Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_uAf1WoA0AywMuFChsCPYReOcyQ.roa
File:                     _uAf1WoA0AywMuFChsCPYReOcyQ.roa (raw, json)
Hash identifier:          4Fm6yLOH6ijC+KOf56ZjyXmbS5mH9v4cvKd8aBcNCLs=
Subject key identifier:   FE:E0:1F:D5:6A:00:D0:0C:B0:32:E1:42:86:C0:8F:61:17:8E:73:24
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E39F54DA0641D612717E93CF0ECBEF624
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_uAf1WoA0AywMuFChsCPYReOcyQ.roa
Signing time:             Mon 18 May 2026 07:20:37 +0000
ROA not before:           Mon 18 May 2026 07:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        81.168.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:39:f5:4d:a0:64:1d:61:27:17:e9:3c:f0:ec:be:f6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 18 07:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fee01fd56a00d00cb032e14286c08f61178e7324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b8:20:f1:08:2b:ac:2d:ff:fd:4f:ed:d8:4e:
                    a4:08:e0:fc:2f:f1:c5:7e:fe:4a:5d:20:f1:cc:62:
                    1b:99:b1:5f:96:0f:e7:35:8a:2e:99:8f:c9:71:80:
                    32:92:bd:0c:09:60:87:cd:4d:c5:23:48:5b:77:6a:
                    30:d2:d5:08:fc:d7:93:4b:a9:c4:59:e1:68:a2:29:
                    08:b1:d7:b2:73:44:e9:59:fa:a4:ab:bd:7d:f7:40:
                    37:de:9f:8d:7d:e2:c0:82:b1:60:53:e6:09:cb:81:
                    ab:4f:e8:11:3e:9d:7c:65:fd:2d:88:6d:9b:a0:86:
                    37:a9:a2:69:33:4e:22:c7:0e:13:42:bd:b5:28:57:
                    78:dc:bc:7a:f0:3c:16:a2:61:03:b8:40:4e:9a:a8:
                    c4:f0:df:91:b0:e7:7e:41:69:ab:90:a1:1a:81:2a:
                    74:f8:0f:b4:d8:e9:39:5d:66:dc:1e:b0:f4:e2:12:
                    0d:c5:93:d7:b5:d1:c8:be:db:fa:be:f6:c8:09:0a:
                    3d:cc:63:09:12:35:32:d0:91:25:93:75:73:93:ce:
                    29:05:34:33:42:25:e8:9e:8b:c2:82:61:db:b0:ac:
                    d8:b6:a7:dc:e9:17:e3:ef:af:56:a5:a8:6e:d3:08:
                    fd:4b:46:90:55:84:a4:68:db:3b:fb:93:b2:fb:07:
                    81:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E0:1F:D5:6A:00:D0:0C:B0:32:E1:42:86:C0:8F:61:17:8E:73:24
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_uAf1WoA0AywMuFChsCPYReOcyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:7a:8f:55:a9:4c:ae:52:3e:db:5f:1e:26:31:8f:c5:74:c9:
         21:14:74:11:10:2c:ea:8f:3e:a6:b6:60:b8:99:eb:16:35:eb:
         5a:25:74:35:9d:bc:ca:92:f6:fc:52:2a:fa:08:b7:35:4b:a2:
         23:6d:64:75:4b:5d:8b:93:47:10:68:7e:11:16:f0:3a:c3:06:
         34:01:9a:ae:a0:b2:38:5f:f4:79:5d:6c:7e:00:df:12:b0:cd:
         0e:eb:c8:b3:af:d1:dc:3f:07:c5:45:f0:69:ba:de:14:87:79:
         c7:04:f2:ca:72:96:a8:04:65:7c:e9:c7:3a:4f:eb:7d:a1:06:
         d9:4b:a7:b0:70:b4:63:3f:ff:64:fd:f2:53:d6:8c:d3:6a:e3:
         d7:e1:0c:1d:a3:d9:a3:55:79:3a:56:64:32:65:36:c0:98:e8:
         49:4b:08:16:61:17:66:5d:21:89:d8:dc:bc:28:fc:91:ed:02:
         fc:7b:dd:06:7c:a4:f3:8d:b2:c3:1a:fa:80:92:70:c6:dd:b6:
         e7:86:35:6b:a9:76:ea:7b:2b:eb:b3:87:2a:d0:7c:ef:12:e3:
         c0:1e:44:d2:e0:ce:94:d5:12:98:f3:70:28:19:aa:d0:4e:3b:
         4b:e3:c9:87:5b:4d:7a:1b:fd:d2:75:dd:86:76:f0:da:6b:3a:
         03:8f:aa:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ459U2gZB1hJxfpPPDsvvYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTE4MDcyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWUwMWZkNTZhMDBkMDBjYjAzMmUxNDI4NmMwOGY2MTE3OGU3MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA87gg8QgrrC3//U/t2E6kCOD8L/HF
fv5KXSDxzGIbmbFflg/nNYoumY/JcYAykr0MCWCHzU3FI0hbd2ow0tUI/NeTS6nE
WeFooikIsdeyc0TpWfqkq71990A33p+NfeLAgrFgU+YJy4GrT+gRPp18Zf0tiG2b
oIY3qaJpM04ixw4TQr21KFd43Lx68DwWomEDuEBOmqjE8N+RsOd+QWmrkKEagSp0
+A+02Ok5XWbcHrD04hINxZPXtdHIvtv6vvbICQo9zGMJEjUy0JElk3Vzk84pBTQz
QiXonovCgmHbsKzYtqfc6Rfj769Wpahu0wj9S0aQVYSkaNs7+5Oy+weB+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7gH9VqANAMsDLhQobAj2EXjnMkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX3VBZjFXb0EwQXl3TXVGQ2hzQ1BZUmVPY3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUah6MA0G
CSqGSIb3DQEBCwUAA4IBAQBLeo9VqUyuUj7bXx4mMY/FdMkhFHQRECzqjz6mtmC4
mesWNetaJXQ1nbzKkvb8Uir6CLc1S6IjbWR1S12Lk0cQaH4RFvA6wwY0AZquoLI4
X/R5XWx+AN8SsM0O68izr9HcPwfFRfBput4Uh3nHBPLKcpaoBGV86cc6T+t9oQbZ
S6ewcLRjP/9k/fJT1ozTauPX4Qwdo9mjVXk6VmQyZTbAmOhJSwgWYRdmXSGJ2Ny8
KPyR7QL8e90GfKTzjbLDGvqAknDG3bbnhjVrqXbqeyvrs4cq0HzvEuPAHkTS4M6U
1RKY83AoGarQTjtL48mHW016G/3Sdd2GdvDaazoDj6pr
-----END CERTIFICATE-----