Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A4lCqIOUYsTQwfUPry0XQ_AfKwI.roa
File:                     A4lCqIOUYsTQwfUPry0XQ_AfKwI.roa (raw, json)
Hash identifier:          LM6QZrfX9sRNQsAtYIUL8UA96SMjyD3W2Dh5cStt4Ow=
Subject key identifier:   03:89:42:A8:83:94:62:C4:D0:C1:F5:0F:AF:2D:17:43:F0:1F:2B:02
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EAC69772097E41F9E58898B02EF01C6D0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A4lCqIOUYsTQwfUPry0XQ_AfKwI.roa
Signing time:             Tue 09 Jun 2026 12:44:13 +0000
ROA not before:           Tue 09 Jun 2026 12:44:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198810
IP address blocks:        81.5.141.0/24 maxlen: 24
                          82.152.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:69:77:20:97:e4:1f:9e:58:89:8b:02:ef:01:c6:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  9 12:44:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=038942a8839462c4d0c1f50faf2d1743f01f2b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a9:06:cc:8a:e9:ec:ec:a7:da:91:f4:d2:0f:
                    71:b1:85:f1:1d:64:7a:a7:c8:ea:2a:83:59:72:cb:
                    fa:b4:5a:7e:80:da:74:69:7c:40:4d:03:fb:53:d3:
                    91:54:e5:88:2a:a7:f4:a3:52:e8:2d:e9:63:bd:64:
                    65:ed:b5:e9:d4:cd:3c:d1:6f:3a:ba:6c:8d:dd:27:
                    b8:42:bf:54:28:7a:de:e2:2d:26:eb:96:6a:61:f0:
                    cc:8c:66:5f:fa:31:b3:90:a1:28:60:13:b7:fa:21:
                    6f:dc:cf:00:6c:fb:61:28:a6:24:94:4a:b3:a2:6d:
                    7a:60:32:f9:5a:85:5f:4a:a9:8c:99:31:26:92:16:
                    e0:0f:69:d1:0c:44:fc:40:80:d3:7e:32:04:44:b3:
                    44:8f:71:05:8c:cf:0d:ed:7c:8e:76:19:2b:88:40:
                    89:de:37:c3:a1:c5:78:23:cc:12:cf:b3:44:e3:75:
                    54:7d:e9:28:59:94:6d:97:33:85:cc:ca:15:8c:66:
                    a0:09:ce:32:34:aa:af:af:1a:5e:e4:b9:5f:8d:50:
                    a3:e6:99:11:b9:e0:8a:78:3e:8f:d9:17:ec:76:e9:
                    a6:27:ab:e7:ab:44:cf:78:6a:eb:2d:3b:c4:51:19:
                    73:79:2e:50:47:76:86:13:e6:cb:63:0b:fa:ec:06:
                    f3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:89:42:A8:83:94:62:C4:D0:C1:F5:0F:AF:2D:17:43:F0:1F:2B:02
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A4lCqIOUYsTQwfUPry0XQ_AfKwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.141.0/24
                  82.152.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a0:2e:21:47:7c:54:08:b1:12:59:45:51:85:b4:98:a2:08:
         79:d6:d6:72:75:10:cd:11:55:54:4f:61:5b:c9:39:c0:54:dc:
         28:e2:5f:d2:6a:e8:dc:b9:44:c8:22:d8:28:f9:a7:a7:db:4b:
         34:f5:08:34:11:87:31:38:b6:d8:77:20:db:ab:7d:b9:51:fe:
         02:b1:25:60:36:55:01:0c:f3:9d:51:97:ad:8f:5e:b7:f0:af:
         ac:a3:3b:b3:0d:1e:ff:92:6e:e9:af:04:18:17:01:98:8e:8f:
         0d:3f:34:d8:79:36:b9:de:3a:fc:57:91:3c:32:78:64:03:25:
         fc:40:63:5a:8e:e4:13:e3:05:c4:b3:f4:dd:21:c0:f9:a8:4e:
         ec:43:ce:43:fb:c6:39:da:cc:88:8d:57:1c:ac:55:ec:02:c0:
         99:94:54:c4:17:7c:7b:84:90:c0:9f:ea:c2:c4:71:be:76:a4:
         f8:36:70:52:f1:87:4d:78:b6:aa:19:77:79:d6:d8:73:6b:10:
         85:db:4c:ee:94:ea:ec:2c:74:a1:fc:8d:e6:2e:57:8c:93:64:
         fd:81:83:30:ff:e1:69:b7:a1:2a:40:a6:f8:82:57:c1:e6:8b:
         16:96:2b:b3:0a:94:58:f9:bf:99:a0:2d:20:28:28:59:1a:b7:
         58:1d:b9:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6saXcgl+QfnliJiwLvAcbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA5MTI0NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg5NDJhODgzOTQ2MmM0ZDBjMWY1MGZhZjJkMTc0M2YwMWYyYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6kGzIrp7Oyn2pH00g9xsYXxHWR6
p8jqKoNZcsv6tFp+gNp0aXxATQP7U9ORVOWIKqf0o1LoLeljvWRl7bXp1M080W86
umyN3Se4Qr9UKHre4i0m65ZqYfDMjGZf+jGzkKEoYBO3+iFv3M8AbPthKKYklEqz
om16YDL5WoVfSqmMmTEmkhbgD2nRDET8QIDTfjIERLNEj3EFjM8N7XyOdhkriECJ
3jfDocV4I8wSz7NE43VUfekoWZRtlzOFzMoVjGagCc4yNKqvrxpe5LlfjVCj5pkR
ueCKeD6P2RfsdummJ6vnq0TPeGrrLTvEURlzeS5QR3aGE+bLYwv67AbzPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAOJQqiDlGLE0MH1D68tF0PwHysCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQTRsQ3FJT1VZc1RRd2ZVUHJ5MFhRX0FmS3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQWNAwQA
UpjeMA0GCSqGSIb3DQEBCwUAA4IBAQBooC4hR3xUCLESWUVRhbSYogh51tZydRDN
EVVUT2FbyTnAVNwo4l/SaujcuUTIItgo+aen20s09Qg0EYcxOLbYdyDbq325Uf4C
sSVgNlUBDPOdUZetj1638K+sozuzDR7/km7prwQYFwGYjo8NPzTYeTa53jr8V5E8
MnhkAyX8QGNajuQT4wXEs/TdIcD5qE7sQ85D+8Y52syIjVccrFXsAsCZlFTEF3x7
hJDAn+rCxHG+dqT4NnBS8YdNeLaqGXd51thzaxCF20zulOrsLHSh/I3mLleMk2T9
gYMw/+Fpt6EqQKb4glfB5osWliuzCpRY+b+ZoC0gKChZGrdYHbn5
-----END CERTIFICATE-----