Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oAPNOmlVfmWLvNjueifGj5FtBXo.roa
File:                     oAPNOmlVfmWLvNjueifGj5FtBXo.roa (raw, json)
Hash identifier:          q91y96ryHJsSExyiSVXbQgOsgw5ooskvdaKPweDSYdc=
Subject key identifier:   A0:03:CD:3A:69:55:7E:65:8B:BC:D8:EE:7A:27:C6:8F:91:6D:05:7A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D7267887BD386417B14C6BB9C074F6D15
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oAPNOmlVfmWLvNjueifGj5FtBXo.roa
Signing time:             Thu 09 Apr 2026 13:21:20 +0000
ROA not before:           Thu 09 Apr 2026 13:21:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34224
IP address blocks:        82.152.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:67:88:7b:d3:86:41:7b:14:c6:bb:9c:07:4f:6d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  9 13:21:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a003cd3a69557e658bbcd8ee7a27c68f916d057a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:82:f9:d7:34:46:02:8a:01:1c:cc:eb:be:32:
                    45:00:2c:c5:04:1e:72:55:e7:c2:a9:c0:c6:0b:b9:
                    3b:d5:81:99:c6:49:54:f1:38:da:73:04:50:cc:e8:
                    c9:12:05:33:26:b9:28:49:27:cc:15:8c:d1:89:77:
                    9b:d7:dc:9c:e3:1f:8d:82:35:ff:e4:2e:32:30:80:
                    93:bc:c3:9d:5d:3d:5b:bd:9f:20:e3:2d:1e:29:d3:
                    23:31:40:0b:cf:db:09:9c:d1:6c:09:de:9a:78:aa:
                    0b:f4:6f:46:d5:c6:4b:f9:d6:81:c2:0d:59:ae:5b:
                    fd:22:f4:de:b3:31:25:dd:ac:c3:22:79:c2:84:12:
                    57:42:b4:05:fb:94:98:6f:1c:82:ff:1a:e7:4b:e8:
                    6c:a1:14:5a:2c:e9:40:d5:42:24:fa:8c:8f:cb:ff:
                    66:c7:37:53:a9:dd:df:cf:5a:35:27:d4:a5:73:be:
                    9d:2b:8a:d1:8b:bd:6f:0c:0d:ba:94:ed:12:41:29:
                    28:b6:e4:fc:f6:c2:43:72:08:30:57:c7:17:fa:a6:
                    27:60:41:b1:e9:49:d5:dc:e8:f9:49:66:5e:d3:9c:
                    b5:3c:b4:78:ef:1f:ae:86:be:85:99:77:d7:8d:e7:
                    ab:a2:f2:fe:56:07:bb:a9:a5:ab:33:47:68:13:ec:
                    de:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:03:CD:3A:69:55:7E:65:8B:BC:D8:EE:7A:27:C6:8F:91:6D:05:7A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oAPNOmlVfmWLvNjueifGj5FtBXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:6b:41:e6:d9:12:85:96:3a:23:87:23:b0:07:e4:38:4e:0a:
         a4:11:75:53:bd:78:62:e5:da:e7:83:82:47:c6:aa:31:c6:1e:
         c1:25:d2:ae:6f:47:6f:15:0b:4f:9f:7b:1a:00:27:a8:75:75:
         62:6b:d2:bd:8b:29:23:e6:04:23:10:cd:9e:75:83:3a:e8:0f:
         5f:34:62:20:58:ca:39:38:7a:8a:64:b0:1d:fa:0a:9e:46:7a:
         89:19:28:11:24:c7:32:58:49:91:fd:ba:67:40:6c:f8:fe:ae:
         33:a9:7d:c4:a6:61:c8:1d:97:cd:e4:fb:52:3a:b0:d8:e5:ad:
         f6:91:66:47:ea:75:45:1c:a8:a4:3d:ae:dc:68:5b:b0:50:39:
         14:55:2e:2f:f3:49:a7:e0:43:71:58:94:77:48:6d:3e:80:58:
         82:4b:e5:3e:55:4c:89:b8:6a:08:01:ad:4c:a7:f0:de:26:5d:
         dd:c6:95:cb:b8:65:0c:77:7e:86:5b:30:cd:08:2b:dc:24:6a:
         8b:c4:29:3b:3f:03:40:c7:65:e9:d4:8a:71:7a:35:7c:71:33:
         fa:52:6a:14:e1:9f:8f:51:3a:03:75:34:15:fa:e8:25:9d:21:
         35:86:1f:da:1a:cb:90:42:ce:45:d5:3f:09:0e:30:7c:05:98:
         b6:4a:42:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yZ4h704ZBexTGu5wHT20VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA5MTMyMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDAzY2QzYTY5NTU3ZTY1OGJiY2Q4ZWU3YTI3YzY4ZjkxNmQwNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYL51zRGAooBHMzrvjJFACzFBB5y
VefCqcDGC7k71YGZxklU8TjacwRQzOjJEgUzJrkoSSfMFYzRiXeb19yc4x+NgjX/
5C4yMICTvMOdXT1bvZ8g4y0eKdMjMUALz9sJnNFsCd6aeKoL9G9G1cZL+daBwg1Z
rlv9IvTeszEl3azDInnChBJXQrQF+5SYbxyC/xrnS+hsoRRaLOlA1UIk+oyPy/9m
xzdTqd3fz1o1J9Slc76dK4rRi71vDA26lO0SQSkotuT89sJDcggwV8cX+qYnYEGx
6UnV3Oj5SWZe05y1PLR47x+uhr6FmXfXjeerovL+Vge7qaWrM0doE+zeywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKADzTppVX5li7zY7nonxo+RbQV6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb0FQTk9tbFZmbVdMdk5qdWVpZkdqNUZ0QlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpj+MA0G
CSqGSIb3DQEBCwUAA4IBAQCfa0Hm2RKFljojhyOwB+Q4TgqkEXVTvXhi5drng4JH
xqoxxh7BJdKub0dvFQtPn3saACeodXVia9K9iykj5gQjEM2edYM66A9fNGIgWMo5
OHqKZLAd+gqeRnqJGSgRJMcyWEmR/bpnQGz4/q4zqX3EpmHIHZfN5PtSOrDY5a32
kWZH6nVFHKikPa7caFuwUDkUVS4v80mn4ENxWJR3SG0+gFiCS+U+VUyJuGoIAa1M
p/DeJl3dxpXLuGUMd36GWzDNCCvcJGqLxCk7PwNAx2Xp1IpxejV8cTP6UmoU4Z+P
UToDdTQV+uglnSE1hh/aGsuQQs5F1T8JDjB8BZi2SkLT
-----END CERTIFICATE-----