Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-qt3dPscorHujNr0WovZ82xcns8.roa
File:                     1-qt3dPscorHujNr0WovZ82xcns8.roa (raw, json)
Hash identifier:          Hd2puE42dE09LtSZQ3EfbAR6QfAZC/ppJ1XKksWRvrs=
Subject key identifier:   FA:AB:77:74:FB:1C:A2:B1:EE:8C:DA:F4:5A:8B:D9:F3:6C:5C:9E:CF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EA61A72D3273529C62CA261AA2CC2EC94
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-qt3dPscorHujNr0WovZ82xcns8.roa
Signing time:             Mon 08 Jun 2026 07:20:11 +0000
ROA not before:           Mon 08 Jun 2026 07:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33355
IP address blocks:        81.168.105.0/24 maxlen: 24
                          82.152.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:1a:72:d3:27:35:29:c6:2c:a2:61:aa:2c:c2:ec:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  8 07:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=faab7774fb1ca2b1ee8cdaf45a8bd9f36c5c9ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:e8:a2:1c:95:6f:bf:88:79:6b:d8:8e:b6:
                    97:5f:4a:32:2d:ca:9c:7f:f6:c0:2b:50:ab:b1:ce:
                    e0:3a:91:6c:af:a5:cb:45:55:73:7a:e1:46:05:0e:
                    57:94:a9:9d:44:8d:d8:cf:bd:22:23:02:e3:8c:2a:
                    3a:80:db:72:7e:a7:d1:2b:af:e8:c4:02:64:3f:99:
                    94:fb:a2:eb:da:a1:3a:ac:2c:a9:f1:9e:40:3b:5b:
                    20:4c:c0:67:a1:67:a8:4a:64:da:5e:a7:0c:ca:1d:
                    93:94:dc:a8:65:a0:7e:6b:fc:22:6d:ef:48:a1:64:
                    9a:a7:93:96:e6:79:de:71:f1:d7:a6:10:72:5a:57:
                    7b:64:5e:15:61:be:1d:8f:26:ca:25:be:93:50:e3:
                    67:31:b8:d8:8c:1d:c9:08:b0:e7:98:79:5b:6d:ac:
                    fc:e3:e7:f7:7e:0c:d9:66:c2:99:05:ec:92:11:84:
                    39:8d:fa:0b:55:c9:68:88:8a:51:89:84:3e:b5:a4:
                    71:a3:68:ae:d8:7e:60:15:95:a1:ae:90:f2:ac:a2:
                    15:b0:67:66:fc:a8:8d:5b:38:aa:e3:84:91:5b:40:
                    eb:6b:40:e0:83:2a:00:e4:f4:e0:b8:09:e7:8b:6c:
                    74:7a:fb:1b:94:7e:c1:31:a1:7e:38:33:d9:e5:94:
                    24:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AB:77:74:FB:1C:A2:B1:EE:8C:DA:F4:5A:8B:D9:F3:6C:5C:9E:CF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-qt3dPscorHujNr0WovZ82xcns8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.105.0/24
                  82.152.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:a4:5d:02:9b:4b:61:44:0c:e6:18:13:42:cc:da:60:4d:83:
         a9:2f:29:cd:0b:e0:50:70:be:73:7d:67:25:e9:a8:a8:40:68:
         8d:1d:94:d9:e6:3e:d8:b6:31:cb:32:fb:32:78:af:45:c3:19:
         4e:dd:f2:47:e1:eb:48:3c:18:0f:09:3f:75:60:6d:a7:e1:cb:
         cf:4c:9e:5a:8d:36:19:f7:e6:71:8a:22:7a:e3:ce:e7:c7:5c:
         50:17:b4:85:aa:8f:d2:6a:8c:c3:76:92:94:3c:a4:86:a2:96:
         05:e0:a8:64:28:06:45:59:8a:03:eb:1b:d6:9b:9d:83:e6:b4:
         98:54:8b:22:5a:f0:41:82:5c:a2:d9:59:63:b6:51:cf:c2:a8:
         8c:49:2c:23:20:15:f3:9c:0e:bf:c1:07:aa:02:4e:2d:2a:a9:
         17:09:1b:8c:c1:6a:6e:87:1c:fe:a8:72:05:58:24:b6:08:80:
         06:20:6d:77:cc:30:94:b9:69:ed:92:ab:c1:07:24:d4:96:50:
         ea:cc:90:77:a7:29:d0:aa:7f:70:8a:40:a3:fe:3a:7e:b5:20:
         53:58:1d:24:4a:9e:a4:41:aa:36:f5:0f:37:c8:6a:8d:73:2a:
         15:12:47:4f:3d:ba:16:51:4d:3d:0f:4b:90:2b:78:99:76:33:
         80:70:9e:c2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ6mGnLTJzUpxiyiYaoswuyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA4MDcyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFiNzc3NGZiMWNhMmIxZWU4Y2RhZjQ1YThiZDlmMzZjNWM5ZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJLoohyVb7+IeWvYjraXX0oyLcqc
f/bAK1Crsc7gOpFsr6XLRVVzeuFGBQ5XlKmdRI3Yz70iIwLjjCo6gNtyfqfRK6/o
xAJkP5mU+6Lr2qE6rCyp8Z5AO1sgTMBnoWeoSmTaXqcMyh2TlNyoZaB+a/wibe9I
oWSap5OW5nnecfHXphByWld7ZF4VYb4djybKJb6TUONnMbjYjB3JCLDnmHlbbaz8
4+f3fgzZZsKZBeySEYQ5jfoLVcloiIpRiYQ+taRxo2iu2H5gFZWhrpDyrKIVsGdm
/KiNWziq44SRW0Dra0DggyoA5PTguAnni2x0evsblH7BMaF+ODPZ5ZQkhQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPqrd3T7HKKx7oza9FqL2fNsXJ7PMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1xdDNkUHNjb3JIdWpOcjBXb3ZaODJ4Y25zOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFGoaQME
AFKY1zANBgkqhkiG9w0BAQsFAAOCAQEAGaRdAptLYUQM5hgTQszaYE2DqS8pzQvg
UHC+c31nJemoqEBojR2U2eY+2LYxyzL7MnivRcMZTt3yR+HrSDwYDwk/dWBtp+HL
z0yeWo02GffmcYoieuPO58dcUBe0haqP0mqMw3aSlDykhqKWBeCoZCgGRVmKA+sb
1pudg+a0mFSLIlrwQYJcotlZY7ZRz8KojEksIyAV85wOv8EHqgJOLSqpFwkbjMFq
bocc/qhyBVgktgiABiBtd8wwlLlp7ZKrwQck1JZQ6syQd6cp0Kp/cIpAo/46frUg
U1gdJEqepEGqNvUPN8hqjXMqFRJHTz26FlFNPQ9LkCt4mXYzgHCewg==
-----END CERTIFICATE-----