Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/PC_LI5mzW33r19J5s8xktz3ZfWM.roa
File:                     PC_LI5mzW33r19J5s8xktz3ZfWM.roa (raw, json)
Hash identifier:          89d083v0GAT00xfLKNNp4sOIB0VAv7J7O40LuyF21jA=
Subject key identifier:   3C:2F:CB:23:99:B3:5B:7D:EB:D7:D2:79:B3:CC:64:B7:3D:D9:7D:63
Certificate issuer:       /CN=7c3cca3419c8ab15b3ad4ed74438e53f4fb610df
Certificate serial:       019B783541F0C1B9828FE7882CEF84379700
Authority key identifier: 7C:3C:CA:34:19:C8:AB:15:B3:AD:4E:D7:44:38:E5:3F:4F:B6:10:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/PC_LI5mzW33r19J5s8xktz3ZfWM.roa
Signing time:             Thu 01 Jan 2026 06:18:34 +0000
ROA not before:           Thu 01 Jan 2026 06:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199864
IP address blocks:        185.46.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:41:f0:c1:b9:82:8f:e7:88:2c:ef:84:37:97:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3cca3419c8ab15b3ad4ed74438e53f4fb610df
        Validity
            Not Before: Jan  1 06:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c2fcb2399b35b7debd7d279b3cc64b73dd97d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:62:6e:87:0a:92:c9:11:0b:80:e3:99:64:61:
                    01:b6:b7:f4:ed:ba:f5:5b:d7:09:92:9b:77:0b:04:
                    4f:3f:d5:09:18:1c:d5:dc:e5:ed:71:e1:83:69:9f:
                    b7:78:f6:2d:c0:1c:75:9b:ed:7e:35:fe:af:80:34:
                    f5:88:13:a0:8e:75:76:5c:17:1b:b3:56:6e:3d:06:
                    ed:d0:71:92:7b:1f:3d:44:f8:63:c7:57:b0:ec:38:
                    87:b1:81:49:e1:e6:30:13:ae:b2:4d:d6:f6:78:a0:
                    6a:d5:45:03:1a:00:06:4f:32:51:88:f8:04:49:79:
                    f4:b2:07:02:0d:cb:32:19:a6:42:15:e3:02:43:9b:
                    02:57:ef:7f:49:fc:e4:b8:68:4b:57:c8:2f:a8:ae:
                    fa:37:6f:ba:4c:08:38:c6:4e:3e:7d:4b:84:e9:80:
                    56:0b:1e:2f:67:b3:1b:1e:2c:fe:84:33:19:20:ef:
                    54:e6:dc:ae:56:2a:18:9f:c3:8e:9d:98:d8:5e:b8:
                    3d:35:d1:d2:47:05:12:aa:4c:9b:cf:ce:a8:68:e8:
                    04:47:6a:2d:ca:db:0a:ad:c6:cb:bb:fe:16:db:7b:
                    c2:47:7f:2f:b6:97:b6:66:b4:64:e0:e2:e6:e4:1b:
                    4f:1e:ef:2d:5b:26:d0:25:1e:72:4f:f4:70:38:6e:
                    27:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2F:CB:23:99:B3:5B:7D:EB:D7:D2:79:B3:CC:64:B7:3D:D9:7D:63
            X509v3 Authority Key Identifier:
                keyid:7C:3C:CA:34:19:C8:AB:15:B3:AD:4E:D7:44:38:E5:3F:4F:B6:10:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/PC_LI5mzW33r19J5s8xktz3ZfWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:98:48:c9:a6:4f:88:b4:11:1f:49:7a:6d:04:e5:41:43:3d:
         f5:40:29:07:81:3f:94:4d:87:26:40:10:ac:2e:93:15:ce:7c:
         31:65:db:2a:31:5b:e8:83:9e:a1:eb:3c:d3:d0:f2:2e:09:8c:
         ec:06:0b:f2:a3:61:21:8f:79:b3:26:43:98:cd:7a:31:ba:1d:
         32:fb:d3:4a:2d:ca:fe:f0:de:32:97:22:20:ea:39:7a:14:89:
         03:7f:55:41:45:e1:cd:dd:f8:1c:bc:6f:4d:26:14:10:73:2a:
         32:46:ab:98:11:64:75:2d:57:0e:7e:2f:43:fe:b7:47:3f:8c:
         10:ba:ad:ef:d8:51:cc:d7:b9:83:95:e9:d3:d7:45:be:29:14:
         95:c8:f9:f1:be:c2:4d:03:74:53:47:36:34:41:0e:f9:7f:e5:
         1e:50:3f:66:3a:ab:77:1d:2d:4d:a1:f9:c1:ec:08:bc:7e:6d:
         d1:ad:23:34:22:8d:7e:46:15:06:3f:66:29:9e:db:c7:c7:62:
         0a:7f:d4:eb:9f:ea:c5:8e:f5:e4:92:1f:ad:c8:4a:f2:6d:de:
         6e:4a:8b:16:e3:28:6d:9e:70:62:43:a8:01:f6:6a:22:e3:d6:
         dc:0f:69:b1:89:2b:22:cd:88:4d:91:b9:99:fc:e0:ef:75:1e:
         88:13:d5:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUHwwbmCj+eILO+EN5cAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2NjYTM0MTljOGFiMTViM2FkNGVkNzQ0MzhlNTNmNGZi
NjEwZGYwHhcNMjYwMTAxMDYxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJmY2IyMzk5YjM1YjdkZWJkN2QyNzliM2NjNjRiNzNkZDk3ZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWJuhwqSyRELgOOZZGEBtrf07br1
W9cJkpt3CwRPP9UJGBzV3OXtceGDaZ+3ePYtwBx1m+1+Nf6vgDT1iBOgjnV2XBcb
s1ZuPQbt0HGSex89RPhjx1ew7DiHsYFJ4eYwE66yTdb2eKBq1UUDGgAGTzJRiPgE
SXn0sgcCDcsyGaZCFeMCQ5sCV+9/SfzkuGhLV8gvqK76N2+6TAg4xk4+fUuE6YBW
Cx4vZ7MbHiz+hDMZIO9U5tyuVioYn8OOnZjYXrg9NdHSRwUSqkybz86oaOgER2ot
ytsKrcbLu/4W23vCR38vtpe2ZrRk4OLm5BtPHu8tWybQJR5yT/RwOG4nKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwvyyOZs1t969fSebPMZLc92X1jMB8GA1UdIwQY
MBaAFHw8yjQZyKsVs61O10Q45T9PthDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR6S05CbklxeFd6clU3WFJEamxQMC0yRU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80OGYyZWMtZDNhNy00MzU0LTkzZmYt
MGY1Yzk1OWFjYTBiLzEvUENfTEk1bXpXMzNyMTlKNXM4eGt0ejNaZldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80OGYyZWMtZDNhNy00MzU0LTkzZmYtMGY1Yzk1OWFjYTBi
LzEvZkR6S05CbklxeFd6clU3WFJEamxQMC0yRU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS4bMA0G
CSqGSIb3DQEBCwUAA4IBAQBCmEjJpk+ItBEfSXptBOVBQz31QCkHgT+UTYcmQBCs
LpMVznwxZdsqMVvog56h6zzT0PIuCYzsBgvyo2Ehj3mzJkOYzXoxuh0y+9NKLcr+
8N4ylyIg6jl6FIkDf1VBReHN3fgcvG9NJhQQcyoyRquYEWR1LVcOfi9D/rdHP4wQ
uq3v2FHM17mDlenT10W+KRSVyPnxvsJNA3RTRzY0QQ75f+UeUD9mOqt3HS1NofnB
7Ai8fm3RrSM0Io1+RhUGP2YpntvHx2IKf9Trn+rFjvXkkh+tyErybd5uSosW4yht
nnBiQ6gB9moi49bcD2mxiSsizYhNkbmZ/ODvdR6IE9Un
-----END CERTIFICATE-----