Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lae8CBuTm5cfTEwHfOqKWZxN17M.roa
File:                     Lae8CBuTm5cfTEwHfOqKWZxN17M.roa (raw, json)
Hash identifier:          pzM6AeKfZTsXxWkpowkWSgUppavwdQG+H+/J/T8BrnA=
Subject key identifier:   2D:A7:BC:08:1B:93:9B:97:1F:4C:4C:07:7C:EA:8A:59:9C:4D:D7:B3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E2ACB76A5C58379C3C2301DFA91DC5910
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lae8CBuTm5cfTEwHfOqKWZxN17M.roa
Signing time:             Fri 15 May 2026 08:40:37 +0000
ROA not before:           Fri 15 May 2026 08:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46370
IP address blocks:        213.130.159.0/24 maxlen: 24
                          213.218.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:cb:76:a5:c5:83:79:c3:c2:30:1d:fa:91:dc:59:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 15 08:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2da7bc081b939b971f4c4c077cea8a599c4dd7b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b1:c2:4c:de:4d:bb:ef:49:86:6e:3b:90:56:
                    ef:5b:6c:9c:94:dd:2c:3f:35:b4:1c:6c:9e:35:fb:
                    a4:f9:89:27:63:30:2c:1e:3a:ca:a2:45:54:53:c1:
                    4a:3b:03:d5:8d:51:ba:bf:a5:2c:02:7e:d7:c2:eb:
                    c0:21:99:e4:2d:ba:97:36:f2:25:2b:d5:90:ae:36:
                    44:b2:4f:b1:e7:43:36:69:d2:61:d4:f9:46:0f:71:
                    3a:04:ec:a1:94:0e:82:4b:59:23:6d:fa:09:59:1c:
                    38:b0:95:74:54:c0:36:d8:ac:6d:a1:0c:31:e0:0e:
                    f7:93:82:b8:b0:8a:64:36:2c:2e:10:16:f7:42:4c:
                    3f:e4:2f:24:78:93:9b:e5:87:ba:e1:5f:5b:82:a3:
                    06:06:38:28:c0:10:e3:98:f1:d6:5b:d5:01:62:2d:
                    de:29:5e:f4:90:b2:2c:04:3b:aa:7c:49:bc:eb:47:
                    0f:c1:5d:d0:84:83:d8:fe:6c:8f:90:ef:99:96:19:
                    f2:b2:d9:60:72:57:be:ed:d7:5a:ff:dc:da:09:eb:
                    3f:20:03:76:e0:f6:b6:15:29:6c:8f:f3:d4:7e:7f:
                    fe:e3:90:9b:1b:70:26:64:6a:43:5f:57:e4:14:66:
                    79:d7:e2:9c:3e:69:2b:c8:43:ac:fa:70:dc:e2:ac:
                    81:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:A7:BC:08:1B:93:9B:97:1F:4C:4C:07:7C:EA:8A:59:9C:4D:D7:B3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lae8CBuTm5cfTEwHfOqKWZxN17M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.159.0/24
                  213.218.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:95:f4:dc:84:9b:71:b6:8a:2f:82:5b:e7:9f:fe:6e:2b:42:
         ae:4e:09:23:1a:30:75:06:54:ab:96:6e:95:d8:e6:45:ab:36:
         56:28:1a:93:a1:ae:ba:53:fe:91:0f:ef:c7:31:85:8e:3f:f1:
         59:9e:5a:87:d8:50:bc:20:64:05:2b:1b:4f:52:28:8d:c1:32:
         8e:75:b2:be:48:84:94:8e:95:e2:00:26:4a:52:06:79:05:69:
         5b:d6:05:0c:ac:d2:48:00:c3:fb:94:52:f5:8c:b7:e3:09:a8:
         eb:4c:ae:87:d3:b7:48:be:19:25:ba:5f:e0:ef:49:d0:3c:42:
         89:6b:22:0e:74:12:ba:f6:80:9e:01:f2:66:0c:3b:1b:32:d8:
         3d:ac:75:82:0c:3c:9f:78:6b:76:c1:1f:df:ef:1a:bd:b6:1f:
         eb:13:8e:47:c5:6a:e8:2b:b0:f9:57:02:81:90:5a:26:31:92:
         45:8f:d7:94:bb:db:31:6a:d9:10:79:26:96:c2:07:b0:af:ea:
         5e:57:8e:0d:64:06:87:eb:d4:46:d4:67:c0:75:b7:43:d8:09:
         45:e2:f1:2f:73:0f:a7:29:db:6d:e2:aa:c7:0c:3f:22:f6:89:
         87:2e:6b:90:7f:d3:54:e1:b1:0e:38:3d:7e:61:95:69:83:03:
         09:6a:3d:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4qy3alxYN5w8IwHfqR3FkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTE1MDg0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGE3YmMwODFiOTM5Yjk3MWY0YzRjMDc3Y2VhOGE1OTljNGRkN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrHCTN5Nu+9Jhm47kFbvW2yclN0s
PzW0HGyeNfuk+YknYzAsHjrKokVUU8FKOwPVjVG6v6UsAn7XwuvAIZnkLbqXNvIl
K9WQrjZEsk+x50M2adJh1PlGD3E6BOyhlA6CS1kjbfoJWRw4sJV0VMA22KxtoQwx
4A73k4K4sIpkNiwuEBb3Qkw/5C8keJOb5Ye64V9bgqMGBjgowBDjmPHWW9UBYi3e
KV70kLIsBDuqfEm860cPwV3QhIPY/myPkO+Zlhnystlgcle+7dda/9zaCes/IAN2
4Pa2FSlsj/PUfn/+45CbG3AmZGpDX1fkFGZ51+KcPmkryEOs+nDc4qyBcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC2nvAgbk5uXH0xMB3zqilmcTdezMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTGFlOENCdVRtNWNmVEV3SGZPcUtXWnhOMTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1YKfAwQA
1drRMA0GCSqGSIb3DQEBCwUAA4IBAQARlfTchJtxtoovglvnn/5uK0KuTgkjGjB1
BlSrlm6V2OZFqzZWKBqToa66U/6RD+/HMYWOP/FZnlqH2FC8IGQFKxtPUiiNwTKO
dbK+SISUjpXiACZKUgZ5BWlb1gUMrNJIAMP7lFL1jLfjCajrTK6H07dIvhklul/g
70nQPEKJayIOdBK69oCeAfJmDDsbMtg9rHWCDDyfeGt2wR/f7xq9th/rE45HxWro
K7D5VwKBkFomMZJFj9eUu9sxatkQeSaWwgewr+peV44NZAaH69RG1GfAdbdD2AlF
4vEvcw+nKdtt4qrHDD8i9omHLmuQf9NU4bEOOD1+YZVpgwMJaj2v
-----END CERTIFICATE-----