Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCK-3ZDr4QmIjroydDlM1aN-Yj8.roa
File:                     fCK-3ZDr4QmIjroydDlM1aN-Yj8.roa (raw, json)
Hash identifier:          V1qES/Lod/cRG0FYRT0AI9NIAfB70yT8MEnKeMMug4A=
Subject key identifier:   7C:22:BE:DD:90:EB:E1:09:88:8E:BA:32:74:39:4C:D5:A3:7E:62:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D9B2C8DD121A42E4B4B6208C38A01A3E8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCK-3ZDr4QmIjroydDlM1aN-Yj8.roa
Signing time:             Fri 17 Apr 2026 11:21:21 +0000
ROA not before:           Fri 17 Apr 2026 11:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        89.213.3.0/24 maxlen: 24
                          89.213.67.0/24 maxlen: 24
                          185.49.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:2c:8d:d1:21:a4:2e:4b:4b:62:08:c3:8a:01:a3:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 17 11:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c22bedd90ebe109888eba3274394cd5a37e623f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:37:15:fa:19:be:43:53:18:cc:17:06:b2:f5:
                    13:01:95:1c:e9:dc:11:d3:df:4f:34:31:ce:44:3f:
                    5c:4c:5f:84:5e:35:95:3c:9d:f5:74:b9:8f:23:6e:
                    20:b8:23:6c:db:16:fc:ce:5e:ed:3f:6d:17:51:0a:
                    c8:06:6e:63:ba:ec:a6:e2:b2:0d:6d:4d:60:6b:83:
                    23:f4:7f:db:d7:ab:38:37:1e:d5:1e:4c:ce:e7:ee:
                    2a:ec:06:4c:3a:47:dc:01:ba:ea:f6:fa:d4:7d:92:
                    a5:11:10:d1:62:83:d7:1b:b1:24:c0:c5:92:c2:1e:
                    95:b2:ef:ef:23:f2:7a:ec:4a:6d:88:2e:2a:8d:58:
                    a8:c3:72:61:02:10:96:85:41:6f:0d:ea:1a:6f:c6:
                    a8:7e:8c:19:b6:e0:f3:e1:ca:6e:ef:00:a7:52:13:
                    32:ad:31:aa:6a:d0:5d:72:e7:4d:19:44:27:4c:f0:
                    a4:45:ff:55:75:f9:3a:a6:a2:53:38:06:8b:6f:1f:
                    55:6f:db:a4:27:ed:a4:a8:46:87:d5:14:5a:74:d8:
                    a8:2e:45:4d:03:94:80:47:e2:dd:60:9d:8a:87:71:
                    4a:ad:cc:0d:bc:bb:fc:41:df:40:44:e3:d2:9f:c6:
                    08:2c:28:aa:68:43:17:f2:9f:c2:e3:06:fb:63:e2:
                    36:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:22:BE:DD:90:EB:E1:09:88:8E:BA:32:74:39:4C:D5:A3:7E:62:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCK-3ZDr4QmIjroydDlM1aN-Yj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.3.0/24
                  89.213.67.0/24
                  185.49.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ac:3d:13:cf:7d:b8:1b:37:f4:90:46:6c:e4:14:c3:62:1c:
         1a:8c:ae:26:da:06:d6:c1:4b:f4:83:2b:cb:f8:4c:67:6e:b9:
         80:c8:bc:e7:32:f6:62:5a:29:7e:90:e1:c1:03:3c:17:5e:23:
         37:a5:5f:1c:fa:28:db:6d:36:5e:e1:b8:5c:01:1d:1e:7d:d2:
         d7:3b:82:b8:b7:e6:c1:e1:11:16:75:08:7a:7c:5a:94:5e:af:
         43:ea:0c:b8:0d:03:c6:ed:ce:8b:5e:ca:d9:1a:29:a7:4f:7c:
         21:16:95:7a:85:7e:1a:60:47:87:e7:58:be:2b:a4:30:12:c6:
         d8:8f:95:16:ac:08:75:0a:cf:68:0f:d1:e9:f6:cd:e4:d9:7e:
         ca:bf:e2:7a:06:02:1e:ff:01:d1:8a:be:db:b7:d6:6b:7d:8f:
         c0:2b:f6:63:f1:57:af:46:93:2e:4d:b4:81:d7:b0:ab:a9:09:
         2a:f1:f6:d4:b6:b1:b5:36:d2:c6:65:07:a7:17:de:b8:35:31:
         6c:5e:bd:a4:df:1c:07:0a:5a:d6:8a:21:3e:01:c9:b2:9e:30:
         ad:c3:28:c1:81:96:59:c9:1c:08:6a:d6:9d:47:0b:a5:0f:e1:
         c0:f6:5d:ed:f7:3f:9c:b3:b1:a9:bd:36:39:22:73:a6:f0:95:
         a2:9b:0d:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2bLI3RIaQuS0tiCMOKAaPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDE3MTEyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzIyYmVkZDkwZWJlMTA5ODg4ZWJhMzI3NDM5NGNkNWEzN2U2MjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTcV+hm+Q1MYzBcGsvUTAZUc6dwR
099PNDHORD9cTF+EXjWVPJ31dLmPI24guCNs2xb8zl7tP20XUQrIBm5juuym4rIN
bU1ga4Mj9H/b16s4Nx7VHkzO5+4q7AZMOkfcAbrq9vrUfZKlERDRYoPXG7EkwMWS
wh6Vsu/vI/J67EptiC4qjViow3JhAhCWhUFvDeoab8aofowZtuDz4cpu7wCnUhMy
rTGqatBdcudNGUQnTPCkRf9Vdfk6pqJTOAaLbx9Vb9ukJ+2kqEaH1RRadNioLkVN
A5SAR+LdYJ2Kh3FKrcwNvLv8Qd9AROPSn8YILCiqaEMX8p/C4wb7Y+I2nwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHwivt2Q6+EJiI66MnQ5TNWjfmI/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZkNLLTNaRHI0UW1JanJveWREbE0xYU4tWWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdUDAwQA
WdVDAwQAuTF/MA0GCSqGSIb3DQEBCwUAA4IBAQBmrD0Tz324Gzf0kEZs5BTDYhwa
jK4m2gbWwUv0gyvL+ExnbrmAyLznMvZiWil+kOHBAzwXXiM3pV8c+ijbbTZe4bhc
AR0efdLXO4K4t+bB4REWdQh6fFqUXq9D6gy4DQPG7c6LXsrZGimnT3whFpV6hX4a
YEeH51i+K6QwEsbYj5UWrAh1Cs9oD9Hp9s3k2X7Kv+J6BgIe/wHRir7bt9ZrfY/A
K/Zj8VevRpMuTbSB17CrqQkq8fbUtrG1NtLGZQenF964NTFsXr2k3xwHClrWiiE+
AcmynjCtwyjBgZZZyRwIatadRwulD+HA9l3t9z+cs7GpvTY5InOm8JWimw0P
-----END CERTIFICATE-----