Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ywljV6YOokNwxnIkarzmPjwm210.roa
File:                     ywljV6YOokNwxnIkarzmPjwm210.roa (raw, json)
Hash identifier:          3+cqjIlcfftn32mda8yV8ysKig7SlzGra3lT98C0gbw=
Subject key identifier:   CB:09:63:57:A6:0E:A2:43:70:C6:72:24:6A:BC:E6:3E:3C:26:DB:5D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DCE295379BD8ABE8272E08C63E2864E79
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ywljV6YOokNwxnIkarzmPjwm210.roa
Signing time:             Mon 27 Apr 2026 08:58:27 +0000
ROA not before:           Mon 27 Apr 2026 08:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198383
IP address blocks:        77.93.150.0/23 maxlen: 23
                          109.176.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:29:53:79:bd:8a:be:82:72:e0:8c:63:e2:86:4e:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 27 08:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb096357a60ea24370c672246abce63e3c26db5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:41:02:c1:d4:07:e8:b0:e3:6a:4c:53:54:92:
                    ab:6a:5a:17:cb:68:fd:c6:f7:45:50:85:aa:13:12:
                    2d:15:32:53:21:ee:67:c2:5d:fb:92:44:b7:5b:36:
                    53:90:d9:d8:e1:8e:e1:77:ec:48:e5:77:f8:9b:57:
                    62:ce:04:5c:28:37:9b:19:e3:c1:79:76:09:49:cb:
                    4a:d7:21:a7:d0:38:7e:bb:a4:b7:dc:4f:c9:be:9d:
                    6c:5c:02:07:bf:11:3b:d6:cb:66:a8:90:a9:14:f9:
                    aa:2b:5e:3a:d5:3a:0b:20:a9:5f:25:5c:3a:89:1d:
                    5a:f9:a6:1f:44:d0:ac:c9:6e:f9:ad:b0:b3:27:07:
                    45:ef:53:d5:c7:66:d7:f4:40:c3:03:03:25:21:e5:
                    16:d7:79:69:19:45:5e:f2:38:66:6e:4b:6f:2f:bb:
                    f2:89:98:83:bc:8f:07:4d:3d:23:cc:ed:64:fc:97:
                    99:a8:b3:84:e8:04:36:1a:fb:3a:fd:a6:ce:5c:4e:
                    39:f8:e4:c2:09:c1:51:2b:cc:99:da:15:68:51:d7:
                    3f:3e:4e:e0:1d:00:90:f4:5a:97:ec:5d:02:2f:13:
                    ef:45:0b:82:a4:98:02:f3:48:63:1a:9f:40:42:8e:
                    0e:2c:76:74:2e:94:51:7d:28:4a:af:fa:20:ab:3c:
                    cf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:09:63:57:A6:0E:A2:43:70:C6:72:24:6A:BC:E6:3E:3C:26:DB:5D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ywljV6YOokNwxnIkarzmPjwm210.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.150.0/23
                  109.176.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:84:04:b1:7c:f3:e6:da:ff:19:7f:d0:7c:12:4f:2a:e2:4e:
         b8:b1:dd:e8:ad:ba:2d:87:8c:b8:d9:f2:58:80:c7:13:7c:cf:
         c9:e4:e3:0b:db:d3:2c:2e:3e:58:39:59:05:b5:e2:4c:cc:92:
         61:99:85:8c:31:45:79:ac:0d:45:50:53:1f:75:1e:16:4b:e2:
         da:11:16:6a:6a:17:36:7c:b6:76:37:f7:70:4d:b0:7b:56:c0:
         ac:59:ff:e4:25:6e:14:5f:47:7a:ae:72:15:cd:d0:0b:3b:5a:
         82:ba:d0:b0:75:23:e1:a0:53:37:21:7e:f1:e9:01:79:c1:89:
         6b:88:42:f8:6b:34:3f:99:c2:9a:86:f6:79:9f:4a:e2:22:ac:
         30:d8:4b:74:31:36:b1:4e:af:ba:e6:5d:b7:c5:50:31:f5:54:
         59:f0:7e:4d:52:02:3b:8f:5a:31:17:3a:a0:f8:8b:ad:bf:9a:
         57:01:35:5b:e9:e6:27:b4:07:96:bb:04:e5:97:5e:f7:79:8c:
         5b:b6:7d:53:27:cb:af:3e:ad:eb:10:88:9e:64:6b:de:8f:de:
         c9:4c:16:ee:30:72:84:24:02:0c:1e:8d:82:2c:a8:ae:77:5d:
         f8:87:ef:53:ea:7a:15:66:bc:69:1f:2f:22:ec:d6:fe:35:c1:
         2f:25:a3:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3OKVN5vYq+gnLgjGPihk55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDI3MDg1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjA5NjM1N2E2MGVhMjQzNzBjNjcyMjQ2YWJjZTYzZTNjMjZkYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kECwdQH6LDjakxTVJKraloXy2j9
xvdFUIWqExItFTJTIe5nwl37kkS3WzZTkNnY4Y7hd+xI5Xf4m1dizgRcKDebGePB
eXYJSctK1yGn0Dh+u6S33E/Jvp1sXAIHvxE71stmqJCpFPmqK1461ToLIKlfJVw6
iR1a+aYfRNCsyW75rbCzJwdF71PVx2bX9EDDAwMlIeUW13lpGUVe8jhmbktvL7vy
iZiDvI8HTT0jzO1k/JeZqLOE6AQ2Gvs6/abOXE45+OTCCcFRK8yZ2hVoUdc/Pk7g
HQCQ9FqX7F0CLxPvRQuCpJgC80hjGp9AQo4OLHZ0LpRRfShKr/ogqzzPiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMsJY1emDqJDcMZyJGq85j48JttdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveXdsalY2WU9va053eG5Ja2Fyem1QandtMjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTV2WAwQB
bbDMMA0GCSqGSIb3DQEBCwUAA4IBAQAOhASxfPPm2v8Zf9B8Ek8q4k64sd3orbot
h4y42fJYgMcTfM/J5OML29MsLj5YOVkFteJMzJJhmYWMMUV5rA1FUFMfdR4WS+La
ERZqahc2fLZ2N/dwTbB7VsCsWf/kJW4UX0d6rnIVzdALO1qCutCwdSPhoFM3IX7x
6QF5wYlriEL4azQ/mcKahvZ5n0riIqww2Et0MTaxTq+65l23xVAx9VRZ8H5NUgI7
j1oxFzqg+Iutv5pXATVb6eYntAeWuwTll173eYxbtn1TJ8uvPq3rEIieZGvej97J
TBbuMHKEJAIMHo2CLKiud134h+9T6noVZrxpHy8i7Nb+NcEvJaNs
-----END CERTIFICATE-----