Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tfP_Y6Ms_OBmmRuN6nr7CwLuZq4.roa
File:                     tfP_Y6Ms_OBmmRuN6nr7CwLuZq4.roa (raw, json)
Hash identifier:          02HwkoFKh5NPLKDhSFy8pcFVqa0cwUaVp+11W0u1+iQ=
Subject key identifier:   B5:F3:FF:63:A3:2C:FC:E0:66:99:1B:8D:EA:7A:FB:0B:02:EE:66:AE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EFF05974418939BFD425D15D0173A718B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tfP_Y6Ms_OBmmRuN6nr7CwLuZq4.roa
Signing time:             Thu 25 Jun 2026 13:43:37 +0000
ROA not before:           Thu 25 Jun 2026 13:43:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56971
IP address blocks:        217.145.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 07:24:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:05:97:44:18:93:9b:fd:42:5d:15:d0:17:3a:71:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 25 13:43:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5f3ff63a32cfce066991b8dea7afb0b02ee66ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f4:c9:61:6d:39:fb:7f:33:07:bc:2d:00:3b:
                    99:12:ed:a1:03:12:36:4c:88:d4:fb:b5:5d:2c:9a:
                    5b:be:4d:c3:36:68:19:18:49:b6:be:ae:7f:66:74:
                    8b:ef:b7:6c:2d:36:ad:68:f3:e6:f4:c6:73:bb:b0:
                    79:36:1e:5e:28:88:68:a3:ab:b9:39:6d:18:af:53:
                    6d:e7:d9:51:77:51:6d:56:9b:69:66:65:8a:5b:46:
                    02:85:d0:60:b2:aa:3a:03:9a:11:75:7f:27:52:d6:
                    ef:83:89:bf:24:2b:46:66:53:ae:10:31:a7:b0:75:
                    bb:2f:cb:33:c1:d2:83:09:ef:25:16:88:63:95:25:
                    9c:50:02:6e:be:82:ef:b0:74:23:66:74:d5:fa:d5:
                    d9:4c:45:f6:15:59:bf:60:c7:9d:45:2f:15:4e:12:
                    cd:f4:4a:e1:9e:61:76:33:aa:42:76:d8:6d:e6:8b:
                    0a:9f:79:d2:00:e5:65:7f:91:51:c6:0f:c6:6e:e4:
                    83:d6:0d:4b:fe:0b:c2:b9:12:71:9c:db:e1:2d:ef:
                    1c:1d:f7:47:bb:3a:87:17:ed:56:ac:ac:0a:b7:37:
                    24:ac:70:37:55:8c:d5:78:79:1f:a4:ff:a6:52:58:
                    9d:72:69:8b:d0:41:f2:77:4d:e7:b5:b3:a9:bf:a7:
                    df:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F3:FF:63:A3:2C:FC:E0:66:99:1B:8D:EA:7A:FB:0B:02:EE:66:AE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tfP_Y6Ms_OBmmRuN6nr7CwLuZq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f3:d7:13:58:00:85:ca:09:96:b5:f9:f2:df:30:71:f9:1e:
         27:6b:da:7f:6d:a4:f1:ef:7d:6d:a9:2e:e1:53:18:f1:9e:b8:
         00:63:62:8a:14:77:83:69:6b:69:33:64:0c:6a:c6:2d:54:31:
         3b:cb:01:ea:96:f6:fc:8b:e2:74:73:d2:27:46:89:ea:78:b8:
         b9:6c:d8:3b:27:3d:69:7f:5c:ee:96:6e:a4:01:dc:4f:ea:b1:
         d2:3b:b7:bf:aa:d3:99:a6:d1:39:cd:cb:1a:c1:74:f9:11:92:
         50:24:d8:b9:ec:53:82:c2:5c:eb:18:f5:d6:8b:71:3f:b0:89:
         50:69:bf:ab:f4:9e:ff:2f:92:bd:0a:12:eb:7b:56:41:fb:26:
         8e:fa:03:fe:b6:3a:65:5b:fb:9e:2d:1d:00:a4:d1:e8:79:2d:
         60:03:b7:40:87:78:07:64:31:35:9a:24:72:c0:7b:87:1a:d6:
         8c:30:97:cb:d6:c9:4f:0a:ea:ef:ce:ac:b4:35:25:5b:7a:e3:
         86:87:85:2a:ca:80:d5:e7:4c:2a:54:d3:f0:65:89:b6:78:e4:
         9b:db:df:ea:7c:4e:a1:f7:c5:13:74:d4:55:e4:a5:5e:d3:1c:
         fe:e5:71:f2:c6:b7:95:50:ab:58:14:ce:a0:07:34:b4:fb:61:
         48:8a:af:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7/BZdEGJOb/UJdFdAXOnGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjI1MTM0MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWYzZmY2M2EzMmNmY2UwNjY5OTFiOGRlYTdhZmIwYjAyZWU2NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfTJYW05+38zB7wtADuZEu2hAxI2
TIjU+7VdLJpbvk3DNmgZGEm2vq5/ZnSL77dsLTataPPm9MZzu7B5Nh5eKIhoo6u5
OW0Yr1Nt59lRd1FtVptpZmWKW0YChdBgsqo6A5oRdX8nUtbvg4m/JCtGZlOuEDGn
sHW7L8szwdKDCe8lFohjlSWcUAJuvoLvsHQjZnTV+tXZTEX2FVm/YMedRS8VThLN
9ErhnmF2M6pCdtht5osKn3nSAOVlf5FRxg/GbuSD1g1L/gvCuRJxnNvhLe8cHfdH
uzqHF+1WrKwKtzckrHA3VYzVeHkfpP+mUlidcmmL0EHyd03ntbOpv6ffeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXz/2OjLPzgZpkbjep6+wsC7mauMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdGZQX1k2TXNfT0JtbVJ1TjZucjdDd0x1WnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFPMA0G
CSqGSIb3DQEBCwUAA4IBAQBl89cTWACFygmWtfny3zBx+R4na9p/baTx731tqS7h
UxjxnrgAY2KKFHeDaWtpM2QMasYtVDE7ywHqlvb8i+J0c9InRonqeLi5bNg7Jz1p
f1zulm6kAdxP6rHSO7e/qtOZptE5zcsawXT5EZJQJNi57FOCwlzrGPXWi3E/sIlQ
ab+r9J7/L5K9ChLre1ZB+yaO+gP+tjplW/ueLR0ApNHoeS1gA7dAh3gHZDE1miRy
wHuHGtaMMJfL1slPCurvzqy0NSVbeuOGh4UqyoDV50wqVNPwZYm2eOSb29/qfE6h
98UTdNRV5KVe0xz+5XHyxreVUKtYFM6gBzS0+2FIiq8l
-----END CERTIFICATE-----