Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORL1BkgVIPKSQfGSUnoywh-rnN4.roa
File:                     ORL1BkgVIPKSQfGSUnoywh-rnN4.roa (raw, json)
Hash identifier:          EaWv9yC4u1vQtHNxwIYL9QFDvOoiaiJ4TgJD60deh3U=
Subject key identifier:   39:12:F5:06:48:15:20:F2:92:41:F1:92:52:7A:32:C2:1F:AB:9C:DE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E63F9D47E37F8EC5C351C4C4B92B20C15
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORL1BkgVIPKSQfGSUnoywh-rnN4.roa
Signing time:             Tue 26 May 2026 11:09:37 +0000
ROA not before:           Tue 26 May 2026 11:09:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31924
IP address blocks:        82.153.142.0/24 maxlen: 24
                          82.153.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:f9:d4:7e:37:f8:ec:5c:35:1c:4c:4b:92:b2:0c:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 11:09:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3912f506481520f29241f192527a32c21fab9cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:2d:b9:1e:49:36:ed:0d:ef:de:c9:32:7b:0e:
                    5b:11:ad:7b:39:91:cc:86:81:e9:81:92:52:67:66:
                    21:d4:38:3c:70:69:3c:79:21:bb:d7:cc:c4:5d:a8:
                    f8:af:d7:c4:75:37:47:2f:65:54:0e:33:01:03:33:
                    03:37:78:15:63:d7:a3:d3:55:bb:2e:48:ff:ab:fc:
                    fb:59:f1:15:3f:ac:fe:f9:5c:5b:ad:6b:a9:1e:f0:
                    0f:e1:57:f8:d7:3d:98:8e:ea:3e:4d:be:10:05:75:
                    40:f7:7c:0a:23:c2:d5:43:84:54:73:24:e6:8e:54:
                    29:0e:fb:5a:b2:72:c0:b6:15:d9:67:17:9f:01:2b:
                    58:be:45:fb:8d:23:95:fa:10:90:cd:27:1d:6c:c8:
                    24:51:a4:ea:2d:20:37:b3:71:5b:7e:49:6e:9d:1c:
                    45:18:34:3a:15:4a:09:26:27:d2:a0:0a:fd:a2:57:
                    09:20:74:51:36:f2:3c:ac:97:80:2f:1d:71:63:24:
                    bd:12:6d:b2:9b:e7:ca:69:71:87:1d:a2:2b:75:73:
                    58:7b:45:af:8a:59:5e:fe:33:be:cb:62:3e:27:db:
                    41:c3:f1:47:5c:8f:56:2f:ac:29:f1:1a:9b:21:85:
                    9a:1e:09:40:e3:c7:73:01:f0:8b:2d:c0:e9:99:68:
                    20:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:12:F5:06:48:15:20:F2:92:41:F1:92:52:7A:32:C2:1F:AB:9C:DE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORL1BkgVIPKSQfGSUnoywh-rnN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.142.0/24
                  82.153.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:f1:a8:64:5b:a6:ed:b5:8e:02:12:f3:6d:76:86:1e:98:f5:
         05:c2:47:7e:88:6c:48:d8:32:11:4d:55:1f:f6:f5:5c:6a:36:
         9a:20:a9:46:ff:9f:57:dd:a3:a1:80:d6:96:07:95:e6:8c:c3:
         c1:ba:5c:d2:b6:5c:c2:3c:cd:fd:a8:9e:85:26:7d:82:91:16:
         34:eb:d1:de:c2:40:e1:7f:0e:b8:fd:e8:0a:8a:7d:c5:65:df:
         14:7c:34:90:8c:22:62:6e:9d:86:10:96:4b:ab:a3:44:dc:e3:
         e9:47:e1:2a:81:dc:52:0c:cc:a2:cc:6d:61:f7:fa:56:8b:4e:
         21:2f:57:73:8e:ec:83:76:da:5b:89:0f:7b:ca:34:8f:8f:eb:
         df:66:89:52:5a:4e:a9:c4:cd:cf:f5:5e:70:71:b3:cd:60:af:
         18:3e:b1:45:7c:dd:2a:a5:f4:c5:23:a5:07:5a:dc:92:b0:a7:
         0d:47:1f:75:6c:86:2d:4e:31:d9:a8:10:95:9a:34:85:d2:60:
         15:d4:86:7f:7d:a1:e5:8d:39:c2:e9:0a:32:a9:90:78:23:df:
         12:61:fa:2b:09:43:91:c4:8f:ba:ee:6b:5b:e2:8c:bc:cb:14:
         5a:d5:b8:e3:d4:6d:e2:eb:e3:83:34:9e:5d:98:8e:5e:93:52:
         d4:d4:32:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5j+dR+N/jsXDUcTEuSsgwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MTEwOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTEyZjUwNjQ4MTUyMGYyOTI0MWYxOTI1MjdhMzJjMjFmYWI5Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgy25Hkk27Q3v3skyew5bEa17OZHM
hoHpgZJSZ2Yh1Dg8cGk8eSG718zEXaj4r9fEdTdHL2VUDjMBAzMDN3gVY9ej01W7
Lkj/q/z7WfEVP6z++VxbrWupHvAP4Vf41z2Yjuo+Tb4QBXVA93wKI8LVQ4RUcyTm
jlQpDvtasnLAthXZZxefAStYvkX7jSOV+hCQzScdbMgkUaTqLSA3s3FbfklunRxF
GDQ6FUoJJifSoAr9olcJIHRRNvI8rJeALx1xYyS9Em2ym+fKaXGHHaIrdXNYe0Wv
ille/jO+y2I+J9tBw/FHXI9WL6wp8RqbIYWaHglA48dzAfCLLcDpmWgg4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDkS9QZIFSDykkHxklJ6MsIfq5zeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT1JMMUJrZ1ZJUEtTUWZHU1Vub3l3aC1ybk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpmOAwQA
UpnoMA0GCSqGSIb3DQEBCwUAA4IBAQCI8ahkW6bttY4CEvNtdoYemPUFwkd+iGxI
2DIRTVUf9vVcajaaIKlG/59X3aOhgNaWB5XmjMPBulzStlzCPM39qJ6FJn2CkRY0
69HewkDhfw64/egKin3FZd8UfDSQjCJibp2GEJZLq6NE3OPpR+EqgdxSDMyizG1h
9/pWi04hL1dzjuyDdtpbiQ97yjSPj+vfZolSWk6pxM3P9V5wcbPNYK8YPrFFfN0q
pfTFI6UHWtySsKcNRx91bIYtTjHZqBCVmjSF0mAV1IZ/faHljTnC6QoyqZB4I98S
YforCUORxI+67mtb4oy8yxRa1bjj1G3i6+ODNJ5dmI5ek1LU1DII
-----END CERTIFICATE-----