Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y1O2rpTlxhYp0M32QGUOO6TGvSE.roa
File:                     Y1O2rpTlxhYp0M32QGUOO6TGvSE.roa (raw, json)
Hash identifier:          b/KRAfhwhpotxkfEjJzMn0ZeR8w73hguVwB9qJnUO7s=
Subject key identifier:   63:53:B6:AE:94:E5:C6:16:29:D0:CD:F6:40:65:0E:3B:A4:C6:BD:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D4E184588AAA7AE7D3575BFAFAA6DAE71
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y1O2rpTlxhYp0M32QGUOO6TGvSE.roa
Signing time:             Thu 02 Apr 2026 12:08:26 +0000
ROA not before:           Thu 02 Apr 2026 12:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215287
IP address blocks:        37.98.149.0/24 maxlen: 24
                          80.240.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:18:45:88:aa:a7:ae:7d:35:75:bf:af:aa:6d:ae:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  2 12:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6353b6ae94e5c61629d0cdf640650e3ba4c6bd21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:48:36:f1:f7:df:27:67:ee:f2:d3:9b:1c:ac:
                    71:bf:fd:51:11:0a:fe:80:91:9a:72:7e:49:d7:60:
                    41:43:13:a4:0e:c0:bf:05:22:1d:3d:30:ec:3d:cf:
                    b3:7a:55:fc:b3:5a:cb:3f:69:44:14:af:61:47:f6:
                    51:b5:d0:ab:51:f5:5a:cd:9b:ca:76:e2:a1:70:35:
                    65:71:b3:b8:98:bc:60:f1:43:4e:aa:2a:69:c2:5c:
                    8a:d1:0f:00:b9:a0:f5:00:1c:82:52:d8:0b:48:ce:
                    35:a5:03:0e:61:6b:19:83:3c:81:02:a7:0f:5a:f7:
                    70:b5:3b:ca:4b:4a:f7:fa:10:a3:a0:a4:3c:c9:4f:
                    27:a9:2f:96:a7:db:70:67:65:c4:d1:6b:e4:83:cb:
                    e1:de:d7:fb:97:83:f2:0c:ef:32:75:4f:d2:45:82:
                    70:d1:32:37:90:af:11:be:cd:ac:cd:f8:5e:58:90:
                    92:db:b8:7e:dd:69:fc:10:22:11:da:02:ad:cd:7d:
                    aa:f4:ec:60:2f:58:cd:2d:f2:51:f9:65:1d:5d:cf:
                    d8:87:6d:cd:be:b4:fb:73:7b:39:b6:48:3c:13:19:
                    6a:e4:11:50:cf:85:a7:5a:a9:d1:f4:46:6d:07:0d:
                    55:90:5c:3f:c0:ce:ff:ad:96:cb:cb:fe:dd:a5:7e:
                    9d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:53:B6:AE:94:E5:C6:16:29:D0:CD:F6:40:65:0E:3B:A4:C6:BD:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y1O2rpTlxhYp0M32QGUOO6TGvSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.149.0/24
                  80.240.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:54:6a:14:8e:ad:c8:5a:a5:5f:9e:9d:e6:1d:40:a1:87:20:
         86:b7:a0:60:7f:13:a5:42:a7:9c:de:ac:a0:10:df:06:e1:98:
         54:b3:6c:9c:c4:4c:e2:c7:c7:ef:ba:b3:d1:0e:62:0d:7f:77:
         85:55:82:61:db:9a:97:8d:d0:44:cf:20:9a:cb:9b:23:89:56:
         8d:a5:f7:10:30:28:1d:02:ed:e5:cc:f6:70:62:57:f3:fd:e7:
         22:5a:f4:b0:99:0e:e3:60:3b:0f:06:e0:cc:67:dd:c7:47:7b:
         ee:f7:df:99:3d:c4:f9:0c:82:36:54:f8:c0:d0:f8:4c:1a:3c:
         70:cc:e4:cc:d0:8d:f5:75:31:06:26:5f:8f:6e:66:b0:a2:09:
         6a:c3:ab:78:8a:a7:41:51:7a:af:81:62:e7:3c:b4:e7:cd:c2:
         b2:31:6f:4b:8f:39:c3:93:d5:53:c8:aa:4d:b6:1d:29:f2:7d:
         17:f2:e0:72:16:f3:19:d7:e5:59:c3:fc:7a:cb:cb:91:0a:89:
         b1:ef:51:1b:25:71:7e:a6:98:53:0e:3c:e6:96:fb:89:be:41:
         64:8a:fc:54:6e:b8:4a:a9:65:9e:e4:b0:5f:8f:71:ee:9d:5c:
         a1:53:3e:56:f0:fe:b7:b6:a9:f9:80:3c:58:6d:d7:13:9d:df:
         19:31:48:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1OGEWIqqeufTV1v6+qba5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDAyMTIwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzUzYjZhZTk0ZTVjNjE2MjlkMGNkZjY0MDY1MGUzYmE0YzZiZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ug28fffJ2fu8tObHKxxv/1REQr+
gJGacn5J12BBQxOkDsC/BSIdPTDsPc+zelX8s1rLP2lEFK9hR/ZRtdCrUfVazZvK
duKhcDVlcbO4mLxg8UNOqippwlyK0Q8AuaD1AByCUtgLSM41pQMOYWsZgzyBAqcP
WvdwtTvKS0r3+hCjoKQ8yU8nqS+Wp9twZ2XE0Wvkg8vh3tf7l4PyDO8ydU/SRYJw
0TI3kK8Rvs2szfheWJCS27h+3Wn8ECIR2gKtzX2q9OxgL1jNLfJR+WUdXc/Yh23N
vrT7c3s5tkg8Exlq5BFQz4WnWqnR9EZtBw1VkFw/wM7/rZbLy/7dpX6dIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGNTtq6U5cYWKdDN9kBlDjukxr0hMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWTFPMnJwVGx4aFlwME0zMlFHVU9PNlRHdlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJWKVAwQA
UPBbMA0GCSqGSIb3DQEBCwUAA4IBAQCoVGoUjq3IWqVfnp3mHUChhyCGt6BgfxOl
Qqec3qygEN8G4ZhUs2ycxEzix8fvurPRDmINf3eFVYJh25qXjdBEzyCay5sjiVaN
pfcQMCgdAu3lzPZwYlfz/eciWvSwmQ7jYDsPBuDMZ93HR3vu99+ZPcT5DII2VPjA
0PhMGjxwzOTM0I31dTEGJl+Pbmawoglqw6t4iqdBUXqvgWLnPLTnzcKyMW9LjznD
k9VTyKpNth0p8n0X8uByFvMZ1+VZw/x6y8uRComx71EbJXF+pphTDjzmlvuJvkFk
ivxUbrhKqWWe5LBfj3HunVyhUz5W8P63tqn5gDxYbdcTnd8ZMUiY
-----END CERTIFICATE-----