Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eXtjQsQbKA_UOzRVGrtlRjJYpuc.roa
File:                     eXtjQsQbKA_UOzRVGrtlRjJYpuc.roa (raw, json)
Hash identifier:          /bmnhjWUJcOBzAWjlJiSRpL0mNZZtr7zTEuXDjfXIpk=
Subject key identifier:   79:7B:63:42:C4:1B:28:0F:D4:3B:34:55:1A:BB:65:46:32:58:A6:E7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E2B2FC8A4A2EF11F81ED3DD4A6F88
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eXtjQsQbKA_UOzRVGrtlRjJYpuc.roa
Signing time:             Tue 26 May 2026 07:44:39 +0000
ROA not before:           Tue 26 May 2026 07:44:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401293
IP address blocks:        89.213.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 17:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:2b:2f:c8:a4:a2:ef:11:f8:1e:d3:dd:4a:6f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=797b6342c41b280fd43b34551abb65463258a6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bf:1c:53:a0:41:49:7d:9e:9e:4e:bd:03:70:
                    19:cd:13:ac:7d:a4:8a:64:4c:8e:9a:b5:e1:55:95:
                    c6:f8:33:ee:f5:15:66:a2:35:fa:ba:4a:41:86:9c:
                    1b:cb:4c:d8:63:8f:f6:2f:02:47:e0:bd:48:7e:5d:
                    c3:7b:b1:e6:80:9b:c5:f9:8f:24:6f:de:1e:d1:53:
                    b1:99:e5:4b:48:c5:96:c6:6f:f9:33:e6:e9:f6:65:
                    ef:ad:e8:b7:d4:68:4c:9f:04:15:5b:92:b8:d1:54:
                    4a:10:d7:43:23:fb:57:51:87:1e:03:b3:d1:7c:8f:
                    67:ff:39:e0:d7:aa:71:d1:1d:c8:7e:73:33:5c:6d:
                    d6:5b:35:f7:d8:5d:4a:0a:df:f7:8c:34:fa:d5:8d:
                    1d:f6:e2:76:05:e0:f2:cf:68:b0:e3:84:d1:ff:61:
                    b6:7d:2a:67:49:3e:3b:01:2a:2a:2f:ba:9a:14:d1:
                    57:df:de:30:30:b4:fd:12:75:20:3d:76:84:dc:8e:
                    70:c2:8b:05:fa:bc:70:45:16:7d:4a:4b:df:14:00:
                    0a:76:59:c6:c1:ec:f7:e4:82:a1:0f:c6:5d:ce:87:
                    b8:5b:5a:02:eb:34:b2:c0:26:53:9b:63:7c:2c:90:
                    4b:97:22:bc:b1:7c:4a:2f:cc:33:20:1a:f1:dc:f6:
                    db:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:7B:63:42:C4:1B:28:0F:D4:3B:34:55:1A:BB:65:46:32:58:A6:E7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eXtjQsQbKA_UOzRVGrtlRjJYpuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:ac:14:ae:c8:50:10:cb:3c:32:19:20:74:d6:7a:ed:02:b1:
         e4:ef:14:14:74:89:81:3f:19:89:fc:5a:56:f7:9c:ae:97:cc:
         e4:4a:36:97:57:fa:7d:4b:52:92:96:46:ff:c9:85:9f:e1:cc:
         bb:bd:2e:55:0f:e2:e3:a5:7b:43:39:c2:8e:61:e6:73:4c:cd:
         57:aa:86:7f:8e:2d:28:be:f0:11:b1:df:81:9c:d7:23:02:f6:
         1d:3d:7f:b5:69:9a:98:f5:3d:50:d3:5a:e8:73:12:05:35:0f:
         5a:60:5e:b2:20:1e:b7:87:d3:99:ad:9a:9b:f6:c4:34:17:b0:
         68:ec:23:e3:ba:be:af:28:b2:07:e6:1e:55:ae:ac:ff:a8:77:
         f5:f2:20:4d:b7:c6:b4:1f:53:dc:06:2d:bb:cb:95:77:cd:1d:
         42:ab:32:b0:71:e9:09:7e:bf:5b:0a:2d:dd:df:b5:f9:a4:ae:
         81:55:25:ae:d5:c1:8d:e8:37:ba:d9:e3:a4:9c:8d:02:9b:f6:
         21:4d:92:09:7f:b0:67:d1:92:7d:bf:06:8f:b7:1d:db:c0:62:
         f7:7b:27:d0:68:9b:80:4b:c5:e5:87:38:08:9e:b3:03:7d:e1:
         af:b6:dd:f4:10:c9:93:66:d5:8b:11:58:3c:6c:c4:3b:c9:c2:
         6a:7c:bd:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPisvyKSi7xH4HtPdSm+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTdiNjM0MmM0MWIyODBmZDQzYjM0NTUxYWJiNjU0NjMyNThhNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb8cU6BBSX2enk69A3AZzROsfaSK
ZEyOmrXhVZXG+DPu9RVmojX6ukpBhpwby0zYY4/2LwJH4L1Ifl3De7HmgJvF+Y8k
b94e0VOxmeVLSMWWxm/5M+bp9mXvrei31GhMnwQVW5K40VRKENdDI/tXUYceA7PR
fI9n/zng16px0R3IfnMzXG3WWzX32F1KCt/3jDT61Y0d9uJ2BeDyz2iw44TR/2G2
fSpnST47ASoqL7qaFNFX394wMLT9EnUgPXaE3I5wwosF+rxwRRZ9SkvfFAAKdlnG
wez35IKhD8Zdzoe4W1oC6zSywCZTm2N8LJBLlyK8sXxKL8wzIBrx3PbbLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl7Y0LEGygP1Ds0VRq7ZUYyWKbnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZVh0alFzUWJLQV9VT3pSVkdydGxSakpZcHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXeMA0G
CSqGSIb3DQEBCwUAA4IBAQBZrBSuyFAQyzwyGSB01nrtArHk7xQUdImBPxmJ/FpW
95yul8zkSjaXV/p9S1KSlkb/yYWf4cy7vS5VD+LjpXtDOcKOYeZzTM1XqoZ/ji0o
vvARsd+BnNcjAvYdPX+1aZqY9T1Q01rocxIFNQ9aYF6yIB63h9OZrZqb9sQ0F7Bo
7CPjur6vKLIH5h5Vrqz/qHf18iBNt8a0H1PcBi27y5V3zR1CqzKwcekJfr9bCi3d
37X5pK6BVSWu1cGN6De62eOknI0Cm/YhTZIJf7Bn0ZJ9vwaPtx3bwGL3eyfQaJuA
S8XlhzgInrMDfeGvtt30EMmTZtWLEVg8bMQ7ycJqfL23
-----END CERTIFICATE-----