Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/AT3AwmCGx61Hj5hqdELyQ8fLrSA.roa
File:                     AT3AwmCGx61Hj5hqdELyQ8fLrSA.roa (raw, json)
Hash identifier:          XVaOA+4kP/jBW0Nd2clUNIpHrMJJdCt1C6268n4aPw0=
Subject key identifier:   01:3D:C0:C2:60:86:C7:AD:47:8F:98:6A:74:42:F2:43:C7:CB:AD:20
Certificate issuer:       /CN=44f610f872cf31b7c3224cd2c1669c9968350b7a
Certificate serial:       019B989DD42DE20D562A66045FCDAAC910CF
Authority key identifier: 44:F6:10:F8:72:CF:31:B7:C3:22:4C:D2:C1:66:9C:99:68:35:0B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/AT3AwmCGx61Hj5hqdELyQ8fLrSA.roa
Signing time:             Wed 07 Jan 2026 13:20:38 +0000
ROA not before:           Wed 07 Jan 2026 13:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12508
IP address blocks:        212.89.224.0/19 maxlen: 19
                          2a09:6c0::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:98:9d:d4:2d:e2:0d:56:2a:66:04:5f:cd:aa:c9:10:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f610f872cf31b7c3224cd2c1669c9968350b7a
        Validity
            Not Before: Jan  7 13:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=013dc0c26086c7ad478f986a7442f243c7cbad20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b7:30:5b:15:0f:8a:ca:bf:1c:83:b5:3a:b1:
                    73:f9:a8:c5:e8:fa:5c:9f:73:b3:ac:b5:d5:b4:54:
                    e8:9e:79:53:fe:f3:8d:8b:de:b4:c1:df:20:e2:bf:
                    45:51:f7:c0:46:44:e6:55:42:80:29:ae:83:16:cd:
                    ad:bf:30:88:77:1b:4d:39:0c:14:c2:61:14:d7:18:
                    9b:a3:99:32:56:19:97:a4:93:f0:fd:bc:10:0d:7b:
                    38:29:8c:7f:d8:0a:4e:db:3f:c5:aa:fb:29:15:8e:
                    32:38:2c:d0:57:2b:f1:79:d4:7b:6a:2c:23:90:0b:
                    df:09:88:cb:1b:e9:e1:72:3f:1d:53:ff:e0:65:ff:
                    15:01:e6:1b:cf:3e:6a:40:1d:53:0d:24:5b:06:91:
                    7d:f6:b7:d5:81:dd:aa:06:1d:ec:9d:9e:0a:2c:d6:
                    f8:2a:b6:bc:e5:12:51:0d:ed:dc:a9:b2:69:7c:38:
                    63:05:9a:ed:d3:c9:13:5d:de:aa:e9:5e:6a:00:1c:
                    b4:16:79:5f:7a:b1:36:8e:12:d6:ac:17:e3:ce:48:
                    54:d7:4e:c9:52:12:3e:e0:f6:dd:e7:42:a5:da:69:
                    e9:f4:e8:fa:f2:1d:78:55:9c:d0:8b:ec:c8:83:c8:
                    44:b6:7c:5f:db:ca:5a:ce:2d:1f:f2:86:ba:87:fa:
                    41:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3D:C0:C2:60:86:C7:AD:47:8F:98:6A:74:42:F2:43:C7:CB:AD:20
            X509v3 Authority Key Identifier:
                keyid:44:F6:10:F8:72:CF:31:B7:C3:22:4C:D2:C1:66:9C:99:68:35:0B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/AT3AwmCGx61Hj5hqdELyQ8fLrSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.89.224.0/19
                IPv6:
                  2a09:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:99:a3:48:29:ba:56:62:03:c3:a2:a3:28:b4:de:58:df:32:
         3d:0b:c7:94:ac:b5:77:bb:77:c9:5d:07:c5:c9:aa:2c:fe:70:
         f8:31:13:d3:1e:b8:35:56:1a:21:a2:72:18:23:93:80:82:4f:
         b3:a1:04:40:c9:22:41:49:be:1b:10:3e:39:24:3f:50:57:21:
         9f:7e:1a:f2:0f:f5:b6:e1:d7:b7:da:ec:48:f0:60:28:a4:85:
         1d:bc:40:e6:71:58:9d:9c:dd:66:d8:93:4b:c1:a3:c6:65:5f:
         dd:ee:a9:fc:e6:3e:fa:d7:23:60:10:a9:04:97:b2:f0:dc:71:
         14:f7:57:3c:b6:68:f5:1b:ed:5e:a7:d1:b2:75:b0:5f:0a:96:
         21:f1:6d:db:b9:28:2b:32:bf:b8:47:ff:8d:ec:21:54:6d:7d:
         db:3e:64:31:3b:f6:81:ec:0b:2c:bf:ec:20:12:ca:1d:b7:8c:
         39:62:ee:99:6f:20:7b:bb:53:58:c9:42:08:0c:a1:61:40:6f:
         c1:0f:81:fe:a7:6d:19:04:8c:43:c0:bd:62:48:02:8b:9c:ae:
         9f:96:a5:17:1a:8a:31:b3:03:26:ed:fb:2a:02:3c:a2:de:53:
         94:a4:e7:0a:76:52:c5:d6:2c:58:c2:ce:cc:ea:15:f2:9f:23:
         fe:5d:41:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZuYndQt4g1WKmYEX82qyRDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZjYxMGY4NzJjZjMxYjdjMzIyNGNkMmMxNjY5Yzk5Njgz
NTBiN2EwHhcNMjYwMTA3MTMyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTNkYzBjMjYwODZjN2FkNDc4Zjk4NmE3NDQyZjI0M2M3Y2JhZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7cwWxUPisq/HIO1OrFz+ajF6Ppc
n3OzrLXVtFTonnlT/vONi960wd8g4r9FUffARkTmVUKAKa6DFs2tvzCIdxtNOQwU
wmEU1xibo5kyVhmXpJPw/bwQDXs4KYx/2ApO2z/FqvspFY4yOCzQVyvxedR7aiwj
kAvfCYjLG+nhcj8dU//gZf8VAeYbzz5qQB1TDSRbBpF99rfVgd2qBh3snZ4KLNb4
Kra85RJRDe3cqbJpfDhjBZrt08kTXd6q6V5qABy0FnlferE2jhLWrBfjzkhU107J
UhI+4Pbd50Kl2mnp9Oj68h14VZzQi+zIg8hEtnxf28pazi0f8oa6h/pB5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAE9wMJghsetR4+YanRC8kPHy60gMB8GA1UdIwQY
MBaAFET2EPhyzzG3wyJM0sFmnJloNQt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBZUS1ITFBNYmZESWt6U3dXYWNtV2cxQzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MjUzZjAtZDgyNS00ZGFiLTgwMWYt
OWI1MDllNTkzMWY5LzEvQVQzQXdtQ0d4NjFIajVocWRFTHlROGZMclNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MjUzZjAtZDgyNS00ZGFiLTgwMWYtOWI1MDllNTkzMWY5
LzEvUlBZUS1ITFBNYmZESWt6U3dXYWNtV2cxQzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1FngMA0E
AgACMAcDBQMqCQbAMA0GCSqGSIb3DQEBCwUAA4IBAQB+maNIKbpWYgPDoqMotN5Y
3zI9C8eUrLV3u3fJXQfFyaos/nD4MRPTHrg1VhohonIYI5OAgk+zoQRAySJBSb4b
ED45JD9QVyGffhryD/W24de32uxI8GAopIUdvEDmcVidnN1m2JNLwaPGZV/d7qn8
5j761yNgEKkEl7Lw3HEU91c8tmj1G+1ep9GydbBfCpYh8W3buSgrMr+4R/+N7CFU
bX3bPmQxO/aB7Assv+wgEsodt4w5Yu6ZbyB7u1NYyUIIDKFhQG/BD4H+p20ZBIxD
wL1iSAKLnK6flqUXGooxswMm7fsqAjyi3lOUpOcKdlLF1ixYws7M6hXynyP+XUGV
-----END CERTIFICATE-----