Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e3dURbGj2G4TtUNUiquafl4-aGk.roa
File:                     e3dURbGj2G4TtUNUiquafl4-aGk.roa (raw, json)
Hash identifier:          Y4oLb8lHa3UUrQuy+fc0p+cg2a4kIFutDzSpTGtchmg=
Subject key identifier:   7B:77:54:45:B1:A3:D8:6E:13:B5:43:54:8A:AB:9A:7E:5E:3E:68:69
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D769309C179390AE2717BAEA64F50E634
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e3dURbGj2G4TtUNUiquafl4-aGk.roa
Signing time:             Fri 10 Apr 2026 08:47:20 +0000
ROA not before:           Fri 10 Apr 2026 08:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401861
IP address blocks:        89.213.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 11:21:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:93:09:c1:79:39:0a:e2:71:7b:ae:a6:4f:50:e6:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 10 08:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b775445b1a3d86e13b543548aab9a7e5e3e6869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:98:a3:86:62:fd:b0:fe:34:f6:3e:95:6a:79:
                    d7:ca:cc:cf:78:10:ec:4d:13:bb:5e:06:66:b0:29:
                    6f:7a:13:56:81:6c:f4:9c:06:fe:8c:8c:30:2e:ca:
                    f8:c8:1f:67:da:66:97:1a:ed:44:ae:ba:68:e4:7e:
                    13:5f:7f:ef:05:ef:1c:09:97:a6:d0:18:ae:4c:da:
                    b2:0a:a1:2f:76:c7:f7:57:c3:42:87:b1:c0:d0:24:
                    e4:16:2b:b1:92:18:a3:2e:bb:8f:53:ff:39:e4:23:
                    85:76:16:0a:20:7d:5d:0e:7d:d6:e2:08:ed:cd:0f:
                    e4:f9:d4:c3:33:9a:aa:2c:b0:71:2c:e1:2f:3e:9a:
                    93:d7:ef:1c:8b:d4:e6:54:e2:22:5c:aa:dd:37:7b:
                    78:a5:1f:31:d5:2a:ef:4d:d8:ed:d9:bd:66:26:f0:
                    d3:14:e5:28:3d:a9:22:25:43:58:a9:45:a1:9a:33:
                    d9:6a:4c:9c:2f:53:01:ce:da:73:32:cb:7e:5b:08:
                    9c:a5:b3:ae:96:fa:8e:cc:95:11:ab:8e:45:57:2b:
                    4a:4c:27:74:c5:4b:e9:1c:8f:c7:dc:2f:18:ef:db:
                    8c:9e:bf:e3:62:8d:74:4f:c3:a4:00:4e:4e:7d:03:
                    d9:91:17:29:42:52:21:c3:15:70:c2:61:b2:e5:e4:
                    bf:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:77:54:45:B1:A3:D8:6E:13:B5:43:54:8A:AB:9A:7E:5E:3E:68:69
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e3dURbGj2G4TtUNUiquafl4-aGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:45:ae:f7:56:03:cf:bc:4a:f0:12:f5:89:e1:e4:c1:a2:97:
         74:1c:8a:8c:a2:1d:b9:b0:85:4f:65:ac:4b:ea:ea:71:80:22:
         70:c2:d1:73:67:5f:c1:6b:e2:3a:b5:84:64:d5:b9:36:44:7f:
         69:f4:4d:3a:fb:64:95:b4:8d:d1:a3:df:b6:6d:25:54:d6:33:
         a5:d6:0a:c9:39:3a:f3:78:66:d2:ed:c9:ea:8e:03:18:9d:b6:
         04:36:7c:95:9c:8f:22:03:d5:a0:a3:40:59:a4:31:c5:5b:06:
         d3:10:e4:c8:6c:48:b1:1b:81:7d:f2:c2:ad:c7:2d:d5:c3:b6:
         93:3b:e9:a8:e4:91:47:97:6e:cf:08:9e:0e:1c:7f:55:ae:e3:
         89:0e:28:c6:32:1c:ff:21:dc:1f:88:5a:4c:4c:5c:92:29:5b:
         f4:b4:a9:c0:3e:e0:7b:df:dc:cb:f7:04:e7:56:98:31:c1:8e:
         1b:40:3c:74:0a:3f:ea:0b:9f:0e:bc:62:1a:37:cc:cd:1d:35:
         3c:95:2b:24:ff:61:98:a8:d2:82:11:4b:b6:21:a3:fe:84:99:
         6f:c6:22:c8:09:ec:af:23:6e:5a:41:00:2b:68:72:ba:ff:49:
         0d:8d:62:e7:4c:58:e7:3c:40:e5:bc:57:5b:72:0a:0b:49:ea:
         2e:5f:48:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12kwnBeTkK4nF7rqZPUOY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDEwMDg0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjc3NTQ0NWIxYTNkODZlMTNiNTQzNTQ4YWFiOWE3ZTVlM2U2ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JijhmL9sP409j6VannXyszPeBDs
TRO7XgZmsClvehNWgWz0nAb+jIwwLsr4yB9n2maXGu1Errpo5H4TX3/vBe8cCZem
0BiuTNqyCqEvdsf3V8NCh7HA0CTkFiuxkhijLruPU/855COFdhYKIH1dDn3W4gjt
zQ/k+dTDM5qqLLBxLOEvPpqT1+8ci9TmVOIiXKrdN3t4pR8x1SrvTdjt2b1mJvDT
FOUoPakiJUNYqUWhmjPZakycL1MBztpzMst+WwicpbOulvqOzJURq45FVytKTCd0
xUvpHI/H3C8Y79uMnr/jYo10T8OkAE5OfQPZkRcpQlIhwxVwwmGy5eS/uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHt3VEWxo9huE7VDVIqrmn5ePmhpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZTNkVVJiR2oyRzRUdFVOVWlxdWFmbDQtYUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVBMA0G
CSqGSIb3DQEBCwUAA4IBAQA3Ra73VgPPvErwEvWJ4eTBopd0HIqMoh25sIVPZaxL
6upxgCJwwtFzZ1/Ba+I6tYRk1bk2RH9p9E06+2SVtI3Ro9+2bSVU1jOl1grJOTrz
eGbS7cnqjgMYnbYENnyVnI8iA9Wgo0BZpDHFWwbTEOTIbEixG4F98sKtxy3Vw7aT
O+mo5JFHl27PCJ4OHH9VruOJDijGMhz/IdwfiFpMTFySKVv0tKnAPuB739zL9wTn
VpgxwY4bQDx0Cj/qC58OvGIaN8zNHTU8lSsk/2GYqNKCEUu2IaP+hJlvxiLICeyv
I25aQQAraHK6/0kNjWLnTFjnPEDlvFdbcgoLSeouX0iq
-----END CERTIFICATE-----