Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BXG0iUFhA4DR0sFE0ymtsuzS_sU.roa
File:                     BXG0iUFhA4DR0sFE0ymtsuzS_sU.roa (raw, json)
Hash identifier:          OGJMqikkTizUDm+eXN2wAAVWCk8EVOyf7HQVm6XvG6w=
Subject key identifier:   05:71:B4:89:41:61:03:80:D1:D2:C1:44:D3:29:AD:B2:EC:D2:FE:C5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D9B2C8F8C89BCB3A38516204F3D5C5199
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BXG0iUFhA4DR0sFE0ymtsuzS_sU.roa
Signing time:             Fri 17 Apr 2026 11:21:21 +0000
ROA not before:           Fri 17 Apr 2026 11:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        82.152.122.0/24 maxlen: 24
                          82.152.205.0/24 maxlen: 24
                          82.153.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:2c:8f:8c:89:bc:b3:a3:85:16:20:4f:3d:5c:51:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 17 11:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0571b48941610380d1d2c144d329adb2ecd2fec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:94:6a:6b:2f:66:9f:67:1a:4e:7f:5b:18:27:
                    b8:be:f0:ec:3a:ff:5c:01:25:89:09:34:17:f5:08:
                    04:2e:a4:c5:f5:db:cb:5d:15:8e:b0:4d:ea:63:47:
                    e4:55:60:85:9c:88:ea:ab:af:fc:c5:67:97:51:eb:
                    9c:8b:ad:7e:b8:6e:13:45:9c:f2:45:d9:78:14:2f:
                    0f:71:ac:08:a3:83:90:89:ad:e8:33:19:bc:cc:09:
                    34:03:2a:d1:93:a2:c7:d5:0f:f2:0f:4a:fd:10:ba:
                    1c:0b:ec:7d:43:52:05:9e:81:38:ff:2b:0f:41:21:
                    96:ae:67:af:71:7f:fb:c4:04:bf:ba:57:cf:fd:e0:
                    56:8c:6e:5f:41:56:59:0c:b9:e1:2d:ab:48:ef:df:
                    16:7d:90:d2:b8:9a:7c:b3:5a:42:1a:6b:bc:f8:5f:
                    d7:07:b1:6b:85:61:ff:46:7c:94:6a:79:af:30:07:
                    35:44:3a:bb:73:e4:ed:29:e8:f5:ca:5b:af:d7:97:
                    2b:47:99:d3:7e:44:15:2f:01:b3:51:54:d4:72:2b:
                    ed:58:20:b2:68:0a:2e:8b:10:e4:54:80:5c:c9:a5:
                    5b:05:6b:a3:8a:50:6f:ee:f8:4f:9c:ad:03:9f:c9:
                    e7:64:0d:21:0d:7b:73:20:8b:46:2e:af:df:a1:be:
                    5e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:71:B4:89:41:61:03:80:D1:D2:C1:44:D3:29:AD:B2:EC:D2:FE:C5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BXG0iUFhA4DR0sFE0ymtsuzS_sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24
                  82.152.205.0/24
                  82.153.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:07:dc:1d:b5:c4:6d:86:8e:ea:6a:b9:cc:38:47:08:f4:52:
         30:b1:b7:f3:5f:bc:15:9e:bc:27:6d:0d:e8:d0:c2:85:22:9e:
         5e:99:dc:29:0c:17:a1:54:e0:2b:32:f8:cd:bc:63:61:2d:21:
         be:70:4f:b1:7b:6b:da:cd:8f:bd:18:a0:0e:bb:97:f0:27:4f:
         39:67:b2:57:e1:da:a1:c7:d5:05:61:04:bf:98:34:e2:b8:94:
         76:28:57:7b:14:88:ca:5c:47:57:59:8f:08:80:88:60:ea:f3:
         fb:38:f5:64:51:dd:3c:be:be:9a:90:ad:c5:9a:f7:e7:b5:c8:
         e9:6d:e7:26:20:01:e6:8b:ff:e5:03:2a:b9:02:d3:e7:1d:47:
         7e:18:f0:66:95:8d:0d:7f:10:25:70:8e:6e:4b:73:81:25:90:
         0f:ee:4e:66:3f:df:fd:10:33:63:31:4a:d4:8c:2c:04:93:31:
         06:84:9a:68:62:93:33:99:4a:47:24:35:3f:a7:82:bf:09:8c:
         f0:91:f1:71:02:95:b4:f9:92:df:ca:4f:ef:53:60:f8:99:0b:
         b4:0c:6e:8c:12:42:53:70:1a:ef:82:22:f8:59:8b:ae:c1:a0:
         89:47:13:5b:fd:ee:b3:7e:75:e6:cd:88:c3:bc:02:f2:8f:97:
         78:9c:90:dd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2bLI+Mibyzo4UWIE89XFGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDE3MTEyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxYjQ4OTQxNjEwMzgwZDFkMmMxNDRkMzI5YWRiMmVjZDJmZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypRqay9mn2caTn9bGCe4vvDsOv9c
ASWJCTQX9QgELqTF9dvLXRWOsE3qY0fkVWCFnIjqq6/8xWeXUeuci61+uG4TRZzy
Rdl4FC8PcawIo4OQia3oMxm8zAk0AyrRk6LH1Q/yD0r9ELocC+x9Q1IFnoE4/ysP
QSGWrmevcX/7xAS/ulfP/eBWjG5fQVZZDLnhLatI798WfZDSuJp8s1pCGmu8+F/X
B7FrhWH/RnyUanmvMAc1RDq7c+TtKej1yluv15crR5nTfkQVLwGzUVTUcivtWCCy
aAouixDkVIBcyaVbBWujilBv7vhPnK0Dn8nnZA0hDXtzIItGLq/fob5e8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAVxtIlBYQOA0dLBRNMprbLs0v7FMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQlhHMGlVRmhBNERSMHNGRTB5bXRzdXpTX3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUph6AwQA
UpjNAwQAUpltMA0GCSqGSIb3DQEBCwUAA4IBAQAwB9wdtcRtho7qarnMOEcI9FIw
sbfzX7wVnrwnbQ3o0MKFIp5emdwpDBehVOArMvjNvGNhLSG+cE+xe2vazY+9GKAO
u5fwJ085Z7JX4dqhx9UFYQS/mDTiuJR2KFd7FIjKXEdXWY8IgIhg6vP7OPVkUd08
vr6akK3FmvfntcjpbecmIAHmi//lAyq5AtPnHUd+GPBmlY0NfxAlcI5uS3OBJZAP
7k5mP9/9EDNjMUrUjCwEkzEGhJpoYpMzmUpHJDU/p4K/CYzwkfFxApW0+ZLfyk/v
U2D4mQu0DG6MEkJTcBrvgiL4WYuuwaCJRxNb/e6zfnXmzYjDvALyj5d4nJDd
-----END CERTIFICATE-----