Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/b-T1_gOXiBnTR-jR-3zWETKsEPA.roa
File:                     b-T1_gOXiBnTR-jR-3zWETKsEPA.roa (raw, json)
Hash identifier:          TYBfNX3jTjMAMVcYSfPCWhb9nD4iLN+u9lrXibCeoNQ=
Subject key identifier:   6F:E4:F5:FE:03:97:88:19:D3:47:E8:D1:FB:7C:D6:11:32:AC:10:F0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D66DC63B7BD533208DC811A2D91CFE458
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/b-T1_gOXiBnTR-jR-3zWETKsEPA.roa
Signing time:             Tue 07 Apr 2026 07:33:32 +0000
ROA not before:           Tue 07 Apr 2026 07:33:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        82.153.97.0/24 maxlen: 24
                          82.153.98.0/24 maxlen: 24
                          89.213.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:66:dc:63:b7:bd:53:32:08:dc:81:1a:2d:91:cf:e4:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  7 07:33:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fe4f5fe03978819d347e8d1fb7cd61132ac10f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:04:20:b1:bd:9f:fc:e5:ac:e4:cc:a0:2d:08:
                    01:62:0d:0f:7a:36:e0:d7:bb:f8:25:4e:2a:08:65:
                    0f:4d:b7:7a:49:a3:4f:07:ed:9e:23:4c:08:31:3e:
                    42:a9:a9:e5:d9:7e:f6:2f:3c:df:49:ae:87:01:ba:
                    73:3f:3b:35:2f:e8:68:57:51:2c:c0:c1:ef:04:2c:
                    0b:34:c2:ef:da:a4:f0:43:78:70:f3:bc:65:d6:51:
                    f3:39:6b:db:e6:42:0c:6d:9e:26:3b:a2:a4:60:9f:
                    88:36:e0:aa:cb:b5:c8:12:0d:1a:c0:fd:6d:2d:e4:
                    05:76:95:62:bf:35:d1:d0:b2:87:2d:d7:c3:3c:d8:
                    ba:67:82:3e:af:0a:88:d0:9a:48:94:ab:d7:68:d2:
                    3a:a4:33:d7:a4:0b:f1:fa:ec:3c:16:9f:32:74:9d:
                    e1:8c:63:05:bd:fe:03:fa:7b:6e:76:da:29:08:9e:
                    82:33:43:58:72:d3:94:7d:03:38:a5:5e:dc:f6:6f:
                    69:62:7e:9f:b5:1e:4d:26:ce:5a:91:ad:0a:ca:3d:
                    ec:2f:11:8b:ff:8c:bf:73:9b:cd:f9:fc:ed:d7:c5:
                    5d:48:ad:f1:ec:64:e2:7a:cb:a9:33:f7:da:d7:8b:
                    39:8d:ad:c4:a2:10:e5:04:43:02:93:93:63:ff:04:
                    1b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E4:F5:FE:03:97:88:19:D3:47:E8:D1:FB:7C:D6:11:32:AC:10:F0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/b-T1_gOXiBnTR-jR-3zWETKsEPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.97.0-82.153.98.255
                  89.213.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:57:03:8f:32:1d:db:75:25:74:e1:d7:75:e3:b0:6b:fc:d7:
         18:e5:fe:88:56:13:1c:db:d5:ea:21:26:1e:f5:90:5d:2f:8d:
         47:7b:9b:15:60:72:11:c7:50:b9:a2:3e:92:93:7e:59:9e:1c:
         4f:a5:a3:df:d8:cd:b4:49:bf:dc:60:1b:c3:c0:d4:ab:84:47:
         b1:31:38:5f:81:3c:dc:5f:37:d5:8b:19:02:41:ef:62:7a:1e:
         4d:c6:8e:3f:ac:41:58:8c:3f:f1:2e:b0:16:47:49:7e:fd:4b:
         98:2a:a9:b3:06:d6:e3:82:fa:df:70:24:73:b2:60:46:80:75:
         6a:86:05:5b:24:6c:08:7f:54:44:d1:50:57:c1:9a:54:5e:e0:
         6b:6c:42:25:b0:6b:81:12:6a:f1:07:55:51:18:ab:8b:da:d9:
         fb:91:de:03:2b:75:eb:32:80:5f:7d:0e:3e:69:c4:5b:75:e5:
         e3:ab:e9:e3:9e:0d:58:36:ed:a3:1f:2a:e7:56:f9:bb:be:4c:
         a2:f6:1c:28:ba:a1:81:28:bc:d4:2c:e1:27:2b:d4:c9:3d:f3:
         26:2f:94:39:4c:dd:ee:44:70:34:5d:b4:3e:45:d0:d5:ba:5c:
         af:73:48:34:87:cc:41:2b:66:7f:9f:18:45:4b:35:34:1f:ab:
         1d:68:98:e9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ1m3GO3vVMyCNyBGi2Rz+RYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA3MDczMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmU0ZjVmZTAzOTc4ODE5ZDM0N2U4ZDFmYjdjZDYxMTMyYWMxMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwQgsb2f/OWs5MygLQgBYg0Pejbg
17v4JU4qCGUPTbd6SaNPB+2eI0wIMT5Cqanl2X72LzzfSa6HAbpzPzs1L+hoV1Es
wMHvBCwLNMLv2qTwQ3hw87xl1lHzOWvb5kIMbZ4mO6KkYJ+INuCqy7XIEg0awP1t
LeQFdpVivzXR0LKHLdfDPNi6Z4I+rwqI0JpIlKvXaNI6pDPXpAvx+uw8Fp8ydJ3h
jGMFvf4D+ntudtopCJ6CM0NYctOUfQM4pV7c9m9pYn6ftR5NJs5aka0Kyj3sLxGL
/4y/c5vN+fzt18VdSK3x7GTiesupM/fa14s5ja3EohDlBEMCk5Nj/wQbbQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG/k9f4Dl4gZ00fo0ft81hEyrBDwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYi1UMV9nT1hpQm5UUi1qUi0zeldFVEtzRVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABSmWED
BABSmWIDBABZ1UIwDQYJKoZIhvcNAQELBQADggEBAHRXA48yHdt1JXTh13XjsGv8
1xjl/ohWExzb1eohJh71kF0vjUd7mxVgchHHULmiPpKTflmeHE+lo9/YzbRJv9xg
G8PA1KuER7ExOF+BPNxfN9WLGQJB72J6Hk3Gjj+sQViMP/EusBZHSX79S5gqqbMG
1uOC+t9wJHOyYEaAdWqGBVskbAh/VETRUFfBmlRe4GtsQiWwa4ESavEHVVEYq4va
2fuR3gMrdesygF99Dj5pxFt15eOr6eOeDVg27aMfKudW+bu+TKL2HCi6oYEovNQs
4Scr1Mk98yYvlDlM3e5EcDRdtD5F0NW6XK9zSDSHzEErZn+fGEVLNTQfqx1omOk=
-----END CERTIFICATE-----