Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_LzXjCU43HSTLuFAIPH3nqBVroo.roa
File:                     _LzXjCU43HSTLuFAIPH3nqBVroo.roa (raw, json)
Hash identifier:          pbpZBpQV+rKPNfq4xJbTB9c6dscQKyQ6Ix8NecBtJ5o=
Subject key identifier:   FC:BC:D7:8C:25:38:DC:74:93:2E:E1:40:20:F1:F7:9E:A0:55:AE:8A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D3DE5B9924956C3BD014E4EF3D54A5A9A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_LzXjCU43HSTLuFAIPH3nqBVroo.roa
Signing time:             Mon 30 Mar 2026 08:39:18 +0000
ROA not before:           Mon 30 Mar 2026 08:39:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204942
IP address blocks:        89.213.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3d:e5:b9:92:49:56:c3:bd:01:4e:4e:f3:d5:4a:5a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 30 08:39:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcbcd78c2538dc74932ee14020f1f79ea055ae8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d6:b4:43:ed:ba:1c:35:16:ea:0b:17:83:58:
                    86:3b:53:8b:83:3f:2b:95:30:ef:ea:bf:6d:66:51:
                    68:7c:c6:cb:f2:a3:8d:94:70:3b:fb:5a:90:08:46:
                    84:3d:04:0a:4d:af:cf:25:0b:74:c7:4f:1d:58:6f:
                    9c:e5:2b:31:f1:67:3c:99:3c:a9:e1:78:9d:41:52:
                    fb:22:69:cc:bb:35:a3:4a:35:9f:3b:e7:51:c9:ab:
                    b3:71:cf:7a:b1:51:57:d9:c0:99:e8:9a:39:0e:05:
                    fb:bf:cc:d8:ee:92:b4:18:52:17:67:42:dd:15:97:
                    02:38:86:c3:66:8a:4e:6c:14:b6:43:c4:47:03:39:
                    5a:52:03:bc:fc:48:8f:27:1d:4b:41:04:a9:76:05:
                    92:c7:42:23:13:4f:26:24:78:33:06:2e:17:bc:4f:
                    1f:c9:01:a0:20:14:c7:6a:1a:fc:5d:ff:c0:79:ed:
                    01:d2:78:59:46:de:98:c3:97:9f:43:bb:27:03:e5:
                    f7:08:77:0e:b0:94:d2:dd:a3:6e:b4:d9:3f:6b:d9:
                    28:45:2f:21:69:93:56:31:b5:71:8c:ff:6a:9f:33:
                    30:93:7e:72:2d:a3:88:f3:60:37:37:82:68:32:bf:
                    ef:62:b9:a6:ef:ae:a1:aa:97:41:33:74:43:fd:fc:
                    b7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:BC:D7:8C:25:38:DC:74:93:2E:E1:40:20:F1:F7:9E:A0:55:AE:8A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_LzXjCU43HSTLuFAIPH3nqBVroo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:59:fa:ac:3c:f1:a3:46:95:4e:d3:6e:35:d1:e1:8f:53:6a:
         a9:f3:4a:b4:37:35:16:84:e4:69:2f:cc:ef:95:fe:e7:9b:d2:
         1a:d0:93:87:1d:b9:77:8d:82:18:8d:eb:3b:18:71:8c:5d:41:
         8b:c7:82:af:7d:f6:ad:d7:a3:c8:ea:32:58:a1:ef:63:a5:c8:
         86:a0:1b:d2:22:d6:9d:c1:51:4d:67:49:fc:e2:a5:ed:34:19:
         3b:41:d3:cc:92:e1:4a:f6:59:8e:ad:50:ce:8e:b7:2c:af:a1:
         2f:4d:d3:b4:42:b0:12:e1:aa:8e:8a:af:55:18:42:33:4d:f8:
         4f:20:5d:59:e6:53:ea:28:d3:0e:60:4c:34:c7:8e:fa:8b:60:
         88:b7:44:89:7b:42:4f:c5:78:34:69:a4:bc:c7:d2:b7:5f:c5:
         92:90:fb:ca:97:45:f7:20:46:56:14:0e:8a:75:11:0d:c8:08:
         ce:33:f4:82:04:7e:4b:59:fb:10:ea:2c:27:63:2b:6d:f8:4d:
         c8:32:8d:06:ad:5d:77:3d:ec:1e:4b:c4:0a:8e:d2:f8:ab:2b:
         3a:a2:7d:5d:24:77:78:81:eb:66:7e:c1:66:d7:dd:3e:56:01:
         5d:81:6d:ec:c7:e2:5a:82:eb:75:03:53:2f:34:ad:f5:d6:ae:
         8a:c1:24:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ095bmSSVbDvQFOTvPVSlqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzMwMDgzOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2JjZDc4YzI1MzhkYzc0OTMyZWUxNDAyMGYxZjc5ZWEwNTVhZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9a0Q+26HDUW6gsXg1iGO1OLgz8r
lTDv6r9tZlFofMbL8qONlHA7+1qQCEaEPQQKTa/PJQt0x08dWG+c5Ssx8Wc8mTyp
4XidQVL7ImnMuzWjSjWfO+dRyauzcc96sVFX2cCZ6Jo5DgX7v8zY7pK0GFIXZ0Ld
FZcCOIbDZopObBS2Q8RHAzlaUgO8/EiPJx1LQQSpdgWSx0IjE08mJHgzBi4XvE8f
yQGgIBTHahr8Xf/Aee0B0nhZRt6Yw5efQ7snA+X3CHcOsJTS3aNutNk/a9koRS8h
aZNWMbVxjP9qnzMwk35yLaOI82A3N4JoMr/vYrmm766hqpdBM3RD/fy3MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPy814wlONx0ky7hQCDx956gVa6KMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX0x6WGpDVTQzSFNUTHVGQUlQSDNucUJWcm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWeMA0G
CSqGSIb3DQEBCwUAA4IBAQCZWfqsPPGjRpVO02410eGPU2qp80q0NzUWhORpL8zv
lf7nm9Ia0JOHHbl3jYIYjes7GHGMXUGLx4Kvffat16PI6jJYoe9jpciGoBvSItad
wVFNZ0n84qXtNBk7QdPMkuFK9lmOrVDOjrcsr6EvTdO0QrAS4aqOiq9VGEIzTfhP
IF1Z5lPqKNMOYEw0x476i2CIt0SJe0JPxXg0aaS8x9K3X8WSkPvKl0X3IEZWFA6K
dRENyAjOM/SCBH5LWfsQ6iwnYytt+E3IMo0GrV13PeweS8QKjtL4qys6on1dJHd4
getmfsFm190+VgFdgW3sx+Jagut1A1MvNK311q6KwSQ9
-----END CERTIFICATE-----