Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/124hjBPGHbIGk8XKNfA5jVNnoUg.roa
File:                     124hjBPGHbIGk8XKNfA5jVNnoUg.roa (raw, json)
Hash identifier:          FTFwwLJoG5if4SqkmWaWfFmjVRBtBQ79YvRNEBe4e70=
Subject key identifier:   D7:6E:21:8C:13:C6:1D:B2:06:93:C5:CA:35:F0:39:8D:53:67:A1:48
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4ED7FB58D8E18FB3E373DFC4048127D2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/124hjBPGHbIGk8XKNfA5jVNnoUg.roa
Signing time:             Fri 22 May 2026 08:40:37 +0000
ROA not before:           Fri 22 May 2026 08:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        82.152.122.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:d7:fb:58:d8:e1:8f:b3:e3:73:df:c4:04:81:27:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 08:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d76e218c13c61db20693c5ca35f0398d5367a148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c9:02:18:93:ae:e3:a5:64:4d:6b:fe:7c:0c:
                    e4:05:bd:b2:5b:4c:a1:a0:cf:00:f1:4a:b5:d9:44:
                    29:59:2a:99:fd:ba:04:70:c8:dd:75:c1:58:de:f2:
                    c8:81:5e:24:68:7c:b9:8b:44:5c:4a:b2:77:ab:60:
                    69:8e:a2:34:cd:65:5f:65:28:bc:20:ce:70:42:3d:
                    b8:79:37:82:84:72:21:45:03:4b:2c:e6:3f:05:b0:
                    76:04:72:f7:63:59:37:fb:30:26:3b:1e:98:c0:8f:
                    5f:a4:fb:d3:18:9b:1b:14:01:61:83:25:51:c1:a2:
                    9a:af:62:8c:74:b9:78:43:a4:e6:46:d4:3a:37:e3:
                    b9:1a:5f:15:9e:57:a8:b3:e0:1d:bd:6a:d4:8b:39:
                    4d:a0:69:5c:9a:15:d9:45:1f:82:27:d0:0a:df:34:
                    99:02:94:cb:66:4e:c1:7a:18:e0:3c:ef:9d:38:27:
                    5e:6c:81:2f:dd:e1:4b:78:59:3c:92:c8:02:57:03:
                    ab:33:11:f0:d7:5a:61:de:fd:f1:e0:df:c1:c9:40:
                    be:1b:5e:83:25:fd:6e:b3:0e:6a:3b:9b:5a:f7:0d:
                    a3:26:b9:17:aa:8a:ee:da:e6:8c:a3:cc:fc:ba:76:
                    d0:1f:18:36:62:b9:1a:3a:32:e8:dd:b4:13:f7:0e:
                    45:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:6E:21:8C:13:C6:1D:B2:06:93:C5:CA:35:F0:39:8D:53:67:A1:48
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/124hjBPGHbIGk8XKNfA5jVNnoUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24
                  109.176.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:8c:40:c6:b0:b3:b4:b5:87:54:9f:52:a9:30:bc:53:c5:95:
         cc:6c:9f:0d:4f:e8:eb:e9:aa:85:18:7b:0b:0f:be:80:ca:0b:
         c7:48:5a:ff:f3:b6:37:f5:1f:4a:5d:ae:24:23:44:b2:f6:1f:
         56:4c:a7:2d:3b:2e:f4:b3:d9:96:40:de:3c:1e:a2:16:a5:15:
         0f:ad:18:a7:08:dc:e7:c6:8d:7b:f4:0b:78:7a:dd:09:9c:19:
         d2:81:2a:88:d0:a4:1b:72:bf:31:32:26:ff:c6:e1:bb:de:48:
         81:85:75:6b:7e:ff:60:65:07:5f:91:05:a1:43:7e:c6:8d:97:
         ca:70:90:c4:41:6f:04:63:1a:04:1c:e9:74:43:ed:34:22:e7:
         af:52:b3:9b:80:6a:e6:fd:29:e7:a7:b9:31:9e:51:75:13:f4:
         9f:a6:1d:47:6e:b1:89:0f:fd:b2:9f:a4:a3:45:de:12:1b:25:
         49:98:48:ff:80:cb:e1:f1:a3:64:3e:8e:dd:81:42:80:9d:83:
         52:a2:db:78:55:16:1c:42:2c:fe:e8:08:e5:f7:b1:1c:b8:f8:
         23:86:29:b2:fa:a8:de:90:70:b6:a4:43:d5:fd:78:e4:af:60:
         14:6b:13:df:11:d0:f4:b3:e2:69:e9:79:3a:7a:f0:9f:31:bd:
         e6:dc:78:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5O1/tY2OGPs+Nz38QEgSfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIyMDg0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzZlMjE4YzEzYzYxZGIyMDY5M2M1Y2EzNWYwMzk4ZDUzNjdhMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMkCGJOu46VkTWv+fAzkBb2yW0yh
oM8A8Uq12UQpWSqZ/boEcMjddcFY3vLIgV4kaHy5i0RcSrJ3q2BpjqI0zWVfZSi8
IM5wQj24eTeChHIhRQNLLOY/BbB2BHL3Y1k3+zAmOx6YwI9fpPvTGJsbFAFhgyVR
waKar2KMdLl4Q6TmRtQ6N+O5Gl8Vnleos+AdvWrUizlNoGlcmhXZRR+CJ9AK3zSZ
ApTLZk7BehjgPO+dOCdebIEv3eFLeFk8ksgCVwOrMxHw11ph3v3x4N/ByUC+G16D
Jf1usw5qO5ta9w2jJrkXqoru2uaMo8z8unbQHxg2YrkaOjLo3bQT9w5FIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNduIYwTxh2yBpPFyjXwOY1TZ6FIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTI0aGpCUEdIYklHazhYS05mQTVqVk5ub1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUph6AwQA
bbD1MA0GCSqGSIb3DQEBCwUAA4IBAQABjEDGsLO0tYdUn1KpMLxTxZXMbJ8NT+jr
6aqFGHsLD76AygvHSFr/87Y39R9KXa4kI0Sy9h9WTKctOy70s9mWQN48HqIWpRUP
rRinCNznxo179At4et0JnBnSgSqI0KQbcr8xMib/xuG73kiBhXVrfv9gZQdfkQWh
Q37GjZfKcJDEQW8EYxoEHOl0Q+00IuevUrObgGrm/Snnp7kxnlF1E/Sfph1HbrGJ
D/2yn6SjRd4SGyVJmEj/gMvh8aNkPo7dgUKAnYNSott4VRYcQiz+6Ajl97EcuPgj
himy+qjekHC2pEPV/Xjkr2AUaxPfEdD0s+Jp6Xk6evCfMb3m3Hg3
-----END CERTIFICATE-----