Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7fxtjE6dmmZVJnaVs5ezZ6lmO28.roa
File:                     7fxtjE6dmmZVJnaVs5ezZ6lmO28.roa (raw, json)
Hash identifier:          HYF34oBYQbAOnLkL/txk9BjUYC1vshSlqe9YkZC4ISQ=
Subject key identifier:   ED:FC:6D:8C:4E:9D:9A:66:55:26:76:95:B3:97:B3:67:A9:66:3B:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019C292C71430BC931B79FE9A1D9D9EB1FEA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7fxtjE6dmmZVJnaVs5ezZ6lmO28.roa
Signing time:             Wed 04 Feb 2026 15:01:44 +0000
ROA not before:           Wed 04 Feb 2026 15:01:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9318
IP address blocks:        109.176.10.0/24 maxlen: 24
                          109.176.134.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:29:2c:71:43:0b:c9:31:b7:9f:e9:a1:d9:d9:eb:1f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  4 15:01:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edfc6d8c4e9d9a6655267695b397b367a9663b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:30:aa:d6:da:78:54:e6:61:91:dc:8a:b8:65:
                    21:93:23:64:52:b4:53:07:f4:5d:78:85:52:19:31:
                    74:6b:37:65:fb:bc:dc:ec:78:7a:f7:dd:9f:9f:51:
                    43:c4:9d:84:f2:c5:06:ca:54:38:23:03:79:df:f2:
                    07:d4:02:b3:7e:f0:9f:31:e3:12:38:e3:ab:0e:c1:
                    c9:d3:53:bd:44:27:10:21:3d:bc:e3:55:75:a6:bc:
                    d5:c2:c4:db:ba:dd:7c:ac:cd:76:72:86:72:46:c7:
                    b0:7a:06:98:72:c6:9f:8d:20:3f:fd:10:0e:67:29:
                    a4:8d:a2:91:17:cc:52:9a:4a:7b:2e:3d:7c:11:94:
                    79:2e:4f:49:f6:72:a7:c0:38:7a:2b:6a:18:19:e1:
                    a2:f6:e7:82:7b:b1:c7:b9:31:98:d1:1c:43:d2:c0:
                    78:d1:ae:5a:12:49:86:72:37:e7:9d:d4:cc:7a:c7:
                    a5:f9:f7:89:08:a9:28:7b:18:b2:e0:25:c8:11:72:
                    97:15:9d:03:8d:e7:37:50:4c:64:7c:a5:52:f7:c3:
                    55:42:62:3c:e4:a3:e2:ca:7a:ef:bb:ef:7e:2f:31:
                    94:ff:22:a6:f0:e4:fd:56:89:a6:1a:51:62:3e:65:
                    d0:01:d7:fe:68:b1:30:8c:7b:a7:ec:56:a4:20:d8:
                    61:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:FC:6D:8C:4E:9D:9A:66:55:26:76:95:B3:97:B3:67:A9:66:3B:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7fxtjE6dmmZVJnaVs5ezZ6lmO28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.10.0/24
                  109.176.134.0/24
                  217.144.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:af:36:45:17:e0:91:0d:f2:5d:d7:42:f9:3a:ee:89:a8:52:
         cd:50:34:8c:22:d0:19:f8:a2:82:58:ab:cc:3a:79:ff:0f:ed:
         2e:24:64:f6:ff:9a:49:3e:a2:7a:67:9e:ee:68:a9:82:59:07:
         fd:17:37:5c:27:3e:e0:4f:a9:4e:03:30:1a:8f:f5:83:cb:7f:
         b9:3b:52:e6:1f:af:ae:9d:6d:79:c2:3d:40:5b:8a:0c:fe:4e:
         4b:47:71:03:cf:1f:d3:87:84:de:61:6a:49:27:5f:31:8e:ef:
         15:43:f8:9e:46:09:2f:7b:50:ed:6f:90:42:40:c7:9a:ca:a4:
         bf:ab:0c:56:2f:61:08:97:61:66:db:b9:18:cd:56:cd:61:b1:
         e7:d7:fa:59:64:f9:3f:82:ab:69:61:a1:0d:45:23:53:9d:2b:
         17:b6:ac:58:cc:ea:b4:ab:65:00:46:92:c6:6b:f0:8f:24:0a:
         8e:20:b5:08:07:cf:b3:24:b3:9c:f9:1b:1a:ec:94:0c:77:7b:
         03:38:f1:be:84:4e:34:f1:05:87:ac:8f:cc:e6:5c:d9:29:8f:
         41:2e:12:55:ca:c2:81:13:e2:6d:2a:00:1a:cb:ab:05:ae:d6:
         4e:b0:f2:e8:98:19:6e:1f:f1:11:4e:e6:4d:05:0e:2f:f3:77:
         f8:92:8b:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwpLHFDC8kxt5/podnZ6x/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMjA0MTUwMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGZjNmQ4YzRlOWQ5YTY2NTUyNjc2OTViMzk3YjM2N2E5NjYzYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizCq1tp4VOZhkdyKuGUhkyNkUrRT
B/RdeIVSGTF0azdl+7zc7Hh6992fn1FDxJ2E8sUGylQ4IwN53/IH1AKzfvCfMeMS
OOOrDsHJ01O9RCcQIT2841V1przVwsTbut18rM12coZyRsewegaYcsafjSA//RAO
ZymkjaKRF8xSmkp7Lj18EZR5Lk9J9nKnwDh6K2oYGeGi9ueCe7HHuTGY0RxD0sB4
0a5aEkmGcjfnndTMesel+feJCKkoexiy4CXIEXKXFZ0Djec3UExkfKVS98NVQmI8
5KPiynrvu+9+LzGU/yKm8OT9VommGlFiPmXQAdf+aLEwjHun7FakINhhjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO38bYxOnZpmVSZ2lbOXs2epZjtvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2Z4dGpFNmRtbVpWSm5hVnM1ZXpaNmxtTzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbbAKAwQA
bbCGAwQA2ZCeMA0GCSqGSIb3DQEBCwUAA4IBAQB0rzZFF+CRDfJd10L5Ou6JqFLN
UDSMItAZ+KKCWKvMOnn/D+0uJGT2/5pJPqJ6Z57uaKmCWQf9FzdcJz7gT6lOAzAa
j/WDy3+5O1LmH6+unW15wj1AW4oM/k5LR3EDzx/Th4TeYWpJJ18xju8VQ/ieRgkv
e1Dtb5BCQMeayqS/qwxWL2EIl2Fm27kYzVbNYbHn1/pZZPk/gqtpYaENRSNTnSsX
tqxYzOq0q2UARpLGa/CPJAqOILUIB8+zJLOc+Rsa7JQMd3sDOPG+hE408QWHrI/M
5lzZKY9BLhJVysKBE+JtKgAay6sFrtZOsPLomBluH/ERTuZNBQ4v83f4kovv
-----END CERTIFICATE-----