Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3RkkyYyxAxNhk4SMHDDOkuzCQSk.roa
File:                     3RkkyYyxAxNhk4SMHDDOkuzCQSk.roa (raw, json)
Hash identifier:          mtYugR+c7cJKhzkCba+GVEAPs+FjX1u2wT9iscPGav0=
Subject key identifier:   DD:19:24:C9:8C:B1:03:13:61:93:84:8C:1C:30:CE:92:EC:C2:41:29
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E8C24E2FCA8A30D930A977C5E7C221440
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3RkkyYyxAxNhk4SMHDDOkuzCQSk.roa
Signing time:             Wed 03 Jun 2026 06:21:28 +0000
ROA not before:           Wed 03 Jun 2026 06:21:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215727
IP address blocks:        82.153.148.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:24:e2:fc:a8:a3:0d:93:0a:97:7c:5e:7c:22:14:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  3 06:21:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd1924c98cb103136193848c1c30ce92ecc24129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:57:e3:25:ea:2a:9e:0a:74:c8:2d:d1:48:cf:
                    88:5a:07:8f:b2:b2:55:dc:84:e8:51:7d:59:61:33:
                    88:92:2d:e9:27:46:10:55:85:59:1e:10:47:2e:48:
                    80:bc:95:e7:5a:89:31:1c:c3:24:0b:93:99:ad:c6:
                    34:f0:ad:1e:3d:fd:38:c7:34:4c:d7:01:00:a6:7e:
                    82:7c:08:c8:30:39:ac:34:a5:49:fd:4e:3b:e8:1c:
                    60:38:52:ed:14:bd:2e:ac:0e:22:74:45:56:ec:8c:
                    0a:42:32:9b:06:f4:c4:0e:79:93:7e:52:88:1a:b6:
                    c7:ce:59:c3:af:88:b1:76:e8:54:2f:96:09:82:92:
                    04:25:a4:8b:fb:07:e9:15:b9:42:ec:9a:4a:b9:5e:
                    05:24:ab:b3:1d:2c:64:5d:2b:fa:bb:7e:9b:c8:a8:
                    b6:c8:6b:ae:23:e0:76:93:1b:0a:9f:00:59:8b:15:
                    c3:fe:c4:64:0f:74:11:4c:78:91:8d:a2:81:97:8a:
                    65:70:2c:f2:e7:b3:76:52:c1:62:a2:90:bb:bc:23:
                    3c:b0:c4:60:45:9a:15:72:79:6f:a4:07:32:b9:ad:
                    bf:af:5c:d1:8c:c8:e9:be:f2:9f:ee:1b:47:63:0e:
                    c7:60:e6:25:4a:8a:5f:8d:0b:99:6e:1f:64:14:5a:
                    24:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:19:24:C9:8C:B1:03:13:61:93:84:8C:1C:30:CE:92:EC:C2:41:29
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3RkkyYyxAxNhk4SMHDDOkuzCQSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.148.0/24
                  109.176.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:25:6d:11:dd:8d:14:76:f1:8e:67:5c:df:e9:6d:9f:fc:49:
         5b:c2:0d:a8:21:67:83:08:a0:c7:35:9f:2d:86:a9:1d:24:15:
         c8:d5:c8:88:4c:a7:6b:37:9e:fc:a8:20:14:01:02:4c:3e:72:
         52:b1:0b:de:47:52:d3:36:28:44:59:5b:0f:1a:04:c0:09:e6:
         53:24:b5:21:7c:a5:c6:04:72:01:54:cd:93:b9:4b:4e:07:f4:
         25:2c:3c:22:c2:9e:b5:fc:7c:7f:64:e0:75:82:a4:82:18:93:
         8f:2d:0a:8a:e7:a8:60:a3:45:f4:43:4c:da:2a:7b:fc:bf:d8:
         1b:fc:b0:9e:87:77:84:b2:b4:be:2f:6a:44:79:65:3e:c2:12:
         33:b4:0d:d6:da:fe:c1:bd:c9:d5:e3:1e:f6:0e:c6:68:d7:52:
         11:f0:08:b0:9a:5b:e2:eb:83:17:76:2e:ea:a9:4f:3d:9d:86:
         a5:5a:6b:4d:a0:7a:8c:40:26:a6:0d:dc:d4:27:03:14:0b:97:
         f2:b8:a3:c1:97:07:22:c7:a0:ae:7a:76:2f:90:b9:a2:bc:8f:
         74:81:55:a3:d4:db:0d:24:e9:5f:74:df:d7:08:55:1f:32:dc:
         7c:5c:7c:b4:e8:d4:0a:0c:ff:c8:c2:61:33:2b:d9:4e:81:9e:
         b0:34:29:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6MJOL8qKMNkwqXfF58IhRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAzMDYyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDE5MjRjOThjYjEwMzEzNjE5Mzg0OGMxYzMwY2U5MmVjYzI0MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVfjJeoqngp0yC3RSM+IWgePsrJV
3IToUX1ZYTOIki3pJ0YQVYVZHhBHLkiAvJXnWokxHMMkC5OZrcY08K0ePf04xzRM
1wEApn6CfAjIMDmsNKVJ/U476BxgOFLtFL0urA4idEVW7IwKQjKbBvTEDnmTflKI
GrbHzlnDr4ixduhUL5YJgpIEJaSL+wfpFblC7JpKuV4FJKuzHSxkXSv6u36byKi2
yGuuI+B2kxsKnwBZixXD/sRkD3QRTHiRjaKBl4plcCzy57N2UsFiopC7vCM8sMRg
RZoVcnlvpAcyua2/r1zRjMjpvvKf7htHYw7HYOYlSopfjQuZbh9kFFok8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0ZJMmMsQMTYZOEjBwwzpLswkEpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM1Jra3lZeXhBeE5oazRTTUhERE9rdXpDUVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpmUAwQA
bbDQMA0GCSqGSIb3DQEBCwUAA4IBAQApJW0R3Y0UdvGOZ1zf6W2f/Elbwg2oIWeD
CKDHNZ8thqkdJBXI1ciITKdrN578qCAUAQJMPnJSsQveR1LTNihEWVsPGgTACeZT
JLUhfKXGBHIBVM2TuUtOB/QlLDwiwp61/Hx/ZOB1gqSCGJOPLQqK56hgo0X0Q0za
Knv8v9gb/LCeh3eEsrS+L2pEeWU+whIztA3W2v7BvcnV4x72DsZo11IR8Aiwmlvi
64MXdi7qqU89nYalWmtNoHqMQCamDdzUJwMUC5fyuKPBlwcix6CuenYvkLmivI90
gVWj1NsNJOlfdN/XCFUfMtx8XHy06NQKDP/IwmEzK9lOgZ6wNCl8
-----END CERTIFICATE-----