Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ApHok6z3trCyws-BD-GO95WgY0U.roa
File:                     ApHok6z3trCyws-BD-GO95WgY0U.roa (raw, json)
Hash identifier:          awc/iAyw3eY6u4eV1I+WdwyEpS2Pbvt2nMyL1/Nhj+A=
Subject key identifier:   02:91:E8:93:AC:F7:B6:B0:B2:C2:CF:81:0F:E1:8E:F7:95:A0:63:45
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D484977C1CAF7F8522E624617CEF2DFBD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ApHok6z3trCyws-BD-GO95WgY0U.roa
Signing time:             Wed 01 Apr 2026 09:04:27 +0000
ROA not before:           Wed 01 Apr 2026 09:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        109.176.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:49:77:c1:ca:f7:f8:52:2e:62:46:17:ce:f2:df:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  1 09:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0291e893acf7b6b0b2c2cf810fe18ef795a06345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f9:d0:81:75:87:62:3b:d9:08:c6:f9:64:6d:
                    f6:eb:6f:47:de:3a:79:e4:5f:e0:61:30:43:b6:1f:
                    5b:48:b4:3f:22:1a:e5:af:88:1f:6d:b4:0f:74:87:
                    66:92:6a:7f:51:06:5c:75:b1:23:88:22:c6:26:b9:
                    18:ab:cc:ba:f0:b6:af:0d:89:d7:12:a6:a6:29:bd:
                    fd:ed:82:9e:75:a9:ee:00:1c:6f:f2:6e:d6:b2:80:
                    ce:0d:0f:46:0c:68:c1:2d:37:63:32:5a:3b:f5:8f:
                    8f:07:bb:ed:73:bd:04:1b:b1:54:7a:cc:e8:b5:fe:
                    b2:a3:2a:d3:64:25:47:94:48:9f:49:71:52:f4:03:
                    36:fa:73:6f:cd:69:3b:d2:1d:c6:e7:74:fa:78:de:
                    6d:b1:36:e1:18:73:af:ca:12:e5:a3:17:26:2a:c6:
                    c7:19:a6:86:0b:22:ad:76:3b:ef:32:e1:2b:22:2d:
                    e0:e8:e1:7e:80:ab:bc:0c:d3:b1:5f:84:71:4d:df:
                    e8:af:fc:fd:a4:ae:b5:b8:22:3b:39:79:91:c7:bc:
                    89:f0:fb:e7:83:85:2b:26:52:b1:6c:b5:16:1c:90:
                    d1:d9:6c:0a:8d:55:59:1c:83:20:70:2e:e1:79:38:
                    bc:c8:2b:3e:3c:f5:06:d1:28:d0:f6:86:b6:51:52:
                    3a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:91:E8:93:AC:F7:B6:B0:B2:C2:CF:81:0F:E1:8E:F7:95:A0:63:45
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ApHok6z3trCyws-BD-GO95WgY0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:7a:68:6f:d1:27:74:1a:e6:bc:bb:43:ee:bb:f3:66:1b:cc:
         86:12:1f:6c:73:63:93:fb:39:45:ad:95:7c:81:2c:fa:39:78:
         bf:30:a5:2c:85:ba:e1:5f:63:d4:8c:36:e9:30:b2:72:ae:94:
         2f:ce:86:ab:cf:60:18:6e:5d:40:75:c3:8e:b1:ac:cd:6c:bc:
         bb:6d:77:fe:f7:81:8a:ce:2e:9a:64:ce:4e:3f:5d:c8:2d:30:
         0e:2f:47:11:44:a6:17:6e:af:01:c4:b4:1a:7f:46:7d:20:65:
         16:e8:c8:87:b1:69:cc:7b:42:03:ce:84:ee:e5:0b:18:8d:aa:
         42:3d:6d:ed:bd:73:62:35:3c:67:54:19:eb:f9:bd:f1:dd:26:
         00:5c:27:20:d2:ed:3e:a0:31:69:81:47:ea:0f:78:b6:4b:b6:
         96:a6:73:41:61:4b:3f:68:9e:f7:c1:13:0a:f8:e6:b3:56:a3:
         0f:98:19:ff:15:89:da:66:12:a0:5b:4b:22:67:a2:c5:53:e0:
         df:9c:a8:9d:ee:a6:8c:c7:20:24:55:be:a1:ae:8f:fd:ce:73:
         19:7d:1c:89:3b:17:e5:ef:68:1b:5f:ba:06:16:26:91:24:af:
         a8:41:e2:89:88:68:1c:4b:61:bb:72:6a:ca:09:01:75:13:7f:
         4f:f0:7e:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ISXfByvf4Ui5iRhfO8t+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDAxMDkwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjkxZTg5M2FjZjdiNmIwYjJjMmNmODEwZmUxOGVmNzk1YTA2MzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovnQgXWHYjvZCMb5ZG32629H3jp5
5F/gYTBDth9bSLQ/Ihrlr4gfbbQPdIdmkmp/UQZcdbEjiCLGJrkYq8y68LavDYnX
EqamKb397YKedanuABxv8m7WsoDODQ9GDGjBLTdjMlo79Y+PB7vtc70EG7FUeszo
tf6yoyrTZCVHlEifSXFS9AM2+nNvzWk70h3G53T6eN5tsTbhGHOvyhLloxcmKsbH
GaaGCyKtdjvvMuErIi3g6OF+gKu8DNOxX4RxTd/or/z9pK61uCI7OXmRx7yJ8Pvn
g4UrJlKxbLUWHJDR2WwKjVVZHIMgcC7heTi8yCs+PPUG0SjQ9oa2UVI6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKR6JOs97awssLPgQ/hjveVoGNFMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQXBIb2s2ejN0ckN5d3MtQkQtR085NVdnWTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDQMA0G
CSqGSIb3DQEBCwUAA4IBAQA6emhv0Sd0Gua8u0Puu/NmG8yGEh9sc2OT+zlFrZV8
gSz6OXi/MKUshbrhX2PUjDbpMLJyrpQvzoarz2AYbl1AdcOOsazNbLy7bXf+94GK
zi6aZM5OP13ILTAOL0cRRKYXbq8BxLQaf0Z9IGUW6MiHsWnMe0IDzoTu5QsYjapC
PW3tvXNiNTxnVBnr+b3x3SYAXCcg0u0+oDFpgUfqD3i2S7aWpnNBYUs/aJ73wRMK
+OazVqMPmBn/FYnaZhKgW0siZ6LFU+DfnKid7qaMxyAkVb6hro/9znMZfRyJOxfl
72gbX7oGFiaRJK+oQeKJiGgcS2G7cmrKCQF1E39P8H4r
-----END CERTIFICATE-----