Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lqF4nkUuJG7q73qdLT_WxCUcmhY.roa
File:                     lqF4nkUuJG7q73qdLT_WxCUcmhY.roa (raw, json)
Hash identifier:          /aFHyR1X3DMkItYxWGhrUvizzrsOAazdRs0ll9m3ldY=
Subject key identifier:   96:A1:78:9E:45:2E:24:6E:EA:EF:7A:9D:2D:3F:D6:C4:25:1C:9A:16
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019ED9F45858E834C38C36B5BD5E4CF5B5A3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lqF4nkUuJG7q73qdLT_WxCUcmhY.roa
Signing time:             Thu 18 Jun 2026 08:58:49 +0000
ROA not before:           Thu 18 Jun 2026 08:58:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399631
IP address blocks:        185.49.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d9:f4:58:58:e8:34:c3:8c:36:b5:bd:5e:4c:f5:b5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 18 08:58:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96a1789e452e246eeaef7a9d2d3fd6c4251c9a16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:db:70:12:a9:6e:6d:e3:99:3c:86:58:88:41:
                    e8:13:ad:0c:c5:8d:98:6a:f8:25:4a:53:6c:ad:08:
                    e4:c7:a8:b9:89:35:e3:e6:b6:fa:cd:34:ec:86:c3:
                    97:8d:86:8c:54:f3:86:0c:70:1d:62:04:96:6d:a2:
                    4d:36:e6:46:3d:94:86:0a:9c:40:9b:36:0f:45:20:
                    43:d1:da:34:fe:b0:26:6f:4b:9c:6b:3d:97:14:e5:
                    75:b5:2b:2d:67:e6:8b:cb:3d:22:b4:f5:57:56:6e:
                    08:22:9a:16:5b:1d:cc:32:a7:0b:c9:37:c2:92:fd:
                    19:9d:43:44:5a:86:6a:4f:c6:28:71:da:77:df:d6:
                    ad:4e:53:cb:1e:82:a5:05:34:6d:b6:76:5b:24:72:
                    86:db:e9:ac:1a:ab:3c:fc:30:33:32:66:cc:a2:26:
                    ff:c4:36:38:3a:90:21:1c:f1:96:48:dd:60:7f:6e:
                    5e:68:49:49:0c:5f:d1:71:c5:74:6f:b3:b3:56:60:
                    1e:81:d5:6c:ef:fb:30:4b:9d:f9:68:4e:fc:4b:c9:
                    d4:fc:85:39:d2:34:de:7b:d3:1b:0d:bd:73:35:84:
                    d1:cf:d7:fb:22:ad:43:37:bf:06:87:e2:ee:88:92:
                    78:33:3e:c2:aa:f1:75:40:c5:87:9b:2c:45:ff:5f:
                    aa:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A1:78:9E:45:2E:24:6E:EA:EF:7A:9D:2D:3F:D6:C4:25:1C:9A:16
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lqF4nkUuJG7q73qdLT_WxCUcmhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:62:75:47:dc:8c:a4:67:2f:c9:14:66:92:36:c1:c1:a2:b4:
         19:d1:a4:31:59:10:b1:e0:30:7d:41:c2:a8:df:c9:f8:71:5b:
         57:91:a1:f7:c3:ee:5c:b2:3d:e6:5f:e7:08:6b:b2:ce:a2:db:
         15:01:a6:1a:37:58:79:a9:bd:77:76:1a:60:fe:88:ac:cf:1d:
         14:e7:f1:5e:f5:80:5b:45:0a:e4:14:22:ec:b1:61:a8:98:70:
         94:ab:f5:63:5b:37:af:25:1e:46:f9:52:2d:49:8b:d7:37:5a:
         46:c3:d5:f2:95:61:61:51:7a:88:77:1d:69:dd:17:4e:af:e3:
         54:a9:6a:0f:d6:76:52:47:e0:0b:4c:ca:77:03:7d:fd:1e:23:
         fe:2f:c4:5b:76:8a:c2:1f:c7:16:77:e5:d2:7d:d3:6c:50:6c:
         9d:ac:cc:f4:db:58:78:98:cc:2a:87:04:ed:5d:5a:ca:9c:c3:
         0f:16:04:dd:33:f1:13:74:82:48:45:f0:4d:63:30:1a:f9:8d:
         b7:0f:ea:ed:18:30:b2:17:a8:6b:9b:9f:99:ab:dc:1b:51:c8:
         f3:9d:ca:c9:35:39:65:40:0d:14:82:93:4a:ae:16:f5:76:9f:
         2a:d3:53:18:0d:9c:81:a1:c0:75:9a:62:14:bd:69:c1:5c:0b:
         80:bb:80:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Z9FhY6DTDjDa1vV5M9bWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjE4MDg1ODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmExNzg5ZTQ1MmUyNDZlZWFlZjdhOWQyZDNmZDZjNDI1MWM5YTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49twEqlubeOZPIZYiEHoE60MxY2Y
avglSlNsrQjkx6i5iTXj5rb6zTTshsOXjYaMVPOGDHAdYgSWbaJNNuZGPZSGCpxA
mzYPRSBD0do0/rAmb0ucaz2XFOV1tSstZ+aLyz0itPVXVm4IIpoWWx3MMqcLyTfC
kv0ZnUNEWoZqT8Yocdp339atTlPLHoKlBTRttnZbJHKG2+msGqs8/DAzMmbMoib/
xDY4OpAhHPGWSN1gf25eaElJDF/RccV0b7OzVmAegdVs7/swS535aE78S8nU/IU5
0jTee9MbDb1zNYTRz9f7Iq1DN78Gh+LuiJJ4Mz7CqvF1QMWHmyxF/1+qTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaheJ5FLiRu6u96nS0/1sQlHJoWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbHFGNG5rVXVKRzdxNzNxZExUX1d4Q1VjbWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTF9MA0G
CSqGSIb3DQEBCwUAA4IBAQBDYnVH3IykZy/JFGaSNsHBorQZ0aQxWRCx4DB9QcKo
38n4cVtXkaH3w+5csj3mX+cIa7LOotsVAaYaN1h5qb13dhpg/oiszx0U5/Fe9YBb
RQrkFCLssWGomHCUq/VjWzevJR5G+VItSYvXN1pGw9XylWFhUXqIdx1p3RdOr+NU
qWoP1nZSR+ALTMp3A339HiP+L8RbdorCH8cWd+XSfdNsUGydrMz021h4mMwqhwTt
XVrKnMMPFgTdM/ETdIJIRfBNYzAa+Y23D+rtGDCyF6hrm5+Zq9wbUcjzncrJNTll
QA0UgpNKrhb1dp8q01MYDZyBocB1mmIUvWnBXAuAu4Dq
-----END CERTIFICATE-----