Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qPGTRx1rkuwNqXHx_uSVkoCtpjw.roa
File:                     qPGTRx1rkuwNqXHx_uSVkoCtpjw.roa (raw, json)
Hash identifier:          lfdrpFh9kb21du3IVesEIYzdsb0huNOjswB4I9Lv4yc=
Subject key identifier:   A8:F1:93:47:1D:6B:92:EC:0D:A9:71:F1:FE:E4:95:92:80:AD:A6:3C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E73D2815D9DBCE1623CCC0EF0ED23953D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qPGTRx1rkuwNqXHx_uSVkoCtpjw.roa
Signing time:             Fri 29 May 2026 13:00:35 +0000
ROA not before:           Fri 29 May 2026 13:00:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9318
IP address blocks:        79.99.76.0/24 maxlen: 24
                          109.176.10.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:d2:81:5d:9d:bc:e1:62:3c:cc:0e:f0:ed:23:95:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 29 13:00:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8f193471d6b92ec0da971f1fee4959280ada63c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b7:52:0d:61:9c:6c:f3:ef:d1:90:42:7a:cd:
                    57:19:9a:f2:1e:f2:00:43:f6:22:51:50:62:be:48:
                    19:31:99:65:2f:8c:d5:d4:d9:d6:02:6e:a2:d3:6a:
                    9e:db:e8:2d:9a:6b:75:2b:c6:87:fe:41:bb:c0:b8:
                    8a:6a:28:13:5f:9d:38:ec:9f:dc:f3:b3:4c:a0:da:
                    7f:3d:c6:41:47:48:09:b6:f8:a2:06:ca:ed:3c:ff:
                    5f:2b:86:00:d2:01:f2:16:53:2e:03:b6:39:6e:87:
                    a0:55:94:1e:bd:cc:3d:06:d4:0f:5a:90:7e:38:1c:
                    09:8f:86:21:4d:4f:17:6e:34:48:c7:04:c2:74:f1:
                    ec:32:63:cf:86:86:f8:cb:62:40:13:40:08:ba:f0:
                    53:f1:97:fd:20:d1:87:f0:ef:c3:ed:4b:20:ec:51:
                    19:07:24:65:91:89:5a:d1:bb:29:a7:90:59:51:8d:
                    3a:84:69:f9:c6:44:22:a1:da:94:a0:b6:f5:79:4c:
                    0d:7b:4d:2c:f9:52:4c:12:43:eb:2c:6b:c9:86:99:
                    bf:49:8c:7a:ce:9c:24:45:5f:20:f6:fa:c8:c5:6a:
                    69:b7:9b:9d:90:c0:fb:ed:7e:58:12:04:ec:bc:12:
                    37:30:e9:99:e6:c7:2a:41:71:04:7f:78:9c:43:eb:
                    c5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F1:93:47:1D:6B:92:EC:0D:A9:71:F1:FE:E4:95:92:80:AD:A6:3C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qPGTRx1rkuwNqXHx_uSVkoCtpjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.76.0/24
                  109.176.10.0/24
                  217.144.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:70:dc:e9:06:7c:07:06:5e:9f:58:4e:85:9f:2d:42:fb:7c:
         a0:ed:98:70:0b:11:57:fb:d2:83:0b:14:3c:01:1a:df:79:a8:
         49:52:f2:7a:94:4c:34:c2:95:a3:15:b2:5a:b9:25:3d:a6:b9:
         fa:93:73:24:5e:1f:b4:b5:3d:fb:48:a4:d6:93:79:f0:ca:c4:
         17:14:ef:da:d7:d3:67:e8:7f:e6:e8:ef:70:19:05:db:ae:60:
         89:12:e2:43:23:e4:e9:1e:b6:e5:5e:d9:92:c4:b9:a9:6f:b4:
         f6:9e:4f:a7:bb:f6:a5:bb:d7:d8:61:99:f7:88:d5:0d:30:74:
         89:31:2b:14:5b:a2:4d:92:ed:21:c1:6e:34:ba:95:92:9b:7e:
         53:06:2e:13:bc:39:d1:16:1b:73:e3:41:a8:9e:ab:ca:bc:e4:
         7b:14:d9:0f:be:e5:3f:16:c8:89:4c:6d:0b:76:ed:53:b8:cd:
         51:6f:fd:69:39:08:5f:01:ba:1d:51:cc:03:2e:58:bd:6c:00:
         19:ee:6f:4f:58:f0:f8:74:fa:e5:db:6f:12:f6:29:f7:e8:45:
         be:21:44:de:ec:6a:4b:0a:81:b2:37:9e:61:7a:bb:98:b3:00:
         21:e7:69:5c:2f:9e:92:9d:3d:b5:aa:c3:4a:5f:aa:b3:80:11:
         49:df:2b:45
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5z0oFdnbzhYjzMDvDtI5U9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI5MTMwMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGYxOTM0NzFkNmI5MmVjMGRhOTcxZjFmZWU0OTU5MjgwYWRhNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7dSDWGcbPPv0ZBCes1XGZryHvIA
Q/YiUVBivkgZMZllL4zV1NnWAm6i02qe2+gtmmt1K8aH/kG7wLiKaigTX5047J/c
87NMoNp/PcZBR0gJtviiBsrtPP9fK4YA0gHyFlMuA7Y5boegVZQevcw9BtQPWpB+
OBwJj4YhTU8XbjRIxwTCdPHsMmPPhob4y2JAE0AIuvBT8Zf9INGH8O/D7Usg7FEZ
ByRlkYla0bspp5BZUY06hGn5xkQiodqUoLb1eUwNe00s+VJMEkPrLGvJhpm/SYx6
zpwkRV8g9vrIxWppt5udkMD77X5YEgTsvBI3MOmZ5scqQXEEf3icQ+vF9QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKjxk0cda5LsDalx8f7klZKAraY8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcVBHVFJ4MXJrdXdOcVhIeF91U1Zrb0N0cGp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT2NMAwQA
bbAKAwQA2ZCeMA0GCSqGSIb3DQEBCwUAA4IBAQCTcNzpBnwHBl6fWE6Fny1C+3yg
7ZhwCxFX+9KDCxQ8ARrfeahJUvJ6lEw0wpWjFbJauSU9prn6k3MkXh+0tT37SKTW
k3nwysQXFO/a19Nn6H/m6O9wGQXbrmCJEuJDI+TpHrblXtmSxLmpb7T2nk+nu/al
u9fYYZn3iNUNMHSJMSsUW6JNku0hwW40upWSm35TBi4TvDnRFhtz40GonqvKvOR7
FNkPvuU/FsiJTG0Ldu1TuM1Rb/1pOQhfAbodUcwDLli9bAAZ7m9PWPD4dPrl228S
9in36EW+IUTe7GpLCoGyN55heruYswAh52lcL56SnT21qsNKX6qzgBFJ3ytF
-----END CERTIFICATE-----