Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8udUmIbGFNTN058tBAg0kvDOjQg.roa
File:                     8udUmIbGFNTN058tBAg0kvDOjQg.roa (raw, json)
Hash identifier:          nLvTOe+g/JVtZRDz+bf5QrJyVkIqOYq6h+U8Lp3Zn+M=
Subject key identifier:   F2:E7:54:98:86:C6:14:D4:CD:D3:9F:2D:04:08:34:92:F0:CE:8D:08
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EBCDEB33D94D32683A3AAB7C9494E9157
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8udUmIbGFNTN058tBAg0kvDOjQg.roa
Signing time:             Fri 12 Jun 2026 17:26:11 +0000
ROA not before:           Fri 12 Jun 2026 17:26:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        89.149.148.0/24 maxlen: 24
                          194.77.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 13:34:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:de:b3:3d:94:d3:26:83:a3:aa:b7:c9:49:4e:91:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 12 17:26:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2e7549886c614d4cdd39f2d04083492f0ce8d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8f:4f:27:d0:76:11:d5:da:e2:e3:5e:93:bc:
                    9c:4a:46:00:77:af:77:d3:ec:7c:43:a5:e8:c1:56:
                    3d:d8:4d:cf:33:b2:18:66:47:fa:29:bc:f2:5c:88:
                    95:e5:b9:14:d7:7f:29:25:a0:38:b8:a7:d6:a0:b9:
                    de:e5:1b:c0:ac:1b:67:95:e9:1a:c5:70:d3:ae:46:
                    b7:9c:b9:e0:5f:4c:e5:c2:ef:c3:68:66:7b:79:f1:
                    1e:0f:44:87:b8:d7:44:84:f7:ec:17:43:85:73:ff:
                    bb:8e:22:42:c5:97:df:a3:4c:d7:07:6e:71:98:dd:
                    63:bb:27:ab:80:60:fb:34:cb:af:79:7c:21:c2:35:
                    bf:43:eb:2b:dc:7e:1d:d7:78:82:f8:9f:9a:fe:9a:
                    4e:9e:06:e0:28:c1:0c:b8:50:9a:82:46:df:63:bd:
                    e9:e0:08:33:bb:87:db:6c:da:ce:d1:84:91:f9:f7:
                    90:1c:c0:d4:6f:3c:a9:3e:82:fc:e1:ad:ca:df:01:
                    4d:c9:5d:48:21:d4:22:76:05:8e:f0:8c:30:c1:46:
                    3c:11:28:12:3e:e7:aa:92:7e:a7:89:58:ad:60:6c:
                    79:df:28:f8:4e:fa:fc:f5:b5:c5:92:3f:a4:07:83:
                    91:d5:f4:17:92:0b:66:c4:8f:f2:40:3c:73:e1:1e:
                    e2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E7:54:98:86:C6:14:D4:CD:D3:9F:2D:04:08:34:92:F0:CE:8D:08
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8udUmIbGFNTN058tBAg0kvDOjQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.149.148.0/24
                  194.77.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:80:bb:d9:15:56:e8:2b:68:d0:26:cc:05:c6:d8:d4:47:30:
         76:59:36:9e:0a:31:96:28:5a:7f:e3:5e:09:7a:5c:58:2b:98:
         ac:2e:b4:d5:a2:db:17:1b:d2:15:13:86:0c:d9:df:33:b7:da:
         33:24:95:1a:23:a1:4d:d2:40:87:10:73:50:90:5b:42:5f:03:
         ca:73:50:29:a1:c4:7e:f6:cb:24:ca:b1:2a:b3:6f:55:ed:e1:
         1d:b1:21:b6:4c:9c:44:a7:49:ce:1e:27:3a:64:d2:b6:a1:d6:
         fe:28:55:ea:30:b9:07:db:23:5d:a0:c8:0d:3e:7a:60:ee:7c:
         06:c5:a7:3c:45:69:a0:ae:50:83:59:ef:03:5b:df:bd:e0:ff:
         4d:1b:ce:9b:76:87:a1:50:d0:88:4b:f3:6f:b7:a0:38:5e:90:
         24:06:40:6c:fa:6e:e7:27:ee:6d:59:af:3f:0d:a1:c1:9e:2b:
         92:96:19:0a:fb:e0:ba:f9:85:60:90:7d:c8:3e:e4:d8:27:b7:
         61:2c:87:95:23:02:29:d7:8d:2b:09:f4:0e:50:b4:6a:33:08:
         5b:da:59:2c:a5:b3:24:05:dc:96:22:d2:97:40:03:15:5a:f0:
         69:3c:d0:2c:9c:e7:97:98:d6:38:7d:5c:54:ba:fb:02:bc:08:
         35:f4:81:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ683rM9lNMmg6Oqt8lJTpFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjEyMTcyNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmU3NTQ5ODg2YzYxNGQ0Y2RkMzlmMmQwNDA4MzQ5MmYwY2U4ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko9PJ9B2EdXa4uNek7ycSkYAd693
0+x8Q6XowVY92E3PM7IYZkf6KbzyXIiV5bkU138pJaA4uKfWoLne5RvArBtnleka
xXDTrka3nLngX0zlwu/DaGZ7efEeD0SHuNdEhPfsF0OFc/+7jiJCxZffo0zXB25x
mN1juyergGD7NMuveXwhwjW/Q+sr3H4d13iC+J+a/ppOngbgKMEMuFCagkbfY73p
4Agzu4fbbNrO0YSR+feQHMDUbzypPoL84a3K3wFNyV1IIdQidgWO8IwwwUY8ESgS
Pueqkn6niVitYGx53yj4Tvr89bXFkj+kB4OR1fQXkgtmxI/yQDxz4R7ijwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPLnVJiGxhTUzdOfLQQINJLwzo0IMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvOHVkVW1JYkdGTlROMDU4dEJBZzBrdkRPalFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWZWUAwQA
wk3rMA0GCSqGSIb3DQEBCwUAA4IBAQDCgLvZFVboK2jQJswFxtjURzB2WTaeCjGW
KFp/414JelxYK5isLrTVotsXG9IVE4YM2d8zt9ozJJUaI6FN0kCHEHNQkFtCXwPK
c1ApocR+9sskyrEqs29V7eEdsSG2TJxEp0nOHic6ZNK2odb+KFXqMLkH2yNdoMgN
Pnpg7nwGxac8RWmgrlCDWe8DW9+94P9NG86bdoehUNCIS/Nvt6A4XpAkBkBs+m7n
J+5tWa8/DaHBniuSlhkK++C6+YVgkH3IPuTYJ7dhLIeVIwIp140rCfQOULRqMwhb
2lkspbMkBdyWItKXQAMVWvBpPNAsnOeXmNY4fVxUuvsCvAg19IF3
-----END CERTIFICATE-----