Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/O4AfeQRuIMAMeO6z8kLbpZ8Hvoo.roa
File:                     O4AfeQRuIMAMeO6z8kLbpZ8Hvoo.roa (raw, json)
Hash identifier:          MfH6CEUlmmWEGp0pDdZfESoeoH136H9ZL7h9lRJnDwk=
Subject key identifier:   3B:80:1F:79:04:6E:20:C0:0C:78:EE:B3:F2:42:DB:A5:9F:07:BE:8A
Certificate issuer:       /CN=60e773dbfb75957f0cc5c863fcce76ca58a39308
Certificate serial:       019DB06CB21B8E3935FD56EA59CCC786E3AB
Authority key identifier: 60:E7:73:DB:FB:75:95:7F:0C:C5:C8:63:FC:CE:76:CA:58:A3:93:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/O4AfeQRuIMAMeO6z8kLbpZ8Hvoo.roa
Signing time:             Tue 21 Apr 2026 14:23:26 +0000
ROA not before:           Tue 21 Apr 2026 14:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209425
IP address blocks:        81.30.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:6c:b2:1b:8e:39:35:fd:56:ea:59:cc:c7:86:e3:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60e773dbfb75957f0cc5c863fcce76ca58a39308
        Validity
            Not Before: Apr 21 14:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b801f79046e20c00c78eeb3f242dba59f07be8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:56:e4:37:a0:96:ec:24:94:34:f4:bb:bd:5e:
                    98:96:b0:1e:0c:3a:19:f2:54:ea:81:56:fa:ea:a1:
                    92:27:35:35:90:21:e7:eb:51:47:0a:50:ac:eb:1e:
                    44:f2:5c:cf:c2:b6:08:37:7f:8b:f8:2e:03:df:52:
                    8f:ac:e1:62:8f:f4:1a:68:57:63:fd:51:e5:a5:a7:
                    f3:6c:91:8e:4b:61:09:03:38:31:b4:a8:71:9b:2b:
                    ac:16:b8:e3:d0:a8:ba:8e:5c:cc:5f:a1:a0:fe:20:
                    98:b9:e3:84:89:b3:a0:f2:fc:66:7b:ee:85:dd:28:
                    0a:e3:a5:80:42:6f:21:59:1e:44:85:4c:38:39:a4:
                    56:a7:69:07:9c:38:25:c5:03:df:c7:c7:08:09:56:
                    69:8f:66:2e:0c:9a:49:53:4a:3e:99:b5:be:55:ff:
                    2d:f2:19:6a:04:fb:db:85:9c:d4:9b:6c:63:84:fa:
                    82:86:36:4c:48:c8:d5:c5:ac:e2:4e:64:e6:94:02:
                    29:2e:fb:60:e0:23:c1:11:2d:b3:11:45:2b:76:50:
                    e9:2b:b1:a6:8f:8d:32:f5:b0:74:98:01:80:b5:77:
                    6a:5e:91:5d:aa:d0:df:d9:48:96:80:79:e2:cb:ce:
                    ae:ff:96:25:7e:c0:14:d5:05:ec:2e:cc:98:06:c7:
                    f0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:80:1F:79:04:6E:20:C0:0C:78:EE:B3:F2:42:DB:A5:9F:07:BE:8A
            X509v3 Authority Key Identifier:
                keyid:60:E7:73:DB:FB:75:95:7F:0C:C5:C8:63:FC:CE:76:CA:58:A3:93:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/O4AfeQRuIMAMeO6z8kLbpZ8Hvoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:35:6f:52:14:7d:cc:c3:e8:66:ea:60:fd:9a:f2:db:2f:55:
         c0:a0:59:bb:49:23:87:d4:32:cd:e5:d9:63:19:31:1f:a4:7e:
         a2:3d:d5:b7:e1:75:0f:82:03:2d:da:3f:8e:1c:07:12:1a:a8:
         fe:c0:33:f5:ed:32:4d:89:b9:4e:e3:70:4f:17:9e:a4:fa:6c:
         78:43:29:f5:cf:88:86:b9:89:48:c1:3e:e6:0b:03:48:38:54:
         a4:c4:3a:34:25:c6:7a:31:1b:f3:50:a4:c6:18:9d:c9:94:be:
         67:01:d3:75:65:dd:2f:e0:54:da:57:7f:6c:f9:78:98:95:0f:
         ab:89:05:6b:e3:c4:af:be:e9:b8:56:06:16:af:84:d4:95:8b:
         cd:cd:ac:d1:3c:93:56:31:db:b9:42:88:03:11:a1:7b:e2:78:
         ed:27:77:fa:e0:6c:a0:f4:b9:1e:4d:f0:47:b6:40:64:88:4c:
         bc:e0:af:76:57:a5:1f:17:46:45:61:34:96:9f:97:9f:cf:46:
         88:52:c0:02:1f:9e:de:cd:d5:b1:41:69:1d:36:ce:b0:7c:f3:
         dd:0e:d0:64:9c:1d:eb:ab:0c:4f:e5:93:e1:3f:a7:dd:71:a3:
         94:ee:f8:8e:ec:4b:60:0b:02:24:69:46:da:49:bc:91:0a:e8:
         ee:bc:27:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2wbLIbjjk1/VbqWczHhuOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZTc3M2RiZmI3NTk1N2YwY2M1Yzg2M2ZjY2U3NmNhNThh
MzkzMDgwHhcNMjYwNDIxMTQyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjgwMWY3OTA0NmUyMGMwMGM3OGVlYjNmMjQyZGJhNTlmMDdiZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FbkN6CW7CSUNPS7vV6YlrAeDDoZ
8lTqgVb66qGSJzU1kCHn61FHClCs6x5E8lzPwrYIN3+L+C4D31KPrOFij/QaaFdj
/VHlpafzbJGOS2EJAzgxtKhxmyusFrjj0Ki6jlzMX6Gg/iCYueOEibOg8vxme+6F
3SgK46WAQm8hWR5EhUw4OaRWp2kHnDglxQPfx8cICVZpj2YuDJpJU0o+mbW+Vf8t
8hlqBPvbhZzUm2xjhPqChjZMSMjVxaziTmTmlAIpLvtg4CPBES2zEUUrdlDpK7Gm
j40y9bB0mAGAtXdqXpFdqtDf2UiWgHniy86u/5YlfsAU1QXsLsyYBsfwjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuAH3kEbiDADHjus/JC26WfB76KMB8GA1UdIwQY
MBaAFGDnc9v7dZV/DMXIY/zOdspYo5MIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU9kejJfdDFsWDhNeGNoal9NNTJ5bGlqa3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jOTlkNmYtODJlZS00NzY4LTgwNWIt
NDc2ZDdlNjJjZWY2LzEvTzRBZmVRUnVJTUFNZU82ejhrTGJwWjhIdm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jOTlkNmYtODJlZS00NzY4LTgwNWItNDc2ZDdlNjJjZWY2
LzEvWU9kejJfdDFsWDhNeGNoal9NNTJ5bGlqa3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5iMA0G
CSqGSIb3DQEBCwUAA4IBAQAdNW9SFH3Mw+hm6mD9mvLbL1XAoFm7SSOH1DLN5dlj
GTEfpH6iPdW34XUPggMt2j+OHAcSGqj+wDP17TJNiblO43BPF56k+mx4Qyn1z4iG
uYlIwT7mCwNIOFSkxDo0JcZ6MRvzUKTGGJ3JlL5nAdN1Zd0v4FTaV39s+XiYlQ+r
iQVr48Svvum4VgYWr4TUlYvNzazRPJNWMdu5QogDEaF74njtJ3f64Gyg9LkeTfBH
tkBkiEy84K92V6UfF0ZFYTSWn5efz0aIUsACH57ezdWxQWkdNs6wfPPdDtBknB3r
qwxP5ZPhP6fdcaOU7viO7EtgCwIkaUbaSbyRCujuvCel
-----END CERTIFICATE-----