Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/PFLWqZXEhGSjSe27HXXBR4MJTJc.roa
File:                     PFLWqZXEhGSjSe27HXXBR4MJTJc.roa (raw, json)
Hash identifier:          EgW8y7jSNiN5c+nvOeQLbNW7t5xsejb8y+r01vtFLbM=
Subject key identifier:   3C:52:D6:A9:95:C4:84:64:A3:49:ED:BB:1D:75:C1:47:83:09:4C:97
Certificate issuer:       /CN=8e195c1632aa9b024e28bff22ec6f0a7e27760a7
Certificate serial:       019B7EA434AF174219E03DE89C4711E96B45
Authority key identifier: 8E:19:5C:16:32:AA:9B:02:4E:28:BF:F2:2E:C6:F0:A7:E2:77:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhlcFjKqmwJOKL_yLsbwp-J3YKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/PFLWqZXEhGSjSe27HXXBR4MJTJc.roa
Signing time:             Fri 02 Jan 2026 12:17:29 +0000
ROA not before:           Fri 02 Jan 2026 12:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198601
IP address blocks:        185.234.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/jhlcFjKqmwJOKL_yLsbwp-J3YKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/jhlcFjKqmwJOKL_yLsbwp-J3YKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhlcFjKqmwJOKL_yLsbwp-J3YKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:34:af:17:42:19:e0:3d:e8:9c:47:11:e9:6b:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e195c1632aa9b024e28bff22ec6f0a7e27760a7
        Validity
            Not Before: Jan  2 12:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c52d6a995c48464a349edbb1d75c14783094c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d1:02:be:6b:e7:c7:c2:2c:e2:bd:f6:90:64:
                    0e:6b:4b:7b:97:c8:b3:e6:29:c2:be:39:39:f5:3f:
                    f5:a7:26:21:c8:f6:30:8f:a9:41:31:67:24:17:2a:
                    66:d3:98:91:4c:f1:0d:5d:59:b3:0f:1b:59:82:c3:
                    15:a5:96:0e:19:bf:3e:6e:fb:8e:99:63:40:46:e9:
                    51:07:da:a6:be:f5:89:49:c7:a3:cf:fb:b0:f1:55:
                    f7:0b:82:ec:58:84:81:41:9b:7a:19:5b:e0:dc:ab:
                    12:b2:ed:2e:2a:13:c3:fc:de:7e:39:06:f1:ee:38:
                    63:76:b5:12:94:6f:1f:9d:26:28:a7:65:a8:a1:16:
                    95:dc:d5:9b:d8:72:91:69:c7:3e:89:43:41:6e:1e:
                    bb:f9:1d:27:9e:eb:64:75:52:00:8e:4e:67:f7:17:
                    10:b5:b2:7b:b9:16:6e:e1:39:e1:83:86:6e:9e:ea:
                    8b:06:98:df:aa:a8:e5:09:07:d0:5d:47:73:14:27:
                    75:f6:e6:a2:27:9f:b2:5f:55:9c:3b:41:ac:95:c6:
                    be:e6:94:f3:99:83:64:bd:5d:88:a5:73:4f:50:c7:
                    4a:d2:ab:49:ca:11:61:f1:b0:0a:07:34:37:ff:ff:
                    1f:e2:f7:0a:d6:5b:e7:48:8b:09:48:84:61:17:03:
                    a1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:52:D6:A9:95:C4:84:64:A3:49:ED:BB:1D:75:C1:47:83:09:4C:97
            X509v3 Authority Key Identifier:
                keyid:8E:19:5C:16:32:AA:9B:02:4E:28:BF:F2:2E:C6:F0:A7:E2:77:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhlcFjKqmwJOKL_yLsbwp-J3YKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/PFLWqZXEhGSjSe27HXXBR4MJTJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd7a64-301a-49e7-ac65-ead8091dbc13/1/jhlcFjKqmwJOKL_yLsbwp-J3YKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:e6:1e:1f:e7:82:0d:fd:1e:40:9d:e3:e1:8f:a7:c7:08:e0:
         d0:1c:42:de:75:55:20:a9:09:63:5e:81:d2:5e:08:20:55:09:
         4c:dd:85:3b:78:cb:b2:1e:82:88:eb:88:9b:7b:44:40:94:dc:
         00:cd:f8:0e:86:3e:2f:c9:e2:e6:92:5d:7a:5c:55:63:38:66:
         60:84:c5:11:05:cf:d4:13:0f:90:6b:2b:27:e0:04:33:53:a4:
         ca:a3:70:5f:fa:b9:35:56:a6:87:20:6d:91:ec:69:94:e7:c0:
         91:8c:e3:55:9a:28:76:ac:47:eb:57:1b:46:49:1a:68:e0:a3:
         4a:01:12:19:b4:8c:8d:90:12:64:12:9e:4a:54:6c:9f:e3:f9:
         fb:ca:7b:7d:7d:02:54:cc:f0:30:45:1c:82:df:f1:82:ba:c0:
         13:40:ee:d1:1c:28:2c:61:fa:68:58:99:84:b3:e4:88:50:ac:
         7a:6e:6d:27:c6:a0:b6:ef:e3:5d:29:bf:f2:a9:17:6c:66:79:
         cb:eb:5c:89:19:f6:39:53:8a:c7:7d:91:85:2f:be:39:0d:77:
         d1:fd:10:03:3d:33:02:b6:67:8c:18:49:fb:1e:4d:6a:40:22:
         0b:95:f4:8f:5f:31:ca:60:08:b2:50:94:6a:b7:02:e8:ab:32:
         90:8a:14:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pDSvF0IZ4D3onEcR6WtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMTk1YzE2MzJhYTliMDI0ZTI4YmZmMjJlYzZmMGE3ZTI3
NzYwYTcwHhcNMjYwMTAyMTIxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzUyZDZhOTk1YzQ4NDY0YTM0OWVkYmIxZDc1YzE0NzgzMDk0Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNECvmvnx8Is4r32kGQOa0t7l8iz
5inCvjk59T/1pyYhyPYwj6lBMWckFypm05iRTPENXVmzDxtZgsMVpZYOGb8+bvuO
mWNARulRB9qmvvWJScejz/uw8VX3C4LsWISBQZt6GVvg3KsSsu0uKhPD/N5+OQbx
7jhjdrUSlG8fnSYop2WooRaV3NWb2HKRacc+iUNBbh67+R0nnutkdVIAjk5n9xcQ
tbJ7uRZu4Tnhg4ZunuqLBpjfqqjlCQfQXUdzFCd19uaiJ5+yX1WcO0Gslca+5pTz
mYNkvV2IpXNPUMdK0qtJyhFh8bAKBzQ3//8f4vcK1lvnSIsJSIRhFwOh+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxS1qmVxIRko0ntux11wUeDCUyXMB8GA1UdIwQY
MBaAFI4ZXBYyqpsCTii/8i7G8Kfid2CnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhsY0ZqS3Ftd0pPS0xfeUxzYndwLUozWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDdhNjQtMzAxYS00OWU3LWFjNjUt
ZWFkODA5MWRiYzEzLzEvUEZMV3FaWEVoR1NqU2UyN0hYWEJSNE1KVEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDdhNjQtMzAxYS00OWU3LWFjNjUtZWFkODA5MWRiYzEz
LzEvamhsY0ZqS3Ftd0pPS0xfeUxzYndwLUozWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuepxMA0G
CSqGSIb3DQEBCwUAA4IBAQB95h4f54IN/R5AnePhj6fHCODQHELedVUgqQljXoHS
XgggVQlM3YU7eMuyHoKI64ibe0RAlNwAzfgOhj4vyeLmkl16XFVjOGZghMURBc/U
Ew+Qaysn4AQzU6TKo3Bf+rk1VqaHIG2R7GmU58CRjONVmih2rEfrVxtGSRpo4KNK
ARIZtIyNkBJkEp5KVGyf4/n7ynt9fQJUzPAwRRyC3/GCusATQO7RHCgsYfpoWJmE
s+SIUKx6bm0nxqC27+NdKb/yqRdsZnnL61yJGfY5U4rHfZGFL745DXfR/RADPTMC
tmeMGEn7Hk1qQCILlfSPXzHKYAiyUJRqtwLoqzKQihRD
-----END CERTIFICATE-----