Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xj2yTig6zyWk3PeM3K4zSO59Vlc.roa
File:                     xj2yTig6zyWk3PeM3K4zSO59Vlc.roa (raw, json)
Hash identifier:          2FHunIaVAPcs2l8Ae+s/g9sOfcPDWOYH77e90/s4dWY=
Subject key identifier:   C6:3D:B2:4E:28:3A:CF:25:A4:DC:F7:8C:DC:AE:33:48:EE:7D:56:57
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EF94F7BD3D7CA7A7EDF8AC27A4BCCC840
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xj2yTig6zyWk3PeM3K4zSO59Vlc.roa
Signing time:             Wed 24 Jun 2026 11:06:36 +0000
ROA not before:           Wed 24 Jun 2026 11:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402315
IP address blocks:        82.153.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 17:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:4f:7b:d3:d7:ca:7a:7e:df:8a:c2:7a:4b:cc:c8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 24 11:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c63db24e283acf25a4dcf78cdcae3348ee7d5657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:16:f8:9b:c2:b7:b7:62:2f:c1:29:bd:88:e3:
                    4e:67:27:ec:19:c5:f0:ea:f8:8f:6d:68:c8:ab:79:
                    cc:f6:d8:b0:21:23:f8:9a:9c:85:a1:ff:b5:4f:0c:
                    0d:c8:d9:d8:17:0f:25:70:16:c5:1b:45:cb:85:5f:
                    a1:41:95:7d:af:af:32:b7:7d:b6:c2:23:f9:a9:cf:
                    06:c5:90:93:cb:53:24:7b:86:45:c9:39:26:09:e9:
                    43:d3:f5:a7:f7:f5:1b:54:06:27:aa:ba:a0:cc:3e:
                    52:0f:8c:20:45:83:87:c2:f5:ac:d4:13:5b:20:58:
                    b9:8e:6f:06:c0:5c:12:da:c4:01:da:66:4d:a6:de:
                    ca:59:d8:37:48:79:29:13:2f:74:26:b2:c3:27:88:
                    22:5d:04:14:05:c6:19:a6:73:9a:3b:41:80:1f:02:
                    10:07:5a:7c:0c:bd:6d:bc:fa:53:ec:72:59:ed:d1:
                    8e:e2:a3:f8:fa:69:d6:72:cb:3d:d9:d8:6f:e2:f8:
                    11:32:79:bf:67:6c:c1:86:04:2f:72:98:46:5f:71:
                    7f:26:3f:bc:24:0e:d8:49:bd:a1:8e:24:72:33:31:
                    16:8a:77:59:b1:22:96:e5:b8:92:b3:aa:5e:6b:31:
                    b6:b2:c9:3e:64:3b:a5:65:a7:5a:75:f3:a6:9c:3e:
                    f8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3D:B2:4E:28:3A:CF:25:A4:DC:F7:8C:DC:AE:33:48:EE:7D:56:57
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xj2yTig6zyWk3PeM3K4zSO59Vlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:30:8b:a9:bd:95:c9:24:f1:6a:83:42:57:f5:eb:d0:6b:da:
         f2:75:0d:cf:38:5f:53:b0:92:b3:0b:67:f5:8d:62:92:d5:23:
         55:f7:29:db:a7:ff:29:4c:aa:dc:42:8c:1b:71:e0:21:5a:41:
         f9:fc:a2:c4:13:50:ea:bd:cc:91:4f:f1:e7:c6:1f:b0:f8:13:
         3e:1b:fb:a9:d6:7e:09:17:3f:30:20:d0:42:08:dc:de:e3:d9:
         c5:9a:70:58:df:e3:c2:fa:fc:bf:8b:f1:82:68:80:1c:a0:e8:
         17:90:86:69:ba:45:3b:3a:0a:d2:4d:9e:1f:e0:e3:70:e9:78:
         53:4e:66:7c:a1:24:cd:62:3e:9f:71:a8:29:e2:11:1e:59:02:
         fb:2d:0e:7a:fa:9b:1c:80:7a:f3:e7:f1:9b:b8:de:15:23:51:
         5a:90:3e:e6:93:cc:14:d2:31:42:2c:b6:dd:b6:08:18:0d:bb:
         be:a8:f1:c2:f2:47:04:b0:48:92:fb:a2:e2:c2:48:e5:28:c9:
         22:8d:0a:d2:5d:54:42:6b:ee:36:4a:00:d0:ba:fa:2c:47:0c:
         ed:97:c2:44:78:23:17:b4:1b:78:1b:08:a1:13:bb:45:79:11:
         64:94:96:5f:85:16:1d:48:19:fa:ca:77:0c:c5:58:4a:5f:6c:
         ff:90:a3:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ75T3vT18p6ft+KwnpLzMhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjI0MTEwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNkYjI0ZTI4M2FjZjI1YTRkY2Y3OGNkY2FlMzM0OGVlN2Q1NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRb4m8K3t2IvwSm9iONOZyfsGcXw
6viPbWjIq3nM9tiwISP4mpyFof+1TwwNyNnYFw8lcBbFG0XLhV+hQZV9r68yt322
wiP5qc8GxZCTy1Mke4ZFyTkmCelD0/Wn9/UbVAYnqrqgzD5SD4wgRYOHwvWs1BNb
IFi5jm8GwFwS2sQB2mZNpt7KWdg3SHkpEy90JrLDJ4giXQQUBcYZpnOaO0GAHwIQ
B1p8DL1tvPpT7HJZ7dGO4qP4+mnWcss92dhv4vgRMnm/Z2zBhgQvcphGX3F/Jj+8
JA7YSb2hjiRyMzEWindZsSKW5biSs6peazG2ssk+ZDulZadadfOmnD74NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY9sk4oOs8lpNz3jNyuM0jufVZXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveGoyeVRpZzZ6eVdrM1BlTTNLNHpTTzU5VmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpliMA0G
CSqGSIb3DQEBCwUAA4IBAQBuMIupvZXJJPFqg0JX9evQa9rydQ3POF9TsJKzC2f1
jWKS1SNV9ynbp/8pTKrcQowbceAhWkH5/KLEE1DqvcyRT/Hnxh+w+BM+G/up1n4J
Fz8wINBCCNze49nFmnBY3+PC+vy/i/GCaIAcoOgXkIZpukU7OgrSTZ4f4ONw6XhT
TmZ8oSTNYj6fcagp4hEeWQL7LQ56+pscgHrz5/GbuN4VI1FakD7mk8wU0jFCLLbd
tggYDbu+qPHC8kcEsEiS+6LiwkjlKMkijQrSXVRCa+42SgDQuvosRwztl8JEeCMX
tBt4GwihE7tFeRFklJZfhRYdSBn6yncMxVhKX2z/kKMF
-----END CERTIFICATE-----