Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/19_y7J6llehqBYTAWyN8sVJIxZo.roa
File:                     19_y7J6llehqBYTAWyN8sVJIxZo.roa (raw, json)
Hash identifier:          r0JEJlYC/0jRr1/Pbi2c2SD46O6giqAAbQtA9QLjeJM=
Subject key identifier:   D7:DF:F2:EC:9E:A5:95:E8:6A:05:84:C0:5B:23:7C:B1:52:48:C5:9A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D292C926081EBCA37D145FBE1328D84B1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/19_y7J6llehqBYTAWyN8sVJIxZo.roa
Signing time:             Thu 26 Mar 2026 08:04:40 +0000
ROA not before:           Thu 26 Mar 2026 08:04:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        80.240.88.0/24 maxlen: 24
                          89.31.236.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:2c:92:60:81:eb:ca:37:d1:45:fb:e1:32:8d:84:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 26 08:04:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7dff2ec9ea595e86a0584c05b237cb15248c59a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:20:33:a0:e2:68:ef:4e:fc:36:60:8e:fb:4f:
                    20:35:e5:90:58:b2:58:95:93:2a:44:34:64:2e:77:
                    64:e0:94:93:d1:8b:5c:66:ef:21:b3:5f:3c:fd:83:
                    22:90:81:10:5c:21:92:f3:34:ae:51:51:a8:5a:d3:
                    fa:5b:a2:70:d8:ae:3b:ca:71:81:d4:d1:e5:3c:a8:
                    4b:17:28:88:e9:af:0b:41:57:7c:7c:a5:a7:0a:8c:
                    42:7e:bf:76:8b:7a:16:34:b0:10:0a:11:ef:dc:de:
                    5f:6b:ce:fb:6d:59:17:37:e4:83:41:c2:35:40:2c:
                    2c:6b:75:3b:ba:a2:2c:41:82:a7:42:fc:88:46:48:
                    33:dc:6d:db:34:5b:8f:ff:6c:e9:11:0b:b5:4d:aa:
                    e7:86:fd:1c:63:55:00:b6:04:f8:54:8e:71:5f:e2:
                    e1:99:49:aa:9d:30:14:08:a6:c0:b5:50:56:ce:08:
                    7c:cf:14:a6:83:bf:40:d8:11:55:35:29:b9:cd:26:
                    50:ba:26:0c:89:c9:14:ef:70:e0:28:13:f7:15:80:
                    8e:26:09:08:41:76:03:26:7e:37:2e:55:ad:4f:4e:
                    fd:93:3b:96:d2:7b:2b:71:3b:1e:aa:9e:67:42:32:
                    08:e1:17:55:6a:a4:6d:ef:c1:fd:ed:61:09:c6:47:
                    df:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:DF:F2:EC:9E:A5:95:E8:6A:05:84:C0:5B:23:7C:B1:52:48:C5:9A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/19_y7J6llehqBYTAWyN8sVJIxZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.88.0/24
                  89.31.236.0/24
                  213.218.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:e0:3a:d5:59:de:a2:7b:2b:27:bb:33:fa:33:c8:75:06:53:
         80:e4:4e:26:54:88:20:7f:77:41:b6:c6:48:19:0d:72:8c:a6:
         fc:f3:d6:8e:26:20:fb:40:75:ee:33:40:d5:96:c1:54:f9:57:
         ab:8e:ca:d8:4b:60:da:62:7b:e1:9a:d6:59:12:5d:6f:e0:25:
         d3:87:e3:fd:ea:79:7e:9d:0c:54:2b:83:d4:01:0f:57:a9:a5:
         86:20:e1:79:f9:58:81:3b:38:04:1f:bf:4a:5e:75:2f:3b:d5:
         35:ec:b3:10:c1:ef:80:b7:3e:dd:55:41:50:f2:17:4c:e4:bb:
         a6:55:fb:29:be:40:c4:de:f9:07:ac:82:50:42:62:6e:83:7d:
         8c:6b:63:c0:62:fd:9f:48:40:cd:18:6c:51:f2:9c:e0:d2:51:
         ee:d3:98:f6:9f:aa:72:53:32:d1:b3:cb:4c:b3:f7:04:fa:15:
         d3:04:32:71:47:66:f0:07:b1:8b:0c:e3:37:2c:81:a6:1b:01:
         7c:51:48:e4:13:15:06:da:5d:e8:c0:20:8e:9b:87:13:c8:28:
         a0:06:55:a7:53:3a:6a:45:be:c1:b8:98:1a:fe:c3:b9:0b:c1:
         09:e2:57:6e:7e:94:7f:fc:67:e6:a7:5c:07:f9:ec:e5:5b:ad:
         89:3a:a3:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0pLJJggevKN9FF++EyjYSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzI2MDgwNDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2RmZjJlYzllYTU5NWU4NmEwNTg0YzA1YjIzN2NiMTUyNDhjNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iAzoOJo7078NmCO+08gNeWQWLJY
lZMqRDRkLndk4JST0YtcZu8hs188/YMikIEQXCGS8zSuUVGoWtP6W6Jw2K47ynGB
1NHlPKhLFyiI6a8LQVd8fKWnCoxCfr92i3oWNLAQChHv3N5fa877bVkXN+SDQcI1
QCwsa3U7uqIsQYKnQvyIRkgz3G3bNFuP/2zpEQu1Tarnhv0cY1UAtgT4VI5xX+Lh
mUmqnTAUCKbAtVBWzgh8zxSmg79A2BFVNSm5zSZQuiYMickU73DgKBP3FYCOJgkI
QXYDJn43LlWtT079kzuW0nsrcTseqp5nQjII4RdVaqRt78H97WEJxkffEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNff8uyepZXoagWEwFsjfLFSSMWaMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTlfeTdKNmxsZWhxQllUQVd5TjhzVkpJeFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPBYAwQA
WR/sAwQA1drgMA0GCSqGSIb3DQEBCwUAA4IBAQBa4DrVWd6ieysnuzP6M8h1BlOA
5E4mVIggf3dBtsZIGQ1yjKb889aOJiD7QHXuM0DVlsFU+VerjsrYS2DaYnvhmtZZ
El1v4CXTh+P96nl+nQxUK4PUAQ9XqaWGIOF5+ViBOzgEH79KXnUvO9U17LMQwe+A
tz7dVUFQ8hdM5LumVfspvkDE3vkHrIJQQmJug32Ma2PAYv2fSEDNGGxR8pzg0lHu
05j2n6pyUzLRs8tMs/cE+hXTBDJxR2bwB7GLDOM3LIGmGwF8UUjkExUG2l3owCCO
m4cTyCigBlWnUzpqRb7BuJga/sO5C8EJ4ldufpR//Gfmp1wH+ezlW62JOqNR
-----END CERTIFICATE-----