Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q0lSyM5g_yFQR8LB-_cNMzPQUr8.roa
File:                     q0lSyM5g_yFQR8LB-_cNMzPQUr8.roa (raw, json)
Hash identifier:          MFODByj9XRn27gcZ2FtYXBTKJM3163c9aoQxKSH927o=
Subject key identifier:   AB:49:52:C8:CE:60:FF:21:50:47:C2:C1:FB:F7:0D:33:33:D0:52:BF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CB7D39B6129323DE8DE8F7B4AB88863B0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q0lSyM5g_yFQR8LB-_cNMzPQUr8.roa
Signing time:             Wed 04 Mar 2026 07:50:24 +0000
ROA not before:           Wed 04 Mar 2026 07:50:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        213.218.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:d3:9b:61:29:32:3d:e8:de:8f:7b:4a:b8:88:63:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  4 07:50:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab4952c8ce60ff215047c2c1fbf70d3333d052bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e4:9a:72:ee:ac:a0:99:28:e7:ac:e7:28:3b:
                    7a:1d:9d:63:5c:e3:e5:8d:e1:bb:07:7d:bc:83:a1:
                    9b:91:a3:b2:98:56:a2:bd:c3:d0:47:68:b2:8b:92:
                    1a:8c:7d:6b:93:46:ac:85:a0:44:f1:fa:d4:39:d8:
                    00:89:1b:ca:24:c3:ed:ff:b4:f1:f4:f8:ac:35:5c:
                    13:e5:77:87:f4:57:e2:55:11:8f:d6:d4:ea:83:a6:
                    d9:22:79:c0:c1:05:ac:c5:1a:9f:7e:a9:da:28:f6:
                    24:7d:e3:5f:f4:48:77:b3:a8:89:4d:f9:27:71:93:
                    36:44:c4:61:2c:24:34:d4:d4:40:df:fb:68:6d:6c:
                    73:62:07:00:40:97:c3:01:01:17:94:be:cb:cb:f3:
                    45:41:a5:54:f1:6b:ac:65:9a:e9:53:6d:f0:7a:dc:
                    e1:ed:17:5c:a4:fe:44:60:a8:f6:42:b9:4d:48:7b:
                    6d:6b:cc:07:b9:b6:dc:35:9c:c7:14:9d:1f:90:e3:
                    12:13:89:b4:89:97:a5:df:3b:53:1c:9e:aa:20:eb:
                    de:c4:48:64:bc:ae:31:98:2f:4c:05:34:05:20:38:
                    18:0a:d3:22:ea:a3:71:ce:25:93:5b:69:8a:8e:84:
                    d2:c6:07:d5:7c:9c:ca:07:0b:e7:33:6d:bf:35:ad:
                    6f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:49:52:C8:CE:60:FF:21:50:47:C2:C1:FB:F7:0D:33:33:D0:52:BF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q0lSyM5g_yFQR8LB-_cNMzPQUr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:3e:6c:37:df:79:f4:67:f0:5e:63:f7:75:d3:f6:0c:9c:75:
         65:cc:03:1e:1f:c9:a8:f1:34:62:d1:a3:7c:af:f1:3e:a7:ce:
         8e:f3:ab:e4:82:78:b6:ad:f9:7f:7f:65:f6:28:b4:51:39:b6:
         fd:cd:16:2c:9b:14:a5:3c:ec:1a:fc:09:78:61:91:a9:ff:70:
         34:d2:2c:f0:bc:3d:f4:94:bd:74:05:eb:3e:0a:6c:72:aa:6c:
         42:e8:97:4a:ab:ff:83:29:d8:62:80:f8:a0:d7:a3:03:d5:95:
         27:30:05:ab:0e:bc:3f:86:61:c8:53:29:20:c9:63:e7:3c:68:
         c1:95:48:4a:08:71:64:c8:31:41:f2:fa:78:bd:81:9e:24:fe:
         95:f8:4e:71:43:5e:5c:68:ba:06:47:08:88:f3:56:08:b4:04:
         56:1a:bc:71:29:0c:62:0e:77:3b:ca:f4:91:e9:4d:e0:21:11:
         cf:91:e5:24:26:ff:cc:1c:1e:73:ee:8b:f5:50:55:e7:79:da:
         fe:fd:47:14:65:b2:fb:41:50:40:18:43:0f:76:93:70:83:1c:
         9c:f6:4d:40:92:8b:5a:cc:dd:74:d2:52:5b:66:f9:f4:4e:ec:
         14:8f:71:01:c9:07:d7:9c:20:ac:e2:3e:e0:9e:47:e5:76:7c:
         f3:90:4c:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy305thKTI96N6Pe0q4iGOwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzA0MDc1MDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ5NTJjOGNlNjBmZjIxNTA0N2MyYzFmYmY3MGQzMzMzZDA1MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOSacu6soJko56znKDt6HZ1jXOPl
jeG7B328g6GbkaOymFaivcPQR2iyi5IajH1rk0ashaBE8frUOdgAiRvKJMPt/7Tx
9PisNVwT5XeH9FfiVRGP1tTqg6bZInnAwQWsxRqffqnaKPYkfeNf9Eh3s6iJTfkn
cZM2RMRhLCQ01NRA3/tobWxzYgcAQJfDAQEXlL7Ly/NFQaVU8WusZZrpU23wetzh
7RdcpP5EYKj2QrlNSHtta8wHubbcNZzHFJ0fkOMSE4m0iZel3ztTHJ6qIOvexEhk
vK4xmC9MBTQFIDgYCtMi6qNxziWTW2mKjoTSxgfVfJzKBwvnM22/Na1vKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtJUsjOYP8hUEfCwfv3DTMz0FK/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcTBsU3lNNWdfeUZRUjhMQi1fY05NelBRVXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drqMA0G
CSqGSIb3DQEBCwUAA4IBAQApPmw333n0Z/BeY/d10/YMnHVlzAMeH8mo8TRi0aN8
r/E+p86O86vkgni2rfl/f2X2KLRRObb9zRYsmxSlPOwa/Al4YZGp/3A00izwvD30
lL10Bes+CmxyqmxC6JdKq/+DKdhigPig16MD1ZUnMAWrDrw/hmHIUykgyWPnPGjB
lUhKCHFkyDFB8vp4vYGeJP6V+E5xQ15caLoGRwiI81YItARWGrxxKQxiDnc7yvSR
6U3gIRHPkeUkJv/MHB5z7ov1UFXnedr+/UcUZbL7QVBAGEMPdpNwgxyc9k1Akota
zN100lJbZvn0TuwUj3EByQfXnCCs4j7gnkfldnzzkEzp
-----END CERTIFICATE-----