Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/PfsR9OcnQ4S_HWSHexwSv7eZV3U.roa
File:                     PfsR9OcnQ4S_HWSHexwSv7eZV3U.roa (raw, json)
Hash identifier:          L9T3aJ5Whx4/WHc/mYYWTiVL3q32wwganw2KXtvSvcc=
Subject key identifier:   3D:FB:11:F4:E7:27:43:84:BF:1D:64:87:7B:1C:12:BF:B7:99:57:75
Certificate issuer:       /CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
Certificate serial:       019E4E4EA23A571AB0425A773463278E8DC4
Authority key identifier: AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/PfsR9OcnQ4S_HWSHexwSv7eZV3U.roa
Signing time:             Fri 22 May 2026 06:10:36 +0000
ROA not before:           Fri 22 May 2026 06:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205317
IP address blocks:        185.93.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:4e:a2:3a:57:1a:b0:42:5a:77:34:63:27:8e:8d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
        Validity
            Not Before: May 22 06:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3dfb11f4e7274384bf1d64877b1c12bfb7995775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c6:fa:3c:f9:ae:00:53:64:89:3a:d4:91:47:
                    5b:2b:47:84:e2:b3:bd:b9:8c:e0:84:6e:fe:67:4f:
                    56:11:e3:ee:c4:6b:f1:ba:42:30:c1:f3:75:db:2b:
                    8a:98:83:1d:3f:23:dc:52:83:67:34:7b:cd:e0:c3:
                    0d:17:6e:69:5c:cd:06:99:23:cf:b8:38:67:7d:09:
                    37:3f:9e:5f:34:1e:e4:fe:f8:43:6b:b1:4d:65:a6:
                    ef:07:37:e7:65:ff:83:96:62:94:5a:ce:95:48:20:
                    29:65:8e:0b:ab:7a:34:69:dd:4c:68:9b:01:9f:58:
                    1e:55:82:a1:db:53:1f:94:87:14:45:a5:80:2e:4f:
                    62:9e:77:0b:c6:e8:3d:cd:90:4a:06:ef:dc:0c:53:
                    4d:87:ac:fa:1a:b0:81:45:60:d6:e9:76:6a:78:73:
                    90:eb:0d:29:86:ce:3b:04:7a:68:08:06:23:30:f4:
                    39:7f:1c:76:7e:73:51:a1:ea:3d:67:42:81:2b:aa:
                    00:f4:1a:e5:c1:59:78:dd:97:03:8e:a9:ff:bd:31:
                    03:85:b1:c6:9e:52:e6:52:ce:31:71:3b:46:de:2d:
                    f4:9a:e3:88:77:75:30:41:3a:2a:6f:77:90:25:ff:
                    d3:2a:44:b8:6e:fa:46:aa:52:b9:4d:66:a1:ad:c1:
                    2a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FB:11:F4:E7:27:43:84:BF:1D:64:87:7B:1C:12:BF:B7:99:57:75
            X509v3 Authority Key Identifier:
                keyid:AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/PfsR9OcnQ4S_HWSHexwSv7eZV3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:1c:71:b9:1c:4a:67:92:f8:42:d9:d3:cd:56:7c:65:e3:42:
         65:2d:40:8f:7f:de:3d:22:34:11:25:0c:45:8a:16:53:29:17:
         12:cd:c9:4d:f9:72:34:97:e7:83:e8:51:a7:d9:80:52:19:29:
         2f:70:e2:39:1d:78:66:b3:f1:02:ec:07:1f:e4:2d:f4:ce:81:
         35:c1:64:56:dc:3c:53:9d:3b:7e:e7:47:b6:a3:5e:b5:79:ee:
         e3:12:a3:8c:df:d2:a7:5d:26:44:17:0d:e6:bd:09:8b:7f:f9:
         77:49:ca:23:ef:db:e4:36:98:d5:17:2c:7a:b5:d3:66:9c:53:
         07:73:1e:e2:aa:aa:ff:93:f8:8d:6b:1d:67:47:2e:32:5f:58:
         17:78:36:4a:08:8b:ed:c5:09:e3:91:4e:47:bf:70:9c:ef:30:
         2a:a4:fe:43:b1:96:4a:fb:65:a1:57:56:05:00:f1:38:55:db:
         c6:d7:a9:c1:61:bb:1f:a2:a5:95:e9:ed:38:de:73:a7:7b:dd:
         ca:da:65:1d:93:e5:d5:36:9d:10:aa:37:86:d1:54:7b:96:fa:
         ac:d8:15:ab:03:f2:6d:d0:be:b5:44:34:03:aa:29:f1:87:5d:
         1b:31:1b:f4:59:32:c6:ca:8a:90:12:c1:9b:cd:90:b9:94:47:
         ff:21:67:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5OTqI6VxqwQlp3NGMnjo3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDVkNDI5MWNhZTgxODVjNmMzNDJlMjVkZWU5YjdlOTIw
Zjc2ZGQwHhcNMjYwNTIyMDYxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZiMTFmNGU3Mjc0Mzg0YmYxZDY0ODc3YjFjMTJiZmI3OTk1Nzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sb6PPmuAFNkiTrUkUdbK0eE4rO9
uYzghG7+Z09WEePuxGvxukIwwfN12yuKmIMdPyPcUoNnNHvN4MMNF25pXM0GmSPP
uDhnfQk3P55fNB7k/vhDa7FNZabvBzfnZf+DlmKUWs6VSCApZY4Lq3o0ad1MaJsB
n1geVYKh21MflIcURaWALk9inncLxug9zZBKBu/cDFNNh6z6GrCBRWDW6XZqeHOQ
6w0phs47BHpoCAYjMPQ5fxx2fnNRoeo9Z0KBK6oA9BrlwVl43ZcDjqn/vTEDhbHG
nlLmUs4xcTtG3i30muOId3UwQToqb3eQJf/TKkS4bvpGqlK5TWahrcEq4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD37EfTnJ0OEvx1kh3scEr+3mVd1MB8GA1UdIwQY
MBaAFK8F1CkcroGFxsNC4l3um36SD3bdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAt
ZTdmMDVmMDI5YTQ4LzEvUGZzUjlPY25RNFNfSFdTSGV4d1N2N2VaVjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAtZTdmMDVmMDI5YTQ4
LzEvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1bMA0G
CSqGSIb3DQEBCwUAA4IBAQBRHHG5HEpnkvhC2dPNVnxl40JlLUCPf949IjQRJQxF
ihZTKRcSzclN+XI0l+eD6FGn2YBSGSkvcOI5HXhms/EC7Acf5C30zoE1wWRW3DxT
nTt+50e2o161ee7jEqOM39KnXSZEFw3mvQmLf/l3Scoj79vkNpjVFyx6tdNmnFMH
cx7iqqr/k/iNax1nRy4yX1gXeDZKCIvtxQnjkU5Hv3Cc7zAqpP5DsZZK+2WhV1YF
APE4VdvG16nBYbsfoqWV6e043nOne93K2mUdk+XVNp0QqjeG0VR7lvqs2BWrA/Jt
0L61RDQDqinxh10bMRv0WTLGyoqQEsGbzZC5lEf/IWek
-----END CERTIFICATE-----