Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6ejghvUiISFFSxcFw94iWRg1XI.roa
File:                     z6ejghvUiISFFSxcFw94iWRg1XI.roa (raw, json)
Hash identifier:          UTQj4Bc08hP+dfWNgJ8ME7ic4PrHDzynQFB95LcQaFo=
Subject key identifier:   CF:A7:A3:82:1B:D4:88:84:85:15:2C:5C:17:0F:78:89:64:60:D5:72
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CE16A15BBC4734B1F1217CFE8F47AD31D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6ejghvUiISFFSxcFw94iWRg1XI.roa
Signing time:             Thu 12 Mar 2026 09:39:11 +0000
ROA not before:           Thu 12 Mar 2026 09:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141738
IP address blocks:        82.163.28.0/24 maxlen: 24
                          82.163.29.0/24 maxlen: 24
                          82.163.30.0/24 maxlen: 24
                          82.163.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 22:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:6a:15:bb:c4:73:4b:1f:12:17:cf:e8:f4:7a:d3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 12 09:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfa7a3821bd4888485152c5c170f78896460d572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:eb:c9:82:69:5c:3a:d4:32:bc:70:da:ca:3c:
                    3e:34:4c:97:d8:14:e9:a6:f7:54:93:39:17:19:b5:
                    02:4a:82:20:6c:29:08:ca:a4:08:69:60:38:f9:5a:
                    75:e7:9c:53:9d:11:35:2b:c0:c6:63:36:1b:f2:82:
                    9d:c7:de:cb:20:76:eb:bc:a8:df:87:46:06:78:5b:
                    01:ce:8b:75:11:e9:2d:98:9f:58:30:b1:8b:5d:1b:
                    87:54:47:fa:fe:5c:20:14:6f:03:bf:54:44:cf:e7:
                    cb:06:8e:c0:9e:6d:e2:d4:cd:66:ba:58:71:75:df:
                    f6:c8:9c:12:da:e9:f1:2c:9b:a5:a7:92:b2:8d:87:
                    96:af:a6:e5:b9:cb:9c:ca:ac:fc:a4:07:ea:13:1e:
                    84:43:a7:85:01:31:9c:fa:93:2a:e2:31:ba:1c:06:
                    e9:6f:c5:5a:61:fd:e5:b3:00:96:3f:ca:f0:a5:b6:
                    fc:f4:a4:6f:69:4b:fa:2e:05:b8:f8:ad:ba:24:40:
                    b3:8e:24:9b:3b:79:69:45:a8:2d:cc:a4:a6:b4:29:
                    5d:8b:b8:e3:f1:c1:40:56:7c:60:69:80:b5:b8:49:
                    38:18:f1:cd:d1:b8:4d:41:f6:98:b3:eb:aa:13:f1:
                    2a:3f:50:19:6f:fd:85:27:e3:2b:bd:59:cc:4c:80:
                    48:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A7:A3:82:1B:D4:88:84:85:15:2C:5C:17:0F:78:89:64:60:D5:72
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6ejghvUiISFFSxcFw94iWRg1XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:49:4d:91:78:84:91:5e:bb:49:2c:49:1c:1e:01:32:bd:73:
         22:3d:af:61:bb:b4:40:89:27:67:eb:8c:82:26:a6:f2:a9:4d:
         38:91:91:ab:52:48:0e:54:eb:3f:7e:1f:c8:a1:31:ca:35:29:
         f6:6c:b1:4f:52:81:6c:df:a8:b9:4b:38:68:56:96:0a:a4:cd:
         31:4f:9d:8b:af:06:05:2f:4d:9e:5f:96:d0:fb:36:ba:11:fa:
         24:f5:9c:02:ac:b4:59:64:b2:16:4b:6e:01:0d:2a:96:9c:94:
         aa:02:66:be:59:3b:e8:f0:07:94:0c:2a:3a:fa:50:4f:74:c0:
         5c:58:36:e9:aa:df:c8:44:66:18:45:b5:5a:86:22:76:82:de:
         ce:f1:c5:56:64:35:b2:26:1a:a8:3c:d9:9e:e4:29:c5:41:a1:
         2a:e0:e3:06:b3:1c:37:ed:35:91:22:2e:b0:7e:09:88:12:c5:
         5d:5e:60:99:9f:a7:01:11:a7:9a:bd:75:37:ce:10:cc:db:f4:
         54:2f:36:1d:1a:1a:64:6d:f5:89:0d:ae:a4:6f:99:54:a4:42:
         eb:e7:4b:cb:0c:f4:25:fe:80:1c:47:3e:e4:ac:3c:00:36:57:
         f5:0f:6f:92:03:f2:7e:4b:0c:b6:c0:62:8b:b7:4b:0e:f7:04:
         cb:2e:37:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhahW7xHNLHxIXz+j0etMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzEyMDkzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmE3YTM4MjFiZDQ4ODg0ODUxNTJjNWMxNzBmNzg4OTY0NjBkNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+vJgmlcOtQyvHDayjw+NEyX2BTp
pvdUkzkXGbUCSoIgbCkIyqQIaWA4+Vp155xTnRE1K8DGYzYb8oKdx97LIHbrvKjf
h0YGeFsBzot1EektmJ9YMLGLXRuHVEf6/lwgFG8Dv1REz+fLBo7Anm3i1M1mulhx
dd/2yJwS2unxLJulp5KyjYeWr6blucucyqz8pAfqEx6EQ6eFATGc+pMq4jG6HAbp
b8VaYf3lswCWP8rwpbb89KRvaUv6LgW4+K26JECzjiSbO3lpRagtzKSmtCldi7jj
8cFAVnxgaYC1uEk4GPHN0bhNQfaYs+uqE/EqP1AZb/2FJ+MrvVnMTIBIJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+no4Ib1IiEhRUsXBcPeIlkYNVyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvejZlamdodlVpSVNGRlN4Y0Z3OTRpV1JnMVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqMcMA0G
CSqGSIb3DQEBCwUAA4IBAQCKSU2ReISRXrtJLEkcHgEyvXMiPa9hu7RAiSdn64yC
JqbyqU04kZGrUkgOVOs/fh/IoTHKNSn2bLFPUoFs36i5SzhoVpYKpM0xT52LrwYF
L02eX5bQ+za6Efok9ZwCrLRZZLIWS24BDSqWnJSqAma+WTvo8AeUDCo6+lBPdMBc
WDbpqt/IRGYYRbVahiJ2gt7O8cVWZDWyJhqoPNme5CnFQaEq4OMGsxw37TWRIi6w
fgmIEsVdXmCZn6cBEaeavXU3zhDM2/RULzYdGhpkbfWJDa6kb5lUpELr50vLDPQl
/oAcRz7krDwANlf1D2+SA/J+Swy2wGKLt0sO9wTLLje/
-----END CERTIFICATE-----