:8b:7b:7f:
         8b:07:28:fb:9c:01:44:94:50:7b:00:68:11:c6:71:b2:ad:9c:
         f2:cc:7f:2f:02:14:4e:d4:d2:55:15:fe:d4:fe:0f:ce:a8:08:
         e5:e1:9d:55:c8:d0:59:c9:19:b5:0b:bc:5f:88:ca:c4:9e:2c:
         ae:74:6a:72:df:ad:26:22:af:ef:61:89:16:e0:a8:16:12:62:
         f9:70:bf:90:1c:77:99:46:48:71:bf:ec:bd:3c:af:49:52:88:
         39:29:d7:78:05:f7:56:f7:ed:5f:bb:f7:7a:f8:53:60:57:cd:
         e5:ed:85:82:76:f3:c7:3a:f1:12:42:54:57:92:50:a3:dc:cd:
         d8:a1:c8:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgyHR6dGjiiU1Y7lWkQy4JCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNzlhY2Q0ZWU0MGZkYTQzMDIyYTJjOTY0MmIwNzFkYTY0
OTUyNmMwHhcNMjUwNzIyMTIzMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI1NjIzNzk1ZTM4ZDZjYjdiOTc2YmFjOTViMzY0MmU5M2ZlOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+RsXHbarAoD+jV9KVPepoaHMN/P
KYw80fl3M5yLMbIRvdK4WyMTkOn+PROk5cJJcz8fJbRzW9H/f38ZrxH4wMPd56ES
lbU8S2N5XdnV4rpmGcUbtWkDGI1yE9y19RYG7jhvEEQvMOM6MYskxJodyWDFUDpV
aKCxNhIEzYKshQQA7NfWMrkGoI3+tK8lb1ibfCzo9r47MSAIkKub3QEOczabWswi
JPOk9tr0CQIfgwI3bh4+DfoYwOz8+XKffhepicm+8LrzXORDghHbSDhlV598PD31
EYYIQtjJT/DQ9wVHFndUOFhd4j+olJMDHy7Bh3T0WCu57O1n4p5z2aem6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDwlYjeV441st7l2uslbNkLpP+k6MB8GA1UdIwQY
MBaAFF55rNTuQP2kMCKiyWQrBx2mSVJsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG5tczFPNUFfYVF3SXFMSlpDc0hIYVpKVW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YmNiMzAtODdlNC00M2I1LTgyNDYt
ZWI4ZGE1OTU0ZjNiLzEvUENWaU41WGpqV3kzdVhhNnlWczJRdWtfNlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YmNiMzAtODdlNC00M2I1LTgyNDYtZWI4ZGE1OTU0ZjNi
LzEvWG5tczFPNUFfYVF3SXFMSlpDc0hIYVpKVW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUE4KAwQB
UE4MMA0GCSqGSIb3DQEBCwUAA4IBAQAENRgjg0jmrIpt00uXD3BI3Q1JudlNzHH7
uYbDtdt2E1pPWJA9UlYs3+vAWhsfiznPCmtrqqj43m4nzfVVjpIl5Lz0rvwO8Vza
BP5rJWtLe/IJclNNjxU0nqqjgixAI5+Bs+NKexiteVj/AkqvwAx3obwfV1Pt2QxY
LuaLe3+LByj7nAFElFB7AGgRxnGyrZzyzH8vAhRO1NJVFf7U/g/OqAjl4Z1VyNBZ
yRm1C7xfiMrEniyudGpy360mIq/vYYkW4KgWEmL5cL+QHHeZRkhxv+y9PK9JUog5
Kdd4BfdW9+1fu/d6+FNgV83l7YWCdvPHOvESQlRXklCj3M3Yocg4
-----END CERTIFICATE-----