Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oRpt6hAYu5T-yG8hJtfe-VkyimA.roa
File:                     oRpt6hAYu5T-yG8hJtfe-VkyimA.roa (raw, json)
Hash identifier:          OlkpMUVR98bP7afQBHigFZ+A1aZ7ZLvk1fPC1tyHXJc=
Subject key identifier:   A1:1A:6D:EA:10:18:BB:94:FE:C8:6F:21:26:D7:DE:F9:59:32:8A:60
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E8C24E37BD458D2890919950C0D778A16
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oRpt6hAYu5T-yG8hJtfe-VkyimA.roa
Signing time:             Wed 03 Jun 2026 06:21:28 +0000
ROA not before:           Wed 03 Jun 2026 06:21:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402510
IP address blocks:        212.38.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:24:e3:7b:d4:58:d2:89:09:19:95:0c:0d:77:8a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  3 06:21:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a11a6dea1018bb94fec86f2126d7def959328a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:14:ea:1f:29:e7:4a:0a:88:cf:91:28:05:39:
                    73:d7:d9:1a:73:f4:82:aa:1d:77:ff:9e:77:56:ec:
                    37:4f:02:70:09:0c:20:01:14:43:13:f6:63:d6:6e:
                    76:08:d5:27:b8:44:0a:7d:fe:6f:0d:14:44:22:2c:
                    3c:e2:34:f3:29:03:0b:17:33:db:3e:0b:5b:a6:9c:
                    13:ba:3f:bb:c6:0f:99:12:8d:70:3d:70:13:4b:57:
                    88:ec:2a:39:61:a7:23:cf:2c:98:17:a1:f2:ec:6f:
                    64:a7:2f:85:d6:01:68:a1:e5:e8:08:01:59:96:2a:
                    39:8c:1b:99:40:9d:2a:2e:d0:15:10:b6:df:26:5a:
                    71:95:80:66:cf:12:89:a9:b1:36:09:88:d0:60:a6:
                    6c:41:f2:ab:af:fd:02:89:d9:74:67:74:87:ce:ea:
                    78:da:fb:37:81:b9:6a:b8:e5:d0:94:0a:db:14:98:
                    40:b9:82:01:4e:53:1d:ad:5b:f0:aa:64:8d:8c:00:
                    3f:ee:9c:ba:25:b1:5b:5d:cf:c4:6c:c2:52:27:23:
                    21:34:95:1e:0f:09:a3:0e:32:36:3c:49:a6:09:1d:
                    1d:d2:98:9c:38:47:5f:db:d0:f5:18:5f:f6:a8:e8:
                    69:49:ed:33:7c:9f:95:f5:02:1d:65:28:5c:d7:e8:
                    91:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1A:6D:EA:10:18:BB:94:FE:C8:6F:21:26:D7:DE:F9:59:32:8A:60
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oRpt6hAYu5T-yG8hJtfe-VkyimA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:2d:c3:3a:fb:45:8e:bf:80:f2:b1:1a:1f:5d:3d:78:68:d9:
         74:81:99:33:bd:6c:7d:96:9f:fa:ac:2e:4a:ef:5a:84:57:0f:
         c5:d2:97:71:43:03:b2:cb:7f:3f:8b:17:01:46:3d:56:3d:a1:
         a8:43:b6:68:07:85:0d:c0:91:18:61:3a:83:85:25:94:cd:a2:
         31:20:c1:a9:99:a8:6d:c8:3f:bf:a2:37:3c:e0:de:77:3d:b1:
         bb:df:30:20:15:d4:bd:f8:00:b9:ed:cc:27:60:64:85:ef:04:
         2e:24:97:08:2e:df:12:9a:31:4c:36:4d:bc:89:38:8c:c9:f0:
         af:da:96:55:b8:6d:88:6e:eb:c6:fe:db:6d:71:81:c0:5b:f7:
         9e:35:50:d1:fc:e3:3b:b2:36:4e:8f:ae:80:b4:9b:12:01:6f:
         f1:ff:14:ad:09:18:dd:1a:c8:80:7c:46:45:16:cb:22:84:e8:
         6b:23:82:e3:06:b9:e5:77:1b:a3:b7:e0:d0:e5:c9:69:a7:1a:
         a2:f8:84:56:64:30:76:fc:7b:83:6a:5b:c7:eb:62:b6:6b:14:
         43:dd:ed:69:aa:21:07:90:ea:81:76:dd:b4:96:97:27:12:cb:
         c2:31:12:a1:d1:b1:6b:81:37:ee:b9:d1:1b:cb:a8:06:00:a4:
         20:7c:43:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6MJON71FjSiQkZlQwNd4oWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAzMDYyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFhNmRlYTEwMThiYjk0ZmVjODZmMjEyNmQ3ZGVmOTU5MzI4YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRTqHynnSgqIz5EoBTlz19kac/SC
qh13/553Vuw3TwJwCQwgARRDE/Zj1m52CNUnuEQKff5vDRREIiw84jTzKQMLFzPb
PgtbppwTuj+7xg+ZEo1wPXATS1eI7Co5YacjzyyYF6Hy7G9kpy+F1gFooeXoCAFZ
lio5jBuZQJ0qLtAVELbfJlpxlYBmzxKJqbE2CYjQYKZsQfKrr/0Cidl0Z3SHzup4
2vs3gblquOXQlArbFJhAuYIBTlMdrVvwqmSNjAA/7py6JbFbXc/EbMJSJyMhNJUe
DwmjDjI2PEmmCR0d0picOEdf29D1GF/2qOhpSe0zfJ+V9QIdZShc1+iRGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEabeoQGLuU/shvISbX3vlZMopgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb1JwdDZoQVl1NVQteUc4aEp0ZmUtVmt5aW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZSMA0G
CSqGSIb3DQEBCwUAA4IBAQAdLcM6+0WOv4DysRofXT14aNl0gZkzvWx9lp/6rC5K
71qEVw/F0pdxQwOyy38/ixcBRj1WPaGoQ7ZoB4UNwJEYYTqDhSWUzaIxIMGpmaht
yD+/ojc84N53PbG73zAgFdS9+AC57cwnYGSF7wQuJJcILt8SmjFMNk28iTiMyfCv
2pZVuG2IbuvG/tttcYHAW/eeNVDR/OM7sjZOj66AtJsSAW/x/xStCRjdGsiAfEZF
FssihOhrI4LjBrnldxujt+DQ5clppxqi+IRWZDB2/HuDalvH62K2axRD3e1pqiEH
kOqBdt20lpcnEsvCMRKh0bFrgTfuudEby6gGAKQgfENx
-----END CERTIFICATE-----