Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4u4R83oAvWcbZAvkMYBku2VM98o.roa
File:                     4u4R83oAvWcbZAvkMYBku2VM98o.roa (raw, json)
Hash identifier:          BqawFbU7ioGRX3K4rVymp56+VaCPd+xKIBSOZsDOiQE=
Subject key identifier:   E2:EE:11:F3:7A:00:BD:67:1B:64:0B:E4:31:80:64:BB:65:4C:F7:CA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E444204545B2878DA42E5A15BE60C133F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4u4R83oAvWcbZAvkMYBku2VM98o.roa
Signing time:             Wed 20 May 2026 07:20:37 +0000
ROA not before:           Wed 20 May 2026 07:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        82.153.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:42:04:54:5b:28:78:da:42:e5:a1:5b:e6:0c:13:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 20 07:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2ee11f37a00bd671b640be4318064bb654cf7ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:da:03:cb:35:63:5f:c8:e5:07:ac:63:9e:e6:
                    d9:d0:06:1c:c5:c6:46:b3:77:dd:5b:72:04:1a:b8:
                    fe:e6:65:be:14:bf:13:79:04:63:b4:eb:8a:f3:35:
                    fb:86:29:48:84:f6:69:a2:fa:08:b6:b9:7e:a7:1c:
                    80:6f:d6:6e:d7:fe:0f:d4:2f:b9:4e:70:bb:2f:b7:
                    ac:fa:1e:78:54:17:a0:68:f6:26:38:79:50:72:db:
                    51:a5:fd:3e:22:a1:e0:98:ee:dc:27:2b:5a:33:57:
                    70:25:a4:e9:b1:48:ef:32:3a:38:f3:de:18:f0:e3:
                    2d:d4:2c:8d:b8:65:4e:0d:b1:3c:db:6b:2f:a6:92:
                    ae:a0:52:25:4b:6e:74:6c:c7:6e:ff:ed:d9:f1:34:
                    01:4a:1b:6c:b5:1a:e0:85:dc:5d:04:d7:61:c6:1a:
                    29:7d:7e:4a:47:23:4b:13:10:be:c4:e8:c5:61:e8:
                    6d:87:fd:1a:64:b9:8c:86:a0:56:9a:09:c2:41:3c:
                    ce:e6:97:00:63:fa:d1:72:fd:f2:9c:df:5c:29:de:
                    99:f1:1e:99:14:5d:6f:c4:89:cb:77:76:0c:d9:6f:
                    0d:ed:55:4a:af:69:f1:07:73:ff:c9:83:b9:fd:42:
                    67:f4:a3:7b:ec:ba:97:ec:bd:75:18:71:07:6a:56:
                    05:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:EE:11:F3:7A:00:BD:67:1B:64:0B:E4:31:80:64:BB:65:4C:F7:CA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4u4R83oAvWcbZAvkMYBku2VM98o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:40:5f:0a:ef:08:0a:b7:12:1d:66:a0:82:e0:8a:85:5b:f8:
         f6:43:ee:1d:86:51:ba:5d:16:aa:c9:2e:24:ba:4e:ea:24:ef:
         9f:b9:60:27:4f:97:59:90:0c:fe:48:3c:2f:f0:6d:b5:e8:4c:
         3f:8a:50:c3:a3:1b:d5:97:05:c0:aa:ff:a0:b5:62:32:47:1e:
         b7:d9:ae:56:be:5f:e6:8f:42:58:59:04:ef:cb:7e:af:44:52:
         b0:ae:29:ac:1d:b0:d5:84:ef:fe:e0:36:21:ac:ad:e4:22:7a:
         f1:fd:f2:7c:77:1c:e2:ab:46:ab:a6:b8:91:bb:5f:c5:50:e7:
         87:27:90:30:83:f0:a0:4a:e6:8c:99:d6:34:5d:9f:5f:80:2c:
         97:31:41:88:a2:ad:81:9e:a6:f6:cf:61:8d:62:32:15:37:00:
         89:95:75:8f:61:30:f8:21:34:22:97:7e:91:c7:cc:18:a9:b2:
         60:00:a5:a9:d5:38:2e:d4:06:f3:97:2e:82:c7:cf:4e:52:67:
         94:70:67:2d:83:91:3c:cb:bf:f4:0b:a1:81:d2:88:7c:8d:1b:
         74:eb:aa:5b:53:18:7a:f1:03:57:ce:8a:a8:1d:7b:20:8d:f0:
         08:d5:22:07:48:0a:4e:23:45:0b:5d:4e:1f:1e:dc:2e:57:3b:
         9b:2f:c9:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EQgRUWyh42kLloVvmDBM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIwMDcyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmVlMTFmMzdhMDBiZDY3MWI2NDBiZTQzMTgwNjRiYjY1NGNmN2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNoDyzVjX8jlB6xjnubZ0AYcxcZG
s3fdW3IEGrj+5mW+FL8TeQRjtOuK8zX7hilIhPZpovoItrl+pxyAb9Zu1/4P1C+5
TnC7L7es+h54VBegaPYmOHlQcttRpf0+IqHgmO7cJytaM1dwJaTpsUjvMjo4894Y
8OMt1CyNuGVODbE822svppKuoFIlS250bMdu/+3Z8TQBShtstRrghdxdBNdhxhop
fX5KRyNLExC+xOjFYehth/0aZLmMhqBWmgnCQTzO5pcAY/rRcv3ynN9cKd6Z8R6Z
FF1vxInLd3YM2W8N7VVKr2nxB3P/yYO5/UJn9KN77LqX7L11GHEHalYFhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLuEfN6AL1nG2QL5DGAZLtlTPfKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNHU0Ujgzb0F2V2NiWkF2a01ZQmt1MlZNOThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpncMA0G
CSqGSIb3DQEBCwUAA4IBAQBAQF8K7wgKtxIdZqCC4IqFW/j2Q+4dhlG6XRaqyS4k
uk7qJO+fuWAnT5dZkAz+SDwv8G216Ew/ilDDoxvVlwXAqv+gtWIyRx632a5Wvl/m
j0JYWQTvy36vRFKwrimsHbDVhO/+4DYhrK3kInrx/fJ8dxziq0arpriRu1/FUOeH
J5Awg/CgSuaMmdY0XZ9fgCyXMUGIoq2Bnqb2z2GNYjIVNwCJlXWPYTD4ITQil36R
x8wYqbJgAKWp1Tgu1Abzly6Cx89OUmeUcGctg5E8y7/0C6GB0oh8jRt066pbUxh6
8QNXzoqoHXsgjfAI1SIHSApOI0ULXU4fHtwuVzubL8l4
-----END CERTIFICATE-----