Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Rly3gu1XizK9EpbXoV8JJc-wk5g.roa
File:                     Rly3gu1XizK9EpbXoV8JJc-wk5g.roa (raw, json)
Hash identifier:          rA47GbKmOvj80bL+fJKI6e8kmRYj9BcM2PieEae7irU=
Subject key identifier:   46:5C:B7:82:ED:57:8B:32:BD:12:96:D7:A1:5F:09:25:CF:B0:93:98
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E83DAB273792BEF6BBB167256AB038815
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Rly3gu1XizK9EpbXoV8JJc-wk5g.roa
Signing time:             Mon 01 Jun 2026 15:43:28 +0000
ROA not before:           Mon 01 Jun 2026 15:43:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205733
IP address blocks:        82.152.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 12:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:da:b2:73:79:2b:ef:6b:bb:16:72:56:ab:03:88:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  1 15:43:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=465cb782ed578b32bd1296d7a15f0925cfb09398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:46:4f:7e:53:a5:78:1a:3f:ea:af:c1:65:b6:
                    d6:2b:b5:c0:1a:4a:88:50:0d:ee:2e:82:c1:0a:ff:
                    a1:be:fd:80:80:16:d3:bb:49:5d:a6:ac:d9:f5:ba:
                    8e:54:c2:84:94:8e:52:0a:27:6f:f3:23:43:c3:5d:
                    3a:05:15:83:26:da:45:e7:08:72:f9:d6:0b:6c:4e:
                    c4:79:27:4c:32:aa:e1:d7:a8:8d:bf:f0:3b:8a:88:
                    f3:d4:88:72:8d:c0:4d:5b:0b:c3:af:b9:a6:d0:96:
                    f7:0a:ec:98:e7:f2:90:ee:7c:69:5e:5d:d7:ae:96:
                    6c:f7:66:c2:7f:54:e0:0a:7b:a3:ba:1f:a0:93:bd:
                    2f:fd:bf:50:94:81:1d:ab:b9:f4:4b:62:e7:12:c9:
                    c9:0f:00:fe:1b:12:7b:e4:fe:82:d2:e9:a6:73:c5:
                    0f:5e:b1:40:a7:35:39:f6:eb:0e:a7:10:cf:3c:95:
                    f2:22:1a:a7:7d:b2:26:e8:ea:ac:ff:1b:32:0f:ef:
                    74:d4:d4:c4:25:8e:ff:e4:41:02:a8:a3:92:0e:2c:
                    c3:b6:23:5a:bd:3b:1a:af:47:18:2d:39:c8:49:22:
                    32:e7:74:bf:3f:57:aa:d4:4d:9f:e6:7b:af:55:ba:
                    bc:f7:6b:e3:ac:a0:14:7b:77:b2:32:2a:21:71:f8:
                    89:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:5C:B7:82:ED:57:8B:32:BD:12:96:D7:A1:5F:09:25:CF:B0:93:98
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Rly3gu1XizK9EpbXoV8JJc-wk5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:e0:3a:16:88:8f:b2:98:c8:5d:41:30:42:27:44:39:8c:c8:
         39:ef:8e:a1:e9:8b:0c:27:78:0a:3e:b2:2e:cc:01:d2:44:1d:
         14:02:fc:b9:bd:b5:29:95:c2:30:5f:33:3f:cc:77:4a:c0:5e:
         84:26:b0:7b:04:81:3c:09:7e:98:95:ad:84:ea:7e:16:16:11:
         66:ca:74:89:92:2c:f9:de:24:00:42:93:ad:46:39:8f:ab:39:
         43:f4:ee:6a:23:36:29:f6:44:91:07:ed:ea:1b:77:c3:5d:1e:
         7b:a8:ce:0e:15:be:3d:33:01:0b:6c:c0:16:9a:56:79:79:c6:
         16:60:32:93:cd:47:60:17:ad:88:29:dc:7a:08:e9:1a:b9:4c:
         41:23:31:fa:25:b5:1d:87:ad:4d:7a:8c:80:74:3a:bc:15:41:
         fd:af:68:f2:44:e9:ba:cc:4a:d0:e9:2a:b4:f9:e8:64:69:c5:
         d6:e7:5a:72:11:85:49:4c:a4:1e:87:10:c7:f1:c2:9c:f6:60:
         8d:59:04:ba:f1:53:8e:02:c6:29:37:c8:62:7b:e1:3a:76:61:
         5d:08:42:16:7e:d5:29:86:bc:23:11:21:b9:6e:de:b3:14:3e:
         99:9d:0e:d9:9d:dd:41:58:48:c2:13:05:06:92:3f:72:c0:d4:
         33:11:52:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6D2rJzeSvva7sWclarA4gVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMTU0MzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjVjYjc4MmVkNTc4YjMyYmQxMjk2ZDdhMTVmMDkyNWNmYjA5Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUZPflOleBo/6q/BZbbWK7XAGkqI
UA3uLoLBCv+hvv2AgBbTu0ldpqzZ9bqOVMKElI5SCidv8yNDw106BRWDJtpF5why
+dYLbE7EeSdMMqrh16iNv/A7iojz1IhyjcBNWwvDr7mm0Jb3CuyY5/KQ7nxpXl3X
rpZs92bCf1TgCnujuh+gk70v/b9QlIEdq7n0S2LnEsnJDwD+GxJ75P6C0ummc8UP
XrFApzU59usOpxDPPJXyIhqnfbIm6Oqs/xsyD+901NTEJY7/5EECqKOSDizDtiNa
vTsar0cYLTnISSIy53S/P1eq1E2f5nuvVbq892vjrKAUe3eyMiohcfiJcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZct4LtV4syvRKW16FfCSXPsJOYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUmx5M2d1MVhpeks5RXBiWG9WOEpKYy13azVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgLMA0G
CSqGSIb3DQEBCwUAA4IBAQAp4DoWiI+ymMhdQTBCJ0Q5jMg5746h6YsMJ3gKPrIu
zAHSRB0UAvy5vbUplcIwXzM/zHdKwF6EJrB7BIE8CX6Yla2E6n4WFhFmynSJkiz5
3iQAQpOtRjmPqzlD9O5qIzYp9kSRB+3qG3fDXR57qM4OFb49MwELbMAWmlZ5ecYW
YDKTzUdgF62IKdx6COkauUxBIzH6JbUdh61NeoyAdDq8FUH9r2jyROm6zErQ6Sq0
+ehkacXW51pyEYVJTKQehxDH8cKc9mCNWQS68VOOAsYpN8hie+E6dmFdCEIWftUp
hrwjESG5bt6zFD6ZnQ7Znd1BWEjCEwUGkj9ywNQzEVJn
-----END CERTIFICATE-----