Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k5ZtZ149N2AdzFr6JNIKlolmkhw.roa
File:                     k5ZtZ149N2AdzFr6JNIKlolmkhw.roa (raw, json)
Hash identifier:          8dNnPNARl9QQEQ9buBdiSB1sCQ+bWH3+3EFFXDaz1ME=
Subject key identifier:   93:96:6D:67:5E:3D:37:60:1D:CC:5A:FA:24:D2:0A:96:89:66:92:1C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E969D4B0A121A88CD0A58EC0DEFFBE158
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k5ZtZ149N2AdzFr6JNIKlolmkhw.roa
Signing time:             Fri 05 Jun 2026 07:09:11 +0000
ROA not before:           Fri 05 Jun 2026 07:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207343
IP address blocks:        82.153.111.0/24 maxlen: 24
                          213.130.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:9d:4b:0a:12:1a:88:cd:0a:58:ec:0d:ef:fb:e1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  5 07:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93966d675e3d37601dcc5afa24d20a968966921c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:eb:77:27:02:21:2e:ba:ca:a8:d1:85:29:
                    53:e5:2e:da:3e:e5:29:74:e9:77:82:f3:19:22:0c:
                    39:d3:aa:f8:f0:c6:a5:41:46:0c:06:29:e2:04:29:
                    31:25:8e:3d:41:fe:b8:16:8b:a2:ec:50:0c:66:dc:
                    92:a7:b5:3c:09:21:ff:26:17:81:73:92:ff:e6:2c:
                    5a:87:e5:54:77:54:c6:a0:4e:87:4b:81:fa:66:c1:
                    d3:cf:1a:a8:52:4f:9a:e1:07:c0:00:47:1a:f3:02:
                    33:55:dc:cb:99:40:1e:6d:9d:1e:d1:0b:0f:9f:ff:
                    f9:d3:71:13:7f:f1:63:02:cc:aa:e0:9f:51:12:13:
                    08:91:13:80:a6:be:8e:25:8a:c7:56:84:a7:17:70:
                    df:14:e9:a9:6d:3a:8c:a7:91:63:dd:cc:a6:1b:44:
                    b4:c8:80:19:d1:ec:c7:30:bf:6c:99:0e:d5:74:47:
                    32:e8:87:d1:c7:49:be:0c:b1:5b:a7:71:29:38:2b:
                    5e:d1:62:bf:0c:81:89:7f:3d:71:70:d6:87:37:4b:
                    65:97:64:c7:e3:c5:16:be:b3:9c:a5:2d:d9:53:4a:
                    21:7d:84:b0:80:fd:40:aa:6f:68:a7:ba:12:40:00:
                    24:64:c1:a0:40:e8:6b:3f:3e:d3:93:95:bb:0d:33:
                    47:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:96:6D:67:5E:3D:37:60:1D:CC:5A:FA:24:D2:0A:96:89:66:92:1C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k5ZtZ149N2AdzFr6JNIKlolmkhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.111.0/24
                  213.130.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:89:bb:b1:4d:26:ec:8f:19:7c:12:6c:c9:24:bf:40:fc:2a:
         b9:47:2b:60:06:49:0d:ce:03:e0:2b:c0:df:e5:a7:5b:d4:65:
         18:e4:be:ec:0e:33:f2:f7:15:9a:12:87:26:cc:5f:75:ba:f4:
         26:db:9a:e2:2e:85:bb:37:d5:2c:66:54:79:ff:31:4f:58:f6:
         de:28:cc:d9:63:ce:e5:e7:72:ac:9a:30:aa:ec:0d:41:69:db:
         dd:c0:d9:e2:65:ac:b7:fc:8b:a7:79:ac:fe:a7:8f:1b:ea:f9:
         b1:08:96:51:04:ca:56:46:51:eb:54:0b:ec:0d:ce:2a:08:a4:
         b4:ca:8a:7e:1d:92:db:18:bc:35:c2:2c:7c:ae:8d:b4:17:94:
         c6:8f:df:85:fc:2d:ce:36:e6:a7:cd:67:68:77:15:4f:40:e7:
         6b:0a:50:a5:42:5f:5d:f3:92:92:83:2b:30:01:f8:92:5e:95:
         81:b9:88:6d:09:c3:fe:63:b1:ea:72:bd:02:f4:b8:b7:d2:2a:
         f1:b7:dd:77:8b:a0:de:47:3a:a6:1c:a0:be:35:6f:bc:d5:0d:
         39:fd:43:a9:4b:03:00:54:51:0c:02:c4:84:af:97:ad:c8:b1:
         06:2c:a1:2b:b9:bd:c8:99:18:47:f4:5b:d6:a2:61:d3:16:df:
         7d:6e:12:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6WnUsKEhqIzQpY7A3v++FYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA1MDcwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzk2NmQ2NzVlM2QzNzYwMWRjYzVhZmEyNGQyMGE5Njg5NjY5MjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3vrdycCIS66yqjRhSlT5S7aPuUp
dOl3gvMZIgw506r48MalQUYMBiniBCkxJY49Qf64Foui7FAMZtySp7U8CSH/JheB
c5L/5ixah+VUd1TGoE6HS4H6ZsHTzxqoUk+a4QfAAEca8wIzVdzLmUAebZ0e0QsP
n//503ETf/FjAsyq4J9REhMIkROApr6OJYrHVoSnF3DfFOmpbTqMp5Fj3cymG0S0
yIAZ0ezHML9smQ7VdEcy6IfRx0m+DLFbp3EpOCte0WK/DIGJfz1xcNaHN0tll2TH
48UWvrOcpS3ZU0ohfYSwgP1Aqm9op7oSQAAkZMGgQOhrPz7Tk5W7DTNH5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJOWbWdePTdgHcxa+iTSCpaJZpIcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvazVadFoxNDlOMkFkekZyNkpOSUtsb2xta2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUplvAwQA
1YKOMA0GCSqGSIb3DQEBCwUAA4IBAQAMibuxTSbsjxl8EmzJJL9A/Cq5RytgBkkN
zgPgK8Df5adb1GUY5L7sDjPy9xWaEocmzF91uvQm25riLoW7N9UsZlR5/zFPWPbe
KMzZY87l53KsmjCq7A1BadvdwNniZay3/Iuneaz+p48b6vmxCJZRBMpWRlHrVAvs
Dc4qCKS0yop+HZLbGLw1wix8ro20F5TGj9+F/C3ONuanzWdodxVPQOdrClClQl9d
85KSgyswAfiSXpWBuYhtCcP+Y7Hqcr0C9Li30irxt913i6DeRzqmHKC+NW+81Q05
/UOpSwMAVFEMAsSEr5etyLEGLKErub3ImRhH9FvWomHTFt99bhI3
-----END CERTIFICATE-----