Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hYStsrmShfiILT2OtHXnItuh7xE.roa
File:                     hYStsrmShfiILT2OtHXnItuh7xE.roa (raw, json)
Hash identifier:          XupTQl6CqY1gk871vRNbzt0oh/ce9egUH2UaLNoBudQ=
Subject key identifier:   85:84:AD:B2:B9:92:85:F8:88:2D:3D:8E:B4:75:E7:22:DB:A1:EF:11
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E8883243E0BF2F4D76398CBE8080B9472
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hYStsrmShfiILT2OtHXnItuh7xE.roa
Signing time:             Tue 02 Jun 2026 13:25:56 +0000
ROA not before:           Tue 02 Jun 2026 13:25:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51082
IP address blocks:        82.153.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:83:24:3e:0b:f2:f4:d7:63:98:cb:e8:08:0b:94:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  2 13:25:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8584adb2b99285f8882d3d8eb475e722dba1ef11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:7c:e8:2a:ab:18:0e:b8:a0:12:23:7b:ac:
                    c5:f3:cb:1e:73:0d:59:01:ff:84:ac:dc:65:dc:cb:
                    ae:de:4c:3e:5a:e4:e2:cf:af:88:0c:cf:ee:82:cd:
                    1f:a7:87:0b:16:fb:1c:9b:db:a1:35:09:78:dc:1f:
                    17:7e:a8:3b:12:4f:e8:de:51:20:40:83:43:7a:87:
                    df:d1:db:ed:85:4e:c0:df:e4:4b:31:99:ba:58:94:
                    8d:13:14:a8:af:fd:73:c5:5f:dd:b3:6e:29:48:a5:
                    09:aa:a1:ed:e9:5a:3a:b1:43:87:bf:25:e9:ec:dd:
                    0f:6a:c9:eb:a7:60:c6:0a:8d:68:75:aa:7b:14:77:
                    21:35:ea:d5:60:c4:d4:09:78:bd:60:8d:d4:0e:16:
                    fc:2c:0a:13:a8:fb:35:00:59:38:bd:02:65:75:54:
                    6a:97:9f:3f:65:2c:0c:b0:75:36:00:b0:5f:f1:81:
                    8c:76:29:71:ee:ce:e1:32:a9:5e:2b:c6:21:82:95:
                    95:19:14:16:fb:db:de:70:5b:1f:d5:89:3a:cf:45:
                    b2:c4:12:68:dd:e3:09:83:b7:df:8f:22:36:ab:27:
                    d7:1b:28:f3:15:a9:74:94:cf:be:2c:90:a0:2e:1c:
                    0d:f0:e8:32:1a:ea:b3:2b:9c:4c:63:13:9a:88:82:
                    d2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:84:AD:B2:B9:92:85:F8:88:2D:3D:8E:B4:75:E7:22:DB:A1:EF:11
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hYStsrmShfiILT2OtHXnItuh7xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:36:a0:3e:d7:01:92:52:88:e2:98:74:4f:f2:c8:b7:f4:bc:
         cb:fb:17:2c:53:0b:3d:24:13:b9:dc:a5:99:93:af:34:01:a9:
         aa:55:2b:92:f8:34:6e:4d:ca:7d:d7:12:6a:b7:82:d2:5f:0d:
         37:20:92:f9:fd:cc:44:4b:56:ab:37:a8:d0:e9:18:7f:16:d8:
         e6:95:a0:2e:b8:91:f9:8e:33:fe:be:b8:3d:72:3c:a5:86:d0:
         d6:80:dc:99:78:67:21:21:40:b5:74:1b:f9:fe:b6:4d:5c:4e:
         88:d8:ae:09:f4:d4:a6:7a:41:51:01:1c:5a:21:4d:29:a4:8e:
         33:a0:30:50:b2:7d:a6:d6:5c:56:16:08:8c:28:0d:40:86:b9:
         91:2f:9d:de:cc:57:75:9b:03:ff:43:12:d3:15:18:ef:e7:db:
         39:eb:c9:0e:ce:7c:c0:f7:88:d7:90:c6:a6:84:3b:18:74:01:
         a8:e5:cc:bb:4d:1d:cb:66:ef:1f:b2:79:77:18:17:d0:c3:72:
         56:a0:7f:1e:67:7b:c3:57:4c:4d:2a:3c:0c:19:28:85:73:f0:
         e6:79:92:ce:7c:02:61:4f:5e:a8:a9:1c:09:eb:0a:3a:46:21:
         c2:4d:fb:6f:71:3f:b0:c0:dc:c4:ff:ca:f1:39:69:ab:10:52:
         46:9e:1b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6IgyQ+C/L012OYy+gIC5RyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAyMTMyNTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg0YWRiMmI5OTI4NWY4ODgyZDNkOGViNDc1ZTcyMmRiYTFlZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnV86CqrGA64oBIje6zF88secw1Z
Af+ErNxl3Muu3kw+WuTiz6+IDM/ugs0fp4cLFvscm9uhNQl43B8Xfqg7Ek/o3lEg
QINDeoff0dvthU7A3+RLMZm6WJSNExSor/1zxV/ds24pSKUJqqHt6Vo6sUOHvyXp
7N0Pasnrp2DGCo1odap7FHchNerVYMTUCXi9YI3UDhb8LAoTqPs1AFk4vQJldVRq
l58/ZSwMsHU2ALBf8YGMdilx7s7hMqleK8YhgpWVGRQW+9vecFsf1Yk6z0WyxBJo
3eMJg7ffjyI2qyfXGyjzFal0lM++LJCgLhwN8OgyGuqzK5xMYxOaiILS7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWErbK5koX4iC09jrR15yLboe8RMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaFlTdHNybVNoZmlJTFQyT3RIWG5JdHVoN3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmaMA0G
CSqGSIb3DQEBCwUAA4IBAQBFNqA+1wGSUojimHRP8si39LzL+xcsUws9JBO53KWZ
k680AamqVSuS+DRuTcp91xJqt4LSXw03IJL5/cxES1arN6jQ6Rh/FtjmlaAuuJH5
jjP+vrg9cjylhtDWgNyZeGchIUC1dBv5/rZNXE6I2K4J9NSmekFRARxaIU0ppI4z
oDBQsn2m1lxWFgiMKA1AhrmRL53ezFd1mwP/QxLTFRjv59s568kOznzA94jXkMam
hDsYdAGo5cy7TR3LZu8fsnl3GBfQw3JWoH8eZ3vDV0xNKjwMGSiFc/DmeZLOfAJh
T16oqRwJ6wo6RiHCTftvcT+wwNzE/8rxOWmrEFJGnhtI
-----END CERTIFICATE-----