Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rMa6x66VjhI24kKPvXQX2GY885A.roa
File:                     rMa6x66VjhI24kKPvXQX2GY885A.roa (raw, json)
Hash identifier:          04WAmSOKfO+tw7SG9YE3Xo8K8uDN7/C13ya58K8nrMw=
Subject key identifier:   AC:C6:BA:C7:AE:95:8E:12:36:E2:42:8F:BD:74:17:D8:66:3C:F3:90
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CB957D87C8CB4FA512E046D5C52FF1D4D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rMa6x66VjhI24kKPvXQX2GY885A.roa
Signing time:             Wed 04 Mar 2026 14:54:27 +0000
ROA not before:           Wed 04 Mar 2026 14:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        80.240.90.0/24 maxlen: 24
                          81.168.32.0/24 maxlen: 24
                          213.210.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:57:d8:7c:8c:b4:fa:51:2e:04:6d:5c:52:ff:1d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  4 14:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acc6bac7ae958e1236e2428fbd7417d8663cf390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0b:36:4e:cf:23:07:b9:14:82:a0:93:96:72:
                    e8:e4:34:16:5d:76:cb:72:48:f5:81:7a:cb:94:0a:
                    df:ed:55:8a:09:00:d8:bb:7e:18:dc:9f:a9:94:55:
                    fe:94:1c:27:21:cb:2f:ef:e1:4b:ff:08:03:4c:02:
                    93:c8:22:6c:e0:18:c6:9b:51:5b:93:37:7b:7f:ee:
                    df:9a:4b:64:ab:31:b6:80:a9:53:c5:1d:80:85:cd:
                    d2:e9:4f:a7:c1:96:0f:ca:b1:98:2e:e9:43:02:44:
                    7d:de:65:1a:4b:6a:9d:35:8f:ce:06:d9:96:9a:c3:
                    da:22:5b:9e:42:02:94:29:75:7f:60:64:0c:56:a6:
                    41:e3:e9:5f:9c:6d:59:66:80:22:fe:b4:4e:35:01:
                    ae:c4:e8:36:14:c3:cd:8d:de:84:09:0b:c3:7e:bf:
                    f0:f4:be:cb:ce:ec:c5:33:04:a1:9d:f2:85:06:0a:
                    a3:93:97:d5:d8:da:6a:6e:8a:b2:0d:77:be:c3:b6:
                    8b:4f:98:3a:9c:c6:a5:54:05:4f:61:b0:80:bf:ac:
                    55:76:12:a2:14:ed:df:1b:4b:09:10:57:72:41:32:
                    9b:de:2f:78:bf:39:c5:68:1e:7b:03:91:67:e0:3e:
                    bd:98:7c:a1:5a:6c:2a:99:c6:a8:0f:7d:5d:0d:6d:
                    8c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C6:BA:C7:AE:95:8E:12:36:E2:42:8F:BD:74:17:D8:66:3C:F3:90
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rMa6x66VjhI24kKPvXQX2GY885A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.90.0/24
                  81.168.32.0/24
                  213.210.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:80:f6:a4:ca:1f:c1:c1:e7:a1:74:ab:d3:7c:5b:6e:60:56:
         94:51:8d:9c:22:1e:eb:09:41:20:a1:5a:f4:4d:ca:7f:fd:55:
         6f:38:b8:be:34:c1:55:24:61:e0:74:c0:4c:26:9b:4b:5e:10:
         11:12:7d:9f:d1:70:c9:7e:09:66:fc:61:d6:3b:07:19:7f:6a:
         1d:aa:2f:0c:3c:18:ea:a1:e2:6f:9a:d7:d8:92:8c:0e:13:65:
         00:8d:34:c5:2b:5e:a2:c9:59:e4:b2:01:97:b5:c0:43:33:a2:
         e3:f4:9e:c2:dc:2d:af:84:f7:0a:c5:d6:c2:c9:36:df:ac:a5:
         21:fb:b6:3b:a8:84:a0:67:e8:33:2c:1a:f4:c3:7c:34:ab:bb:
         4b:5d:ff:58:6c:52:99:58:2f:c6:6c:4b:36:35:a7:1f:e2:93:
         62:8c:23:f0:bb:22:28:23:4e:e2:3c:de:7e:37:13:f7:08:2d:
         31:69:d4:10:0c:b4:90:3a:f5:da:38:94:3d:c8:7d:61:de:83:
         8d:54:51:b5:c4:2a:c3:d6:3f:25:a4:bc:a1:71:3c:ec:45:5e:
         f7:07:94:6d:97:48:a2:52:1a:b5:6c:53:d1:6c:b0:f8:61:d2:
         5e:65:8d:69:ea:cb:96:3b:8d:d6:0a:4c:b2:42:91:a7:de:1c:
         47:1c:b3:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy5V9h8jLT6US4EbVxS/x1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzA0MTQ1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M2YmFjN2FlOTU4ZTEyMzZlMjQyOGZiZDc0MTdkODY2M2NmMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAs2Ts8jB7kUgqCTlnLo5DQWXXbL
ckj1gXrLlArf7VWKCQDYu34Y3J+plFX+lBwnIcsv7+FL/wgDTAKTyCJs4BjGm1Fb
kzd7f+7fmktkqzG2gKlTxR2Ahc3S6U+nwZYPyrGYLulDAkR93mUaS2qdNY/OBtmW
msPaIlueQgKUKXV/YGQMVqZB4+lfnG1ZZoAi/rRONQGuxOg2FMPNjd6ECQvDfr/w
9L7LzuzFMwShnfKFBgqjk5fV2NpqboqyDXe+w7aLT5g6nMalVAVPYbCAv6xVdhKi
FO3fG0sJEFdyQTKb3i94vznFaB57A5Fn4D69mHyhWmwqmcaoD31dDW2M1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKzGuseulY4SNuJCj710F9hmPPOQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvck1hNng2NlZqaEkyNGtLUHZYUVgyR1k4ODVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPBaAwQA
UaggAwQA1dIcMA0GCSqGSIb3DQEBCwUAA4IBAQCngPakyh/BweehdKvTfFtuYFaU
UY2cIh7rCUEgoVr0Tcp//VVvOLi+NMFVJGHgdMBMJptLXhAREn2f0XDJfglm/GHW
OwcZf2odqi8MPBjqoeJvmtfYkowOE2UAjTTFK16iyVnksgGXtcBDM6Lj9J7C3C2v
hPcKxdbCyTbfrKUh+7Y7qISgZ+gzLBr0w3w0q7tLXf9YbFKZWC/GbEs2Nacf4pNi
jCPwuyIoI07iPN5+NxP3CC0xadQQDLSQOvXaOJQ9yH1h3oONVFG1xCrD1j8lpLyh
cTzsRV73B5Rtl0iiUhq1bFPRbLD4YdJeZY1p6suWO43WCkyyQpGn3hxHHLMY
-----END CERTIFICATE-----