Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R66YAkwEdwrDc07uzYnptLXAEj4.roa
File:                     R66YAkwEdwrDc07uzYnptLXAEj4.roa (raw, json)
Hash identifier:          2e+zZLS5XFtGfPAlh1RGNx5uYmHRV8aLvVpazh9tyiM=
Subject key identifier:   47:AE:98:02:4C:04:77:0A:C3:73:4E:EE:CD:89:E9:B4:B5:C0:12:3E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E925CBA4A364BA0670EE198D30D1EDF77
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R66YAkwEdwrDc07uzYnptLXAEj4.roa
Signing time:             Thu 04 Jun 2026 11:20:10 +0000
ROA not before:           Thu 04 Jun 2026 11:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        213.130.151.0/24 maxlen: 24
                          213.210.42.0/24 maxlen: 24
                          213.218.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:5c:ba:4a:36:4b:a0:67:0e:e1:98:d3:0d:1e:df:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  4 11:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47ae98024c04770ac3734eeecd89e9b4b5c0123e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0e:67:3e:d2:70:b9:fc:88:46:37:6a:83:63:
                    86:8c:a0:48:22:a9:d5:e5:55:74:8a:c6:db:21:8c:
                    4f:76:cf:0f:fa:35:be:90:f4:c7:3c:7c:6f:e2:c2:
                    36:86:6b:a6:e5:eb:6d:9c:b0:9b:88:cb:75:3d:48:
                    e9:50:4b:8b:2b:6b:4b:40:15:7a:84:94:c9:f5:b2:
                    f1:cf:8f:f7:19:3a:08:e8:c8:57:4d:64:e6:bb:c6:
                    4d:e2:75:da:17:6a:e3:61:5f:16:de:19:af:24:97:
                    1b:80:49:94:00:68:56:71:4c:ab:e1:cb:97:d9:72:
                    c3:85:23:73:75:90:67:2b:b9:2d:46:7c:25:19:6b:
                    fa:01:87:e8:ff:31:64:df:11:e7:6f:4d:11:69:69:
                    69:2b:3b:e2:37:d8:52:f9:d3:98:7c:d9:f4:45:19:
                    52:71:57:68:e9:60:7b:1b:84:12:a6:53:a2:96:ba:
                    07:f9:19:24:5e:9d:cd:10:0d:67:fa:83:5c:9e:fd:
                    9f:fa:e2:99:6c:b5:e6:48:e4:1a:f1:68:98:c9:51:
                    33:86:3a:cc:be:8f:27:f7:50:d4:fd:18:81:06:8c:
                    6a:56:34:fd:3e:b0:fa:6f:dd:85:86:f9:ff:47:b1:
                    26:af:bc:7f:f6:ee:77:27:e6:57:0b:1f:6d:d6:c5:
                    32:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:AE:98:02:4C:04:77:0A:C3:73:4E:EE:CD:89:E9:B4:B5:C0:12:3E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R66YAkwEdwrDc07uzYnptLXAEj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.151.0/24
                  213.210.42.0/24
                  213.218.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:ce:77:74:33:8f:6e:06:ff:f2:fe:e6:cf:29:87:68:5d:7f:
         47:67:10:ed:1d:74:5e:72:8c:9d:88:36:82:d1:b3:82:ef:98:
         75:f5:fd:a6:bc:af:c1:14:4b:aa:60:42:50:a7:ca:94:84:e3:
         7e:64:b8:63:e1:00:ec:77:5b:75:39:ac:75:54:e6:e3:24:40:
         8e:d3:78:5c:c5:5d:d9:49:1c:2b:10:a8:87:d9:bb:8f:74:8f:
         46:6b:89:08:b6:da:2c:64:78:09:15:6e:62:36:ee:cf:62:7e:
         1f:7e:95:d1:52:4f:4b:fa:e2:a7:98:73:0a:99:a7:cb:53:79:
         20:f8:e0:84:6e:95:da:1e:7b:0c:ab:09:9f:46:2b:ad:de:c6:
         9f:93:6b:ad:a3:2b:4e:47:0c:bd:85:f1:91:06:7b:21:7e:67:
         82:2d:ac:16:b1:74:f5:e4:44:a4:ed:f1:5c:c6:97:e2:a9:43:
         eb:c6:09:5a:59:7b:07:69:3d:00:50:e5:5d:79:fe:15:41:77:
         df:ae:af:7a:cc:f4:c3:20:b5:c2:a4:4a:ea:fc:42:42:0d:be:
         ba:ca:35:77:21:09:49:22:2f:09:ac:99:ea:95:7c:a0:cc:07:
         e7:a2:35:5a:bb:d5:58:9b:37:8f:20:70:80:34:4f:f2:d0:55:
         d5:d4:8c:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6SXLpKNkugZw7hmNMNHt93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA0MTEyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2FlOTgwMjRjMDQ3NzBhYzM3MzRlZWVjZDg5ZTliNGI1YzAxMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA5nPtJwufyIRjdqg2OGjKBIIqnV
5VV0isbbIYxPds8P+jW+kPTHPHxv4sI2hmum5ettnLCbiMt1PUjpUEuLK2tLQBV6
hJTJ9bLxz4/3GToI6MhXTWTmu8ZN4nXaF2rjYV8W3hmvJJcbgEmUAGhWcUyr4cuX
2XLDhSNzdZBnK7ktRnwlGWv6AYfo/zFk3xHnb00RaWlpKzviN9hS+dOYfNn0RRlS
cVdo6WB7G4QSplOilroH+RkkXp3NEA1n+oNcnv2f+uKZbLXmSOQa8WiYyVEzhjrM
vo8n91DU/RiBBoxqVjT9PrD6b92Fhvn/R7Emr7x/9u53J+ZXCx9t1sUy0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEeumAJMBHcKw3NO7s2J6bS1wBI+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUjY2WUFrd0Vkd3JEYzA3dXpZbnB0TFhBRWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1YKXAwQA
1dIqAwQA1drsMA0GCSqGSIb3DQEBCwUAA4IBAQCWznd0M49uBv/y/ubPKYdoXX9H
ZxDtHXRecoydiDaC0bOC75h19f2mvK/BFEuqYEJQp8qUhON+ZLhj4QDsd1t1Oax1
VObjJECO03hcxV3ZSRwrEKiH2buPdI9Ga4kIttosZHgJFW5iNu7PYn4ffpXRUk9L
+uKnmHMKmafLU3kg+OCEbpXaHnsMqwmfRiut3safk2utoytORwy9hfGRBnshfmeC
LawWsXT15ESk7fFcxpfiqUPrxglaWXsHaT0AUOVdef4VQXffrq96zPTDILXCpErq
/EJCDb66yjV3IQlJIi8JrJnqlXygzAfnojVau9VYmzePIHCANE/y0FXV1Izc
-----END CERTIFICATE-----