Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/w-cXQbem9hSscUKkaSQQxWWVFdk.roa
File:                     w-cXQbem9hSscUKkaSQQxWWVFdk.roa (raw, json)
Hash identifier:          6tWwR63P4xhVwXD+eI6rECRQ9+CPTjQnRjXxSbmCCJY=
Subject key identifier:   C3:E7:17:41:B7:A6:F6:14:AC:71:42:A4:69:24:10:C5:65:95:15:D9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E87348C780A99914234F2B2B6D3E0C8F0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/w-cXQbem9hSscUKkaSQQxWWVFdk.roa
Signing time:             Tue 02 Jun 2026 07:20:28 +0000
ROA not before:           Tue 02 Jun 2026 07:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152324
IP address blocks:        82.153.47.0/24 maxlen: 24
                          82.153.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:34:8c:78:0a:99:91:42:34:f2:b2:b6:d3:e0:c8:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  2 07:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3e71741b7a6f614ac7142a4692410c5659515d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:46:aa:d0:41:31:75:e2:22:ac:4f:06:b9:86:
                    8d:a5:97:9d:1d:9e:14:77:d7:a8:bd:f9:4d:87:a4:
                    13:fe:00:f7:b2:6d:21:00:9a:a7:42:e6:4e:ef:f4:
                    10:4a:87:aa:79:3b:9c:41:e2:ec:af:5b:f0:a2:7e:
                    d3:11:03:4f:f1:fb:bb:b7:be:31:f5:7f:52:a6:b8:
                    62:e0:20:09:5a:c0:94:ba:67:39:3c:0b:8d:84:d8:
                    13:4f:50:18:c8:db:d6:bb:61:c5:69:fc:9a:81:e0:
                    d5:1f:98:34:0a:72:35:9c:0d:a1:b2:85:be:13:5c:
                    da:f2:13:30:70:c9:43:f8:49:29:48:bf:23:e0:fe:
                    d8:ab:cb:b4:72:b1:39:32:48:f8:84:f5:1c:4c:41:
                    ba:c1:65:f6:a9:b8:38:5d:d6:ef:89:94:a4:33:7c:
                    8e:36:13:7b:18:37:4f:8f:83:0d:32:fb:5b:50:c1:
                    76:11:ea:8d:64:32:e0:e2:46:d5:2e:cf:ac:37:e3:
                    44:cf:23:27:71:b7:27:2a:94:14:96:28:46:81:95:
                    3f:8b:cf:4b:ce:20:f5:20:e9:e2:f5:d2:1b:3c:4c:
                    15:2b:66:1a:15:62:f1:2a:ed:f3:ba:dc:0e:02:a5:
                    e2:de:2a:84:06:ed:ed:09:a5:31:f2:db:0d:81:0c:
                    3f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E7:17:41:B7:A6:F6:14:AC:71:42:A4:69:24:10:C5:65:95:15:D9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/w-cXQbem9hSscUKkaSQQxWWVFdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.47.0-82.153.48.255

    Signature Algorithm: sha256WithRSAEncryption
         91:29:93:63:bc:4d:99:40:dc:5f:e3:93:ba:cf:73:7c:09:74:
         e5:cc:b0:c9:fb:1a:be:4a:6c:32:ce:3a:c9:4f:fa:ac:45:7b:
         e6:b0:9d:05:a5:37:80:6d:85:dc:b2:17:d4:8f:c9:5a:88:26:
         95:b7:f9:bd:05:3b:12:82:47:66:f1:e6:fc:5c:c6:f3:c5:d5:
         82:55:af:93:88:59:7b:a2:8b:e3:92:51:e3:30:4e:64:83:a6:
         da:74:26:9a:ef:ad:27:23:29:ec:5b:9e:5f:5c:52:55:cf:88:
         8d:27:02:19:4e:67:55:56:d5:1d:92:16:fd:f6:da:35:79:8d:
         bc:49:0c:41:0a:e7:34:e3:a4:31:6f:86:09:91:f5:98:1d:6a:
         25:57:22:35:e9:52:0c:5f:ff:e3:c5:65:80:d2:5e:d5:c1:1b:
         c4:39:4c:d7:7f:4e:1a:58:06:7a:3b:22:99:8d:00:ee:cd:33:
         71:81:c2:51:38:5e:32:b1:32:ea:55:c4:4e:d8:f2:9a:e0:0c:
         1d:05:d9:1c:7a:7b:2d:29:51:de:61:5c:3d:c0:74:fc:83:aa:
         13:78:05:58:0f:09:5b:d3:4f:f2:71:38:dc:09:ab:2e:7a:df:
         7f:97:eb:b8:ea:39:25:83:79:75:86:6c:dc:ab:4a:b1:07:8e:
         6d:2b:ab:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6HNIx4CpmRQjTysrbT4MjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAyMDcyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2U3MTc0MWI3YTZmNjE0YWM3MTQyYTQ2OTI0MTBjNTY1OTUxNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUaq0EExdeIirE8GuYaNpZedHZ4U
d9eovflNh6QT/gD3sm0hAJqnQuZO7/QQSoeqeTucQeLsr1vwon7TEQNP8fu7t74x
9X9Sprhi4CAJWsCUumc5PAuNhNgTT1AYyNvWu2HFafyageDVH5g0CnI1nA2hsoW+
E1za8hMwcMlD+EkpSL8j4P7Yq8u0crE5Mkj4hPUcTEG6wWX2qbg4XdbviZSkM3yO
NhN7GDdPj4MNMvtbUMF2EeqNZDLg4kbVLs+sN+NEzyMncbcnKpQUlihGgZU/i89L
ziD1IOni9dIbPEwVK2YaFWLxKu3zutwOAqXi3iqEBu3tCaUx8tsNgQw/EQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMPnF0G3pvYUrHFCpGkkEMVllRXZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdy1jWFFiZW05aFNzY1VLa2FTUVF4V1dWRmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSmS8D
BABSmTAwDQYJKoZIhvcNAQELBQADggEBAJEpk2O8TZlA3F/jk7rPc3wJdOXMsMn7
Gr5KbDLOOslP+qxFe+awnQWlN4BthdyyF9SPyVqIJpW3+b0FOxKCR2bx5vxcxvPF
1YJVr5OIWXuii+OSUeMwTmSDptp0JprvrScjKexbnl9cUlXPiI0nAhlOZ1VW1R2S
Fv322jV5jbxJDEEK5zTjpDFvhgmR9ZgdaiVXIjXpUgxf/+PFZYDSXtXBG8Q5TNd/
ThpYBno7IpmNAO7NM3GBwlE4XjKxMupVxE7Y8prgDB0F2Rx6ey0pUd5hXD3AdPyD
qhN4BVgPCVvTT/JxONwJqy5633+X67jqOSWDeXWGbNyrSrEHjm0rq8E=
-----END CERTIFICATE-----