Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9U10V71xwJQddNLRC7CGM46QP5Y.roa
File:                     9U10V71xwJQddNLRC7CGM46QP5Y.roa (raw, json)
Hash identifier:          1m7JppTV4wNk4oz4pcOQJg2kUiAsHF6q9DGks3/Nq2w=
Subject key identifier:   F5:4D:74:57:BD:71:C0:94:1D:74:D2:D1:0B:B0:86:33:8E:90:3F:96
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E49F1B617B2929E262C2AE2FA61E7D457
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9U10V71xwJQddNLRC7CGM46QP5Y.roa
Signing time:             Thu 21 May 2026 09:50:38 +0000
ROA not before:           Thu 21 May 2026 09:50:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        82.152.9.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:f1:b6:17:b2:92:9e:26:2c:2a:e2:fa:61:e7:d4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 09:50:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f54d7457bd71c0941d74d2d10bb086338e903f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9c:bc:61:7f:41:69:0e:c2:bc:e1:88:f2:51:
                    0d:cc:f9:2d:7e:cf:22:1d:d1:09:48:da:99:06:eb:
                    3d:0a:cb:5e:c3:f4:05:a0:d2:34:80:72:17:42:34:
                    7a:bb:fd:45:58:44:69:53:b2:a7:91:70:78:e3:a4:
                    9c:fe:d9:7b:ff:a9:3a:c6:81:27:20:cb:82:f3:78:
                    ff:59:b6:1b:4d:c9:9d:88:4e:eb:b6:6a:9f:c3:fd:
                    33:61:44:75:c6:c5:da:d1:a0:a0:79:f2:8b:1c:e9:
                    b5:c6:a9:9d:9a:d5:4c:0a:61:b2:4c:80:d8:e3:ba:
                    5c:14:8d:99:58:8b:f0:14:e8:01:f1:55:cc:1d:0d:
                    4c:73:8e:81:75:97:52:8a:8b:0e:b7:09:0b:4d:d2:
                    1a:4e:50:09:3a:7c:1e:4d:5c:7e:78:d9:e6:0e:fb:
                    f9:26:bd:9c:4f:b8:17:a5:5b:49:68:c8:41:03:b9:
                    65:41:bb:ec:de:38:0a:3a:2f:19:3d:ee:52:fe:87:
                    81:09:79:9a:7d:ee:70:54:ce:cf:4a:d9:c5:ed:35:
                    e1:b0:d3:42:eb:b9:39:a4:6f:f8:6e:34:84:b5:23:
                    8e:8a:08:71:58:d3:da:d8:c6:20:21:ea:38:0a:90:
                    cf:fb:9d:d6:d7:ff:1d:2e:7f:8b:b4:b4:ff:d1:12:
                    21:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4D:74:57:BD:71:C0:94:1D:74:D2:D1:0B:B0:86:33:8E:90:3F:96
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9U10V71xwJQddNLRC7CGM46QP5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.9.0/24
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:df:99:fa:6e:8e:bf:49:3d:57:e9:5f:4a:37:97:6b:56:10:
         00:7a:40:c6:52:90:d2:1f:4c:9e:ba:7c:3b:e5:66:5c:55:f5:
         08:80:9f:a3:7a:f1:36:02:17:38:8a:72:a6:86:03:02:4f:06:
         37:d3:c0:cb:5f:c7:cb:28:90:96:bd:0f:76:88:9b:50:83:74:
         8e:d9:68:69:65:19:f9:c1:e0:d8:5c:49:71:91:4a:be:e7:20:
         8d:9a:41:10:8f:37:42:64:5e:5d:15:da:71:55:de:ed:b3:2e:
         67:bd:f4:e4:56:cb:9f:46:44:48:ce:f0:ec:a8:5f:0d:fe:09:
         a8:d1:f4:cf:10:88:fb:9b:bc:43:82:9e:45:ed:b8:e4:aa:af:
         38:72:a8:4b:1c:72:54:bb:cb:e2:c8:4c:3b:6d:14:fa:41:2a:
         6f:49:36:be:51:b4:fd:ae:44:1e:b7:e5:f3:58:f5:f6:2e:c9:
         41:25:b6:8b:0f:6f:93:fe:0a:cd:0a:7e:a0:14:fc:9d:bc:34:
         d3:d0:20:95:de:6c:b7:c4:41:3d:84:43:14:19:41:b1:fe:4c:
         99:51:b9:f2:02:91:4b:05:a0:99:1d:ca:dc:97:1a:78:e3:5c:
         8b:86:27:4a:98:a4:98:59:db:5d:58:f0:1d:2f:df:c5:75:3d:
         0e:4f:1c:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5J8bYXspKeJiwq4vph59RXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIxMDk1MDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRkNzQ1N2JkNzFjMDk0MWQ3NGQyZDEwYmIwODYzMzhlOTAzZjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpy8YX9BaQ7CvOGI8lENzPktfs8i
HdEJSNqZBus9Cstew/QFoNI0gHIXQjR6u/1FWERpU7KnkXB446Sc/tl7/6k6xoEn
IMuC83j/WbYbTcmdiE7rtmqfw/0zYUR1xsXa0aCgefKLHOm1xqmdmtVMCmGyTIDY
47pcFI2ZWIvwFOgB8VXMHQ1Mc46BdZdSiosOtwkLTdIaTlAJOnweTVx+eNnmDvv5
Jr2cT7gXpVtJaMhBA7llQbvs3jgKOi8ZPe5S/oeBCXmafe5wVM7PStnF7TXhsNNC
67k5pG/4bjSEtSOOighxWNPa2MYgIeo4CpDP+53W1/8dLn+LtLT/0RIhDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPVNdFe9ccCUHXTS0QuwhjOOkD+WMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOVUxMFY3MXh3SlFkZE5MUkM3Q0dNNDZRUDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgJAwQA
UpnzMA0GCSqGSIb3DQEBCwUAA4IBAQBE35n6bo6/ST1X6V9KN5drVhAAekDGUpDS
H0yeunw75WZcVfUIgJ+jevE2Ahc4inKmhgMCTwY308DLX8fLKJCWvQ92iJtQg3SO
2WhpZRn5weDYXElxkUq+5yCNmkEQjzdCZF5dFdpxVd7tsy5nvfTkVsufRkRIzvDs
qF8N/gmo0fTPEIj7m7xDgp5F7bjkqq84cqhLHHJUu8viyEw7bRT6QSpvSTa+UbT9
rkQet+XzWPX2LslBJbaLD2+T/grNCn6gFPydvDTT0CCV3my3xEE9hEMUGUGx/kyZ
UbnyApFLBaCZHcrclxp441yLhidKmKSYWdtdWPAdL9/FdT0OTxza
-----END CERTIFICATE-----