Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ii_JtVx1FDCCNUhUnf0QcQpCpww.roa
File:                     ii_JtVx1FDCCNUhUnf0QcQpCpww.roa (raw, json)
Hash identifier:          6llFHiVuhOaWQnWB3HaWVywB+bm5ZXq58NB0CQ2KGlI=
Subject key identifier:   8A:2F:C9:B5:5C:75:14:30:82:35:48:54:9D:FD:10:71:0A:42:A7:0C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4F422D3BF1985F6FD4F00EE7991E2C29
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ii_JtVx1FDCCNUhUnf0QcQpCpww.roa
Signing time:             Fri 22 May 2026 10:36:37 +0000
ROA not before:           Fri 22 May 2026 10:36:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        89.213.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:42:2d:3b:f1:98:5f:6f:d4:f0:0e:e7:99:1e:2c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 10:36:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a2fc9b55c751430823548549dfd10710a42a70c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:93:dd:4e:97:10:83:03:93:d1:6c:46:ab:1f:
                    9b:6e:e1:e8:94:48:c8:b4:cd:bd:a9:f9:56:9d:21:
                    1a:76:3a:12:51:be:14:45:4c:36:12:3c:20:37:cb:
                    8b:45:e8:94:45:7d:37:7f:45:ac:a9:ef:8c:04:27:
                    ff:c9:53:69:c2:69:4c:e4:67:8e:34:6d:96:2b:5c:
                    6a:f0:2c:95:08:03:0b:f5:64:49:f9:16:b5:bd:2c:
                    27:e0:5c:68:37:b9:44:df:b2:24:61:c1:c8:84:da:
                    44:35:14:1b:ce:30:fc:1c:a8:ea:e4:a9:44:81:df:
                    5d:0d:02:e0:30:ad:a9:ff:e6:49:91:ab:54:0d:71:
                    d3:60:c4:70:d6:8b:9c:9f:15:4e:22:d3:36:68:8d:
                    de:7e:c0:00:b0:31:93:82:ab:dc:52:f4:31:f9:a8:
                    e6:2d:1f:af:bb:05:7d:b7:4d:16:ac:a8:87:d5:3b:
                    00:be:79:d3:5e:14:01:87:86:f0:01:f2:7d:43:de:
                    f9:fa:b2:28:cf:11:76:c9:10:ed:3d:7b:30:c6:1e:
                    58:b6:89:c5:a4:27:60:63:e9:e3:46:c8:d7:cc:93:
                    60:3e:7b:69:2d:03:2d:a5:24:e8:5e:ac:86:11:8f:
                    5b:4a:16:31:8a:87:a2:41:49:3c:5a:48:59:61:24:
                    15:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2F:C9:B5:5C:75:14:30:82:35:48:54:9D:FD:10:71:0A:42:A7:0C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ii_JtVx1FDCCNUhUnf0QcQpCpww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:40:f2:27:7b:fa:59:08:e3:6e:2a:7f:32:c8:76:49:80:23:
         90:74:d9:62:1c:fc:58:ec:fb:12:e5:7d:07:31:53:82:fb:bb:
         44:e5:dc:23:47:f2:5f:94:3c:68:6f:2b:e7:ba:bf:b1:3a:68:
         60:81:ca:53:f1:5a:aa:48:e4:a3:b5:cb:eb:74:c4:f8:b7:89:
         ef:62:4c:6b:ff:b5:e2:da:0d:db:d0:58:66:19:d6:02:5b:e2:
         23:a7:8c:1d:0b:24:c3:45:fd:13:d2:23:61:91:0c:07:4b:4d:
         f9:8e:6c:c4:99:f6:75:72:00:ef:7f:2a:09:d7:d0:d8:eb:a3:
         c3:cd:69:e1:24:b7:19:10:87:19:b7:5c:37:df:72:df:e7:e0:
         01:11:d4:44:9a:95:28:9e:5b:a5:0d:6c:b3:76:35:37:53:3b:
         fd:c8:ea:4a:cf:cb:71:6c:3d:ae:95:b7:45:79:3d:69:58:a6:
         d0:87:e7:27:a0:48:99:10:18:be:70:a9:17:43:ce:e3:ce:cb:
         f3:13:2c:4a:b1:bd:68:7f:38:6b:8c:25:23:74:84:fd:34:18:
         ee:df:91:0c:c6:c1:87:dd:8b:8a:e7:6e:27:1d:2c:c3:2b:7c:
         6f:fb:40:a1:ba:8f:1d:ca:b9:cf:96:fe:54:1e:a1:9c:7b:05:
         ee:40:5c:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PQi078Zhfb9TwDueZHiwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIyMTAzNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTJmYzliNTVjNzUxNDMwODIzNTQ4NTQ5ZGZkMTA3MTBhNDJhNzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5PdTpcQgwOT0WxGqx+bbuHolEjI
tM29qflWnSEadjoSUb4URUw2EjwgN8uLReiURX03f0Wsqe+MBCf/yVNpwmlM5GeO
NG2WK1xq8CyVCAML9WRJ+Ra1vSwn4FxoN7lE37IkYcHIhNpENRQbzjD8HKjq5KlE
gd9dDQLgMK2p/+ZJkatUDXHTYMRw1oucnxVOItM2aI3efsAAsDGTgqvcUvQx+ajm
LR+vuwV9t00WrKiH1TsAvnnTXhQBh4bwAfJ9Q975+rIozxF2yRDtPXswxh5YtonF
pCdgY+njRsjXzJNgPntpLQMtpSToXqyGEY9bShYxioeiQUk8WkhZYSQVvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIovybVcdRQwgjVIVJ39EHEKQqcMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaWlfSnRWeDFGRENDTlVoVW5mMFFjUXBDcHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUHMA0G
CSqGSIb3DQEBCwUAA4IBAQCaQPIne/pZCONuKn8yyHZJgCOQdNliHPxY7PsS5X0H
MVOC+7tE5dwjR/JflDxobyvnur+xOmhggcpT8VqqSOSjtcvrdMT4t4nvYkxr/7Xi
2g3b0FhmGdYCW+Ijp4wdCyTDRf0T0iNhkQwHS035jmzEmfZ1cgDvfyoJ19DY66PD
zWnhJLcZEIcZt1w333Lf5+ABEdREmpUonlulDWyzdjU3Uzv9yOpKz8txbD2ulbdF
eT1pWKbQh+cnoEiZEBi+cKkXQ87jzsvzEyxKsb1ofzhrjCUjdIT9NBju35EMxsGH
3YuK524nHSzDK3xv+0Chuo8dyrnPlv5UHqGcewXuQFxV
-----END CERTIFICATE-----