Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xuu4ybHeaQks1HMFmxMfozIeP1A.roa
File:                     Xuu4ybHeaQks1HMFmxMfozIeP1A.roa (raw, json)
Hash identifier:          Cb0xgrYhfPJITiEwBl4xYuCtThP2ghS5/CB2hi98I68=
Subject key identifier:   5E:EB:B8:C9:B1:DE:69:09:2C:D4:73:05:9B:13:1F:A3:32:1E:3F:50
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E820B71E80DF3B0723F2F8BE3D2DFF5B0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xuu4ybHeaQks1HMFmxMfozIeP1A.roa
Signing time:             Mon 01 Jun 2026 07:17:28 +0000
ROA not before:           Mon 01 Jun 2026 07:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55177
IP address blocks:        82.152.213.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:0b:71:e8:0d:f3:b0:72:3f:2f:8b:e3:d2:df:f5:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  1 07:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5eebb8c9b1de69092cd473059b131fa3321e3f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e9:22:29:7c:ee:85:5a:5b:00:f8:ea:6c:5a:
                    9f:6c:f8:5b:ab:59:46:fc:fc:b7:c2:40:a2:7a:57:
                    dc:6a:c0:f3:4e:9d:df:80:9e:10:3e:e0:70:76:2e:
                    57:bf:64:b6:b5:2f:9d:b4:c5:78:bd:89:82:16:20:
                    06:33:ee:69:98:f3:94:c9:60:bd:a0:54:ad:31:3c:
                    c2:d9:ca:c7:41:eb:cf:88:56:5d:e4:d9:a7:03:d0:
                    de:fb:6b:56:8d:bb:22:df:03:6c:2b:5e:b6:45:fa:
                    07:f6:fd:4d:a2:8a:1d:98:43:4f:d1:9e:80:f3:8e:
                    7d:9d:62:65:0e:85:6e:ab:03:3e:8b:a8:d8:c3:a5:
                    ed:c0:a2:d8:36:c8:c8:8c:8d:8b:9d:63:8b:c1:a8:
                    4c:0f:a1:55:4e:1f:d0:a6:90:c6:cb:cd:ba:50:4b:
                    e8:de:54:45:ca:dd:64:60:cb:e6:17:45:67:a4:88:
                    ab:88:78:a6:c4:bd:31:64:24:7a:41:1a:83:13:16:
                    fb:63:e0:ec:78:1f:3a:83:04:8f:68:06:41:1f:d3:
                    94:07:b5:e6:32:b7:32:e4:83:1f:a5:65:6c:86:95:
                    67:6d:91:68:55:3d:24:61:1b:07:d3:69:b7:7a:ce:
                    22:42:bb:d5:ef:d4:84:92:fe:8f:1f:2a:16:58:a2:
                    9c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:EB:B8:C9:B1:DE:69:09:2C:D4:73:05:9B:13:1F:A3:32:1E:3F:50
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xuu4ybHeaQks1HMFmxMfozIeP1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.213.0/24
                  82.153.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:32:b0:32:40:5a:42:c5:9a:94:f5:f8:de:52:cd:93:fd:c1:
         f8:70:69:90:81:a6:15:7b:de:f7:21:e2:f4:6d:3e:f5:7f:8e:
         04:3e:2c:14:b5:cc:06:84:eb:d3:2a:10:be:89:67:8c:04:96:
         d6:67:34:3b:82:f2:02:2e:eb:09:ad:56:32:01:8c:78:d4:26:
         65:ca:dc:08:fb:65:01:a1:e0:85:88:76:57:47:25:73:ab:b3:
         7e:93:b0:ef:96:28:9c:70:ef:73:9b:42:9e:4b:09:13:30:34:
         34:c0:0b:81:cb:96:1a:a6:ad:50:57:d0:e1:ec:7f:45:3c:4d:
         84:db:57:4e:63:38:0b:74:d3:17:0b:8c:97:06:89:75:85:c1:
         a4:6a:97:2b:1e:a9:f2:b8:8a:02:e8:d3:0d:12:5c:d4:0c:21:
         fd:f1:7a:b0:98:f6:56:42:86:ed:d2:e6:33:f9:ef:55:64:1b:
         6f:ac:f1:a8:ed:22:dd:12:1f:f6:0a:5e:7e:bd:a6:10:7d:cd:
         55:50:a8:67:c5:2a:cd:50:cf:ee:e0:86:21:4d:e6:13:ab:8f:
         2a:03:4d:b7:cc:ff:8c:c2:10:34:f6:38:78:12:8a:77:db:15:
         cd:3e:b0:17:99:79:60:ea:af:ee:76:92:0d:5c:c0:a1:6e:91:
         cc:77:93:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6CC3HoDfOwcj8vi+PS3/WwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMDcxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWViYjhjOWIxZGU2OTA5MmNkNDczMDU5YjEzMWZhMzMyMWUzZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+kiKXzuhVpbAPjqbFqfbPhbq1lG
/Py3wkCielfcasDzTp3fgJ4QPuBwdi5Xv2S2tS+dtMV4vYmCFiAGM+5pmPOUyWC9
oFStMTzC2crHQevPiFZd5NmnA9De+2tWjbsi3wNsK162RfoH9v1NooodmENP0Z6A
8459nWJlDoVuqwM+i6jYw6XtwKLYNsjIjI2LnWOLwahMD6FVTh/QppDGy826UEvo
3lRFyt1kYMvmF0VnpIiriHimxL0xZCR6QRqDExb7Y+DseB86gwSPaAZBH9OUB7Xm
Mrcy5IMfpWVshpVnbZFoVT0kYRsH02m3es4iQrvV79SEkv6PHyoWWKKcuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF7ruMmx3mkJLNRzBZsTH6MyHj9QMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHV1NHliSGVhUWtzMUhNRm14TWZvekllUDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpjVAwQA
UpneMA0GCSqGSIb3DQEBCwUAA4IBAQCaMrAyQFpCxZqU9fjeUs2T/cH4cGmQgaYV
e973IeL0bT71f44EPiwUtcwGhOvTKhC+iWeMBJbWZzQ7gvICLusJrVYyAYx41CZl
ytwI+2UBoeCFiHZXRyVzq7N+k7DvliiccO9zm0KeSwkTMDQ0wAuBy5Yapq1QV9Dh
7H9FPE2E21dOYzgLdNMXC4yXBol1hcGkapcrHqnyuIoC6NMNElzUDCH98XqwmPZW
Qobt0uYz+e9VZBtvrPGo7SLdEh/2Cl5+vaYQfc1VUKhnxSrNUM/u4IYhTeYTq48q
A023zP+MwhA09jh4Eop32xXNPrAXmXlg6q/udpINXMChbpHMd5NH
-----END CERTIFICATE-----