Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo3HmaGGFI_wmQtbnQPt7xxEAWs.roa
File:                     oo3HmaGGFI_wmQtbnQPt7xxEAWs.roa (raw, json)
Hash identifier:          ad8S5Y9RFLnW+zDbHfkssbPgB/5cph2uIxMvYj0ZO2E=
Subject key identifier:   A2:8D:C7:99:A1:86:14:8F:F0:99:0B:5B:9D:03:ED:EF:1C:44:01:6B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CADA3538929B38F6C304A563B99F85A8C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo3HmaGGFI_wmQtbnQPt7xxEAWs.roa
Signing time:             Mon 02 Mar 2026 08:21:28 +0000
ROA not before:           Mon 02 Mar 2026 08:21:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        109.176.213.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          217.144.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 07:50:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:a3:53:89:29:b3:8f:6c:30:4a:56:3b:99:f8:5a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  2 08:21:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a28dc799a186148ff0990b5b9d03edef1c44016b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bb:84:c9:36:1f:21:10:dd:b2:06:45:25:9f:
                    fd:8a:00:3a:9b:c2:ba:37:c8:f6:69:1f:0b:df:de:
                    1e:aa:5a:7d:37:2d:f4:93:cb:f4:e5:85:98:b2:c9:
                    a6:3d:0a:94:04:a7:0b:58:b0:0f:08:92:71:72:cd:
                    bf:ea:71:1d:00:46:1a:37:b0:83:2f:fa:05:b7:dc:
                    db:f7:e9:b7:1c:34:07:24:4d:6d:b7:ea:90:bb:8b:
                    c9:9e:ec:a3:53:11:14:59:41:81:48:19:11:f8:8f:
                    b4:4f:13:16:60:da:6b:b5:0b:a2:f7:4c:74:de:3d:
                    63:d7:ee:6a:4a:17:1f:ad:d0:9c:93:45:6c:4a:22:
                    d6:05:32:ed:ec:3a:62:72:32:f4:60:ee:9d:01:8c:
                    ef:bc:08:d2:e3:de:0d:c4:ea:6c:54:fe:99:0c:88:
                    f9:9d:aa:e3:49:6c:5e:16:9c:6e:29:2c:43:0a:5b:
                    5f:19:db:24:1a:9e:f1:34:95:95:fe:09:61:2c:7a:
                    1b:fe:d7:34:3c:9d:e5:a0:05:9b:db:d5:91:94:32:
                    0b:4a:d2:1e:af:eb:f9:75:ef:85:03:b3:b3:93:eb:
                    8c:da:2d:3a:1a:4a:a3:3b:ee:5f:77:8b:08:68:25:
                    e0:f6:eb:45:01:e3:dd:88:75:4c:72:03:9f:65:e4:
                    25:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8D:C7:99:A1:86:14:8F:F0:99:0B:5B:9D:03:ED:EF:1C:44:01:6B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo3HmaGGFI_wmQtbnQPt7xxEAWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.213.0/24
                  185.49.124.0/24
                  217.144.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:38:63:3a:a0:1f:5d:3d:f0:ac:aa:be:10:e1:fa:72:2f:2d:
         9b:7e:b1:b3:8f:41:84:ff:75:af:27:c1:a0:74:c5:5e:9f:c2:
         f5:a9:bd:36:e0:3d:96:ba:3f:c5:11:04:54:0b:c4:10:3d:c4:
         18:05:ad:3b:f0:f2:73:17:b5:b2:83:bd:6e:fb:50:eb:df:87:
         68:ed:d3:5a:c8:85:21:4c:e4:7d:98:90:ab:a6:fa:75:29:7f:
         c8:ee:88:bb:4c:0e:0b:76:d3:32:93:82:b7:73:f4:b5:5b:4b:
         2f:c8:af:23:78:81:1d:47:00:c4:39:94:76:65:b8:06:6f:37:
         42:1b:3e:cf:bd:c7:b6:17:1c:eb:19:e1:52:68:cc:38:9f:7a:
         4d:2b:c2:22:41:48:a9:2b:69:78:1a:fc:93:53:4c:3e:be:5b:
         81:ff:64:ad:a0:ac:87:bf:08:8e:d7:41:c0:e9:e9:90:43:8d:
         ff:70:0d:14:c4:df:b0:72:ad:71:a9:33:dd:3a:bb:34:37:b6:
         2b:f3:82:10:1f:2e:44:33:5b:70:85:9d:63:eb:ff:6d:4b:09:
         a4:92:5b:05:5d:23:30:94:35:0a:d1:1e:11:a1:cf:9b:05:a5:
         b3:4f:3c:1e:eb:69:16:33:26:52:26:ca:f0:5e:77:44:90:92:
         48:44:8c:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyto1OJKbOPbDBKVjuZ+FqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzAyMDgyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjhkYzc5OWExODYxNDhmZjA5OTBiNWI5ZDAzZWRlZjFjNDQwMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7uEyTYfIRDdsgZFJZ/9igA6m8K6
N8j2aR8L394eqlp9Ny30k8v05YWYssmmPQqUBKcLWLAPCJJxcs2/6nEdAEYaN7CD
L/oFt9zb9+m3HDQHJE1tt+qQu4vJnuyjUxEUWUGBSBkR+I+0TxMWYNprtQui90x0
3j1j1+5qShcfrdCck0VsSiLWBTLt7DpicjL0YO6dAYzvvAjS494NxOpsVP6ZDIj5
narjSWxeFpxuKSxDCltfGdskGp7xNJWV/glhLHob/tc0PJ3loAWb29WRlDILStIe
r+v5de+FA7Ozk+uM2i06GkqjO+5fd4sIaCXg9utFAePdiHVMcgOfZeQlpQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKKNx5mhhhSP8JkLW50D7e8cRAFrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb28zSG1hR0dGSV93bVF0Ym5RUHQ3eHhFQVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbbDVAwQA
uTF8AwQA2ZCZMA0GCSqGSIb3DQEBCwUAA4IBAQBpOGM6oB9dPfCsqr4Q4fpyLy2b
frGzj0GE/3WvJ8GgdMVen8L1qb024D2Wuj/FEQRUC8QQPcQYBa078PJzF7Wyg71u
+1Dr34do7dNayIUhTOR9mJCrpvp1KX/I7oi7TA4LdtMyk4K3c/S1W0svyK8jeIEd
RwDEOZR2ZbgGbzdCGz7Pvce2FxzrGeFSaMw4n3pNK8IiQUipK2l4GvyTU0w+vluB
/2StoKyHvwiO10HA6emQQ43/cA0UxN+wcq1xqTPdOrs0N7Yr84IQHy5EM1twhZ1j
6/9tSwmkklsFXSMwlDUK0R4Roc+bBaWzTzwe62kWMyZSJsrwXndEkJJIRIwD
-----END CERTIFICATE-----