Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l-e_34wv9fMDTR33EQTefRsk1pI.roa
File:                     l-e_34wv9fMDTR33EQTefRsk1pI.roa (raw, json)
Hash identifier:          3sy+nhQZ3E/jNoMF8JHzjywabWIqREuGkJZjqOZTeXc=
Subject key identifier:   97:E7:BF:DF:8C:2F:F5:F3:03:4D:1D:F7:11:04:DE:7D:1B:24:D6:92
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E4ED7FA8517D9D4C87A8B0A05B28FD739
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l-e_34wv9fMDTR33EQTefRsk1pI.roa
Signing time:             Fri 22 May 2026 08:40:37 +0000
ROA not before:           Fri 22 May 2026 08:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51082
IP address blocks:        81.168.7.0/24 maxlen: 24
                          82.153.154.0/24 maxlen: 24
                          89.213.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:d7:fa:85:17:d9:d4:c8:7a:8b:0a:05:b2:8f:d7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 08:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97e7bfdf8c2ff5f3034d1df71104de7d1b24d692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c6:7d:b8:c9:1f:9a:1c:49:cd:ec:62:3f:c0:
                    be:1a:df:a7:87:37:08:2a:10:2b:24:06:b9:e6:c6:
                    e1:14:58:bd:f2:3a:b8:3a:86:9f:78:b0:65:bd:12:
                    6f:4b:54:4b:0a:00:f6:6e:0c:6e:4a:38:16:78:6a:
                    af:d1:50:a8:92:ed:a5:0e:1e:a0:38:31:c1:f8:a0:
                    fe:ec:c7:22:34:e0:b5:a1:63:cc:02:6c:f8:81:48:
                    ec:73:61:59:c8:bf:c2:ac:d6:f2:91:a3:66:0a:49:
                    ad:e1:54:2c:3e:5f:3a:ca:e4:c7:81:33:62:90:2a:
                    2a:d7:b8:97:7f:78:0f:52:76:dc:6c:e3:7d:04:92:
                    34:bb:22:6b:02:9f:23:b5:82:9b:e2:b7:21:a6:b6:
                    a1:98:40:d0:15:8a:0b:fc:5e:f9:a3:33:cc:c4:3d:
                    b3:b9:50:af:e2:21:62:63:f1:90:59:79:46:e4:a1:
                    e2:f3:0b:52:40:41:b3:73:00:2c:31:bb:18:18:38:
                    e0:38:23:9e:ce:bf:c8:05:d9:4d:b9:da:3a:15:bb:
                    d0:5c:80:a0:3d:96:e1:ce:1b:48:d9:57:43:f6:10:
                    1a:61:3a:0f:3f:18:f9:dd:a9:aa:fb:ba:86:49:2e:
                    e3:96:60:47:11:1a:55:5c:74:b8:2f:f4:00:32:bb:
                    a0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E7:BF:DF:8C:2F:F5:F3:03:4D:1D:F7:11:04:DE:7D:1B:24:D6:92
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l-e_34wv9fMDTR33EQTefRsk1pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.7.0/24
                  82.153.154.0/24
                  89.213.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:49:a9:02:72:4a:8c:44:5f:33:c3:0e:6d:1c:68:66:00:b6:
         85:c5:04:7b:87:4d:d3:44:f6:d3:3c:05:65:89:8b:3e:4f:72:
         48:36:7e:5f:7b:7b:f9:fb:f1:c2:d0:72:9c:58:6f:7d:e0:4b:
         be:14:b5:de:92:86:5a:0b:02:ce:b2:0e:a1:f4:5a:07:9b:77:
         51:cc:08:a5:e9:90:3c:14:09:b0:30:81:8d:1d:09:b2:4c:a3:
         36:d9:b7:0b:d6:d7:55:19:d1:6d:f9:b1:4f:8c:86:80:7f:69:
         fc:14:45:d9:dc:a6:c2:81:70:00:7a:ba:69:0e:c4:25:1e:0a:
         eb:a7:a6:74:68:eb:85:2e:af:73:25:19:66:5f:4e:bf:00:b4:
         b1:0a:f9:d7:d6:c9:4b:3d:bb:82:c2:cf:2f:25:79:dd:97:e8:
         15:c3:b4:92:19:94:87:12:d4:fd:9e:6b:8a:95:a1:2f:8e:ce:
         49:9e:87:39:51:5a:fd:f3:8c:00:40:91:77:45:fc:06:f3:8c:
         25:c3:f1:b7:c2:64:c2:b3:53:c9:65:c0:7b:e7:f4:0a:8f:18:
         f6:43:b7:58:8f:d9:b9:ac:64:10:13:14:e8:7e:ec:53:3a:bc:
         a8:3c:b6:15:d9:43:b6:5b:d4:a6:e5:0b:48:72:e6:33:29:d3:
         9b:c4:57:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5O1/qFF9nUyHqLCgWyj9c5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIyMDg0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2U3YmZkZjhjMmZmNWYzMDM0ZDFkZjcxMTA0ZGU3ZDFiMjRkNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscZ9uMkfmhxJzexiP8C+Gt+nhzcI
KhArJAa55sbhFFi98jq4OoafeLBlvRJvS1RLCgD2bgxuSjgWeGqv0VCoku2lDh6g
ODHB+KD+7MciNOC1oWPMAmz4gUjsc2FZyL/CrNbykaNmCkmt4VQsPl86yuTHgTNi
kCoq17iXf3gPUnbcbON9BJI0uyJrAp8jtYKb4rchprahmEDQFYoL/F75ozPMxD2z
uVCv4iFiY/GQWXlG5KHi8wtSQEGzcwAsMbsYGDjgOCOezr/IBdlNudo6FbvQXICg
PZbhzhtI2VdD9hAaYToPPxj53amq+7qGSS7jlmBHERpVXHS4L/QAMrugowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJfnv9+ML/XzA00d9xEE3n0bJNaSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbC1lXzM0d3Y5Zk1EVFIzM0VRVGVmUnNrMXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUagHAwQA
UpmaAwQAWdXBMA0GCSqGSIb3DQEBCwUAA4IBAQBASakCckqMRF8zww5tHGhmALaF
xQR7h03TRPbTPAVliYs+T3JINn5fe3v5+/HC0HKcWG994Eu+FLXekoZaCwLOsg6h
9FoHm3dRzAil6ZA8FAmwMIGNHQmyTKM22bcL1tdVGdFt+bFPjIaAf2n8FEXZ3KbC
gXAAerppDsQlHgrrp6Z0aOuFLq9zJRlmX06/ALSxCvnX1slLPbuCws8vJXndl+gV
w7SSGZSHEtT9nmuKlaEvjs5Jnoc5UVr984wAQJF3RfwG84wlw/G3wmTCs1PJZcB7
5/QKjxj2Q7dYj9m5rGQQExTofuxTOryoPLYV2UO2W9Sm5QtIcuYzKdObxFcj
-----END CERTIFICATE-----