Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/XMgAgm3gSAeCF3IOkeJ-oVsVVUg.roa
File:                     XMgAgm3gSAeCF3IOkeJ-oVsVVUg.roa (raw, json)
Hash identifier:          Rw3eTNo2WIrhUY+3AUmZ7F95kXpaBKgqcEkNNLJMkJU=
Subject key identifier:   5C:C8:00:82:6D:E0:48:07:82:17:72:0E:91:E2:7E:A1:5B:15:55:48
Certificate issuer:       /CN=d3ac50e045822823176e47832dec8f211b74f013
Certificate serial:       019E88C1DD6E083D65B4F1E94ABEC532C575
Authority key identifier: D3:AC:50:E0:45:82:28:23:17:6E:47:83:2D:EC:8F:21:1B:74:F0:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06xQ4EWCKCMXbkeDLeyPIRt08BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/XMgAgm3gSAeCF3IOkeJ-oVsVVUg.roa
Signing time:             Tue 02 Jun 2026 14:34:26 +0000
ROA not before:           Tue 02 Jun 2026 14:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213931
IP address blocks:        85.137.30.0/24 maxlen: 24
                          86.106.26.0/24 maxlen: 24
                          91.208.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/06xQ4EWCKCMXbkeDLeyPIRt08BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/06xQ4EWCKCMXbkeDLeyPIRt08BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06xQ4EWCKCMXbkeDLeyPIRt08BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:c1:dd:6e:08:3d:65:b4:f1:e9:4a:be:c5:32:c5:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3ac50e045822823176e47832dec8f211b74f013
        Validity
            Not Before: Jun  2 14:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cc800826de048078217720e91e27ea15b155548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4e:80:31:49:e1:23:77:c1:95:23:de:17:17:
                    21:56:4d:f3:3e:c7:1b:10:84:2d:cc:7e:8a:62:cd:
                    1c:46:82:31:ed:c8:7e:56:c1:7e:29:b5:de:2d:2e:
                    f1:ae:1d:2c:76:0d:a5:bb:da:bc:2a:93:3e:18:b7:
                    37:f9:83:45:ad:de:d9:64:11:1b:6e:ac:f7:47:f7:
                    ef:62:76:cd:c6:db:a1:f9:11:b2:23:5d:d0:f8:3f:
                    61:73:9b:3a:cc:9e:f9:62:55:a0:37:15:17:84:2a:
                    6b:82:cd:bb:14:ff:2e:0c:b0:81:34:7a:d4:b6:ef:
                    54:c5:7a:00:a6:2e:97:12:aa:92:b2:3f:f2:0d:b7:
                    ac:5d:22:7b:0e:05:ec:7a:33:6c:42:7d:5c:4c:78:
                    2d:b5:eb:80:35:67:c0:d6:f1:1f:15:46:44:0b:41:
                    b3:df:fd:b6:bd:d8:00:13:74:c6:52:ea:d8:fa:1c:
                    cb:e1:bc:9b:b4:ef:65:5d:06:d0:b2:8c:ef:35:91:
                    71:26:a0:8f:91:a6:5c:40:f8:b0:fb:a7:75:09:fd:
                    32:51:f2:72:d2:4e:5a:1f:8b:24:81:b2:cf:9f:52:
                    1b:27:75:a5:cf:bb:99:62:0c:27:7e:76:a2:c6:46:
                    d0:61:27:b7:c7:52:dd:c2:e8:09:c2:dd:3d:ea:b9:
                    fb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C8:00:82:6D:E0:48:07:82:17:72:0E:91:E2:7E:A1:5B:15:55:48
            X509v3 Authority Key Identifier:
                keyid:D3:AC:50:E0:45:82:28:23:17:6E:47:83:2D:EC:8F:21:1B:74:F0:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06xQ4EWCKCMXbkeDLeyPIRt08BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/XMgAgm3gSAeCF3IOkeJ-oVsVVUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f96c9c-772d-4b05-a89e-548d302ccedb/1/06xQ4EWCKCMXbkeDLeyPIRt08BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.30.0/24
                  86.106.26.0/24
                  91.208.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:34:a0:59:50:3f:c3:c5:44:bd:92:82:2e:43:df:12:ca:2b:
         5f:50:d6:72:88:82:9a:59:3f:95:0d:21:32:aa:ef:38:56:95:
         c2:6b:fc:5d:93:f4:48:a8:63:ca:51:66:5b:3d:f1:83:48:22:
         3c:88:13:df:d4:f7:d7:6a:a8:75:7c:af:d4:5f:5c:f8:d4:76:
         5a:e7:32:8b:29:a4:21:59:26:f6:97:db:ec:1e:d3:ef:83:f5:
         ec:c3:b6:9a:6d:1b:9a:c3:4d:f6:df:30:7e:49:eb:1d:c2:80:
         5b:51:79:16:32:ad:5a:91:da:b1:46:91:12:eb:e7:2d:8e:c0:
         98:fb:9a:cf:5e:70:d9:d0:b2:99:9d:1b:ce:82:4c:68:e8:50:
         63:32:60:6d:76:64:bf:e9:b2:1c:2a:6b:51:c6:e6:a1:d9:02:
         54:c6:1d:a4:0f:91:57:46:f9:2c:ea:5e:7c:24:3e:61:3f:20:
         99:c7:fc:7b:f0:26:2a:88:b1:30:6b:02:de:ea:23:f6:9b:4a:
         63:67:8a:1a:19:6b:ea:c9:81:81:17:e1:74:1d:4e:fd:f3:e7:
         51:90:e1:c1:68:82:d4:44:29:0d:cd:b7:00:e4:be:96:20:3b:
         8c:3a:08:88:27:09:01:e3:48:fb:b7:7a:12:2f:87:fa:88:e8:
         48:17:69:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6Iwd1uCD1ltPHpSr7FMsV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWM1MGUwNDU4MjI4MjMxNzZlNDc4MzJkZWM4ZjIxMWI3
NGYwMTMwHhcNMjYwNjAyMTQzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2M4MDA4MjZkZTA0ODA3ODIxNzcyMGU5MWUyN2VhMTViMTU1NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7U6AMUnhI3fBlSPeFxchVk3zPscb
EIQtzH6KYs0cRoIx7ch+VsF+KbXeLS7xrh0sdg2lu9q8KpM+GLc3+YNFrd7ZZBEb
bqz3R/fvYnbNxtuh+RGyI13Q+D9hc5s6zJ75YlWgNxUXhCprgs27FP8uDLCBNHrU
tu9UxXoApi6XEqqSsj/yDbesXSJ7DgXsejNsQn1cTHgtteuANWfA1vEfFUZEC0Gz
3/22vdgAE3TGUurY+hzL4bybtO9lXQbQsozvNZFxJqCPkaZcQPiw+6d1Cf0yUfJy
0k5aH4skgbLPn1IbJ3Wlz7uZYgwnfnaixkbQYSe3x1LdwugJwt096rn7JQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFzIAIJt4EgHghdyDpHifqFbFVVIMB8GA1UdIwQY
MBaAFNOsUOBFgigjF25Hgy3sjyEbdPATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ4UTRFV0NLQ01YYmtlRExleVBJUnQwOEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mOTZjOWMtNzcyZC00YjA1LWE4OWUt
NTQ4ZDMwMmNjZWRiLzEvWE1nQWdtM2dTQWVDRjNJT2tlSi1vVnNWVlVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mOTZjOWMtNzcyZC00YjA1LWE4OWUtNTQ4ZDMwMmNjZWRi
LzEvMDZ4UTRFV0NLQ01YYmtlRExleVBJUnQwOEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYkeAwQA
VmoaAwQAW9B6MA0GCSqGSIb3DQEBCwUAA4IBAQA8NKBZUD/DxUS9koIuQ98Syitf
UNZyiIKaWT+VDSEyqu84VpXCa/xdk/RIqGPKUWZbPfGDSCI8iBPf1PfXaqh1fK/U
X1z41HZa5zKLKaQhWSb2l9vsHtPvg/Xsw7aabRuaw0323zB+SesdwoBbUXkWMq1a
kdqxRpES6+ctjsCY+5rPXnDZ0LKZnRvOgkxo6FBjMmBtdmS/6bIcKmtRxuah2QJU
xh2kD5FXRvks6l58JD5hPyCZx/x78CYqiLEwawLe6iP2m0pjZ4oaGWvqyYGBF+F0
HU798+dRkOHBaILURCkNzbcA5L6WIDuMOgiIJwkB40j7t3oSL4f6iOhIF2mQ
-----END CERTIFICATE-----