Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FT2PIYDKDRArER1gswr0nhUnDew.roa
File:                     FT2PIYDKDRArER1gswr0nhUnDew.roa (raw, json)
Hash identifier:          A68J5u8hNdjADiXLIbK857MzQ2Gxx8Cv8lr33RnIcgM=
Subject key identifier:   15:3D:8F:21:80:CA:0D:10:2B:11:1D:60:B3:0A:F4:9E:15:27:0D:EC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EDEB6E96329E3EA2605CC1DBA8EC89A17
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FT2PIYDKDRArER1gswr0nhUnDew.roa
Signing time:             Fri 19 Jun 2026 07:09:49 +0000
ROA not before:           Fri 19 Jun 2026 07:09:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402343
IP address blocks:        82.153.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:de:b6:e9:63:29:e3:ea:26:05:cc:1d:ba:8e:c8:9a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 19 07:09:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=153d8f2180ca0d102b111d60b30af49e15270dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:87:0a:c9:a5:8e:f2:d4:eb:65:83:5b:5e:88:
                    5d:ea:43:c9:91:a8:41:89:f5:dd:5b:55:64:f0:1f:
                    4e:e7:fd:dc:5f:89:0f:20:42:6c:71:c8:de:f0:d7:
                    91:de:2c:6e:fc:9d:a9:12:ce:cf:5b:9d:58:1a:ee:
                    58:8f:bf:bf:82:d4:66:8e:15:04:11:a7:95:fe:6e:
                    af:13:d3:de:3c:df:c7:4b:4a:35:47:97:33:0c:19:
                    57:8b:7d:d0:3a:7c:4b:ab:ee:84:47:b9:fe:af:6c:
                    05:5e:3b:31:be:78:e8:92:61:f0:1c:e4:07:62:4d:
                    e9:21:70:b1:fe:3e:cc:5a:db:39:24:fd:f3:16:b2:
                    c6:5c:e6:47:d2:60:32:c5:e5:39:3a:89:d6:1c:e9:
                    78:4e:34:f0:8b:a7:59:62:b1:c6:5f:3a:97:64:b5:
                    35:f7:6e:9f:ce:74:2f:9c:1d:de:5d:d3:4a:76:9c:
                    bb:db:f4:e1:39:96:0f:27:d0:ec:69:e6:02:9e:28:
                    fc:5c:14:09:83:0b:1b:0c:4b:f9:37:9e:e2:24:f0:
                    fe:3d:f1:19:98:4f:d8:e8:f2:7b:7c:f5:00:e9:97:
                    f0:66:10:c3:0c:af:ae:4b:cc:72:dc:75:65:af:b6:
                    87:ab:c4:94:bc:79:b3:89:90:7a:7f:d7:a1:73:af:
                    82:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3D:8F:21:80:CA:0D:10:2B:11:1D:60:B3:0A:F4:9E:15:27:0D:EC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FT2PIYDKDRArER1gswr0nhUnDew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:94:1a:12:d6:c5:88:1a:33:83:af:23:6b:ea:91:fc:28:1d:
         ed:42:56:5b:1b:ad:8e:10:c5:5e:62:44:0c:d2:09:24:3d:e8:
         90:2a:4d:6b:8b:a9:8d:41:57:73:17:41:fe:f5:c7:4c:bf:92:
         94:aa:8e:b9:d9:33:68:5d:bc:40:da:55:e6:85:c0:36:78:87:
         89:01:07:72:99:c1:09:7e:b4:b5:06:5d:9b:eb:e1:ec:cd:ad:
         e0:06:84:08:9e:a6:d4:8d:f7:d0:e4:ef:d8:31:13:48:d4:ea:
         08:06:79:b6:36:a3:2c:22:0e:7e:fb:29:b1:63:05:86:9d:55:
         d5:cd:c4:47:20:07:ae:01:f7:82:19:6f:c9:5e:ba:61:f7:eb:
         56:c2:4c:e6:38:07:cd:9b:42:a6:83:50:0c:8d:6b:28:02:f2:
         ef:0f:db:8d:9c:12:2e:fa:76:4e:54:de:e8:1d:95:e4:92:36:
         78:7b:b7:15:85:7b:2f:9e:0f:15:3d:5b:ee:44:eb:68:62:12:
         49:54:11:28:bb:21:e9:a1:58:45:1d:95:0a:a1:ba:8b:07:f4:
         40:b3:a6:be:f0:fc:e9:e1:85:1d:54:0e:00:b7:dd:5d:cd:99:
         f8:54:b6:5a:0b:be:c1:cb:85:1f:8d:76:ae:7e:48:60:54:6a:
         3b:0c:7d:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7etuljKePqJgXMHbqOyJoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjE5MDcwOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNkOGYyMTgwY2EwZDEwMmIxMTFkNjBiMzBhZjQ5ZTE1MjcwZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IcKyaWO8tTrZYNbXohd6kPJkahB
ifXdW1Vk8B9O5/3cX4kPIEJsccje8NeR3ixu/J2pEs7PW51YGu5Yj7+/gtRmjhUE
EaeV/m6vE9PePN/HS0o1R5czDBlXi33QOnxLq+6ER7n+r2wFXjsxvnjokmHwHOQH
Yk3pIXCx/j7MWts5JP3zFrLGXOZH0mAyxeU5OonWHOl4TjTwi6dZYrHGXzqXZLU1
926fznQvnB3eXdNKdpy72/ThOZYPJ9DsaeYCnij8XBQJgwsbDEv5N57iJPD+PfEZ
mE/Y6PJ7fPUA6ZfwZhDDDK+uS8xy3HVlr7aHq8SUvHmziZB6f9ehc6+CSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBU9jyGAyg0QKxEdYLMK9J4VJw3sMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRlQyUElZREtEUkFyRVIxZ3N3cjBuaFVuRGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpllMA0G
CSqGSIb3DQEBCwUAA4IBAQA/lBoS1sWIGjODryNr6pH8KB3tQlZbG62OEMVeYkQM
0gkkPeiQKk1ri6mNQVdzF0H+9cdMv5KUqo652TNoXbxA2lXmhcA2eIeJAQdymcEJ
frS1Bl2b6+Hsza3gBoQInqbUjffQ5O/YMRNI1OoIBnm2NqMsIg5++ymxYwWGnVXV
zcRHIAeuAfeCGW/JXrph9+tWwkzmOAfNm0Kmg1AMjWsoAvLvD9uNnBIu+nZOVN7o
HZXkkjZ4e7cVhXsvng8VPVvuROtoYhJJVBEouyHpoVhFHZUKobqLB/RAs6a+8Pzp
4YUdVA4At91dzZn4VLZaC77By4UfjXaufkhgVGo7DH1h
-----END CERTIFICATE-----