Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjgKMQ56J9eu35VnEFpakaHXtL4.roa
File:                     xjgKMQ56J9eu35VnEFpakaHXtL4.roa (raw, json)
Hash identifier:          rBxaaLo9ulQ7IEUk24FJvDxsLuK1Ccwr9Ydl5b6H9aY=
Subject key identifier:   C6:38:0A:31:0E:7A:27:D7:AE:DF:95:67:10:5A:5A:91:A1:D7:B4:BE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EAB48003DF9D9526601D868910289495A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjgKMQ56J9eu35VnEFpakaHXtL4.roa
Signing time:             Tue 09 Jun 2026 07:28:02 +0000
ROA not before:           Tue 09 Jun 2026 07:28:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211484
IP address blocks:        82.152.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:48:00:3d:f9:d9:52:66:01:d8:68:91:02:89:49:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  9 07:28:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6380a310e7a27d7aedf9567105a5a91a1d7b4be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6f:fa:43:99:9e:2b:c5:88:70:51:51:4b:57:
                    d0:c7:fe:99:a2:dd:36:3c:0a:c4:d4:79:0d:e9:ca:
                    68:0a:ec:d8:93:bb:29:40:30:59:11:bc:58:47:6a:
                    1f:04:26:de:10:16:cf:f8:83:7b:b0:54:ea:3c:c2:
                    70:f0:0d:1a:98:cd:d2:ed:06:25:50:2f:9c:cc:80:
                    99:b2:1c:5c:4f:ac:dd:2f:10:c9:00:a4:fd:a5:42:
                    74:69:9d:bf:3c:e6:2f:62:ba:03:8e:88:e0:aa:a0:
                    11:e0:c9:66:8e:15:bd:92:e4:6d:7a:7f:87:11:c3:
                    aa:e5:5e:57:0d:ce:25:98:db:42:28:43:bb:de:f2:
                    e7:6c:bb:e7:a2:7d:c3:5f:1f:a1:66:33:b4:31:a2:
                    db:16:e5:88:66:5b:05:42:7d:f5:bc:4e:0c:5f:89:
                    cd:17:79:64:b5:73:3d:61:a9:63:59:5f:61:58:bc:
                    cb:88:05:a0:48:58:51:b0:b5:51:78:41:72:f0:e3:
                    11:2e:4b:a1:3e:79:13:6d:f0:98:b8:4a:c8:fb:60:
                    95:ba:7e:ac:80:80:7e:83:1c:53:93:a1:db:10:ba:
                    69:e1:6b:df:2b:35:87:b8:90:4d:06:61:36:41:a2:
                    30:03:bc:33:1c:64:9f:8e:1e:03:55:60:da:c8:dd:
                    ae:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:38:0A:31:0E:7A:27:D7:AE:DF:95:67:10:5A:5A:91:A1:D7:B4:BE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjgKMQ56J9eu35VnEFpakaHXtL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:24:e6:34:20:58:83:a4:cc:2e:69:2f:c9:04:40:c0:76:07:
         15:d5:3d:0c:e1:c7:e8:2d:77:27:d9:25:3c:5e:09:f3:b1:89:
         4b:ba:c1:f3:a3:81:93:de:ea:5b:04:28:9c:38:ad:56:ff:be:
         24:46:78:59:a3:4b:cc:e7:16:d7:19:a3:10:b1:a1:09:77:92:
         c6:e2:76:59:a1:72:d8:1f:95:21:83:9b:5d:14:d1:b7:9f:25:
         3a:b9:f1:b4:6c:b2:81:b5:73:28:40:d0:dd:75:62:06:a1:7a:
         f3:cb:ff:e2:aa:50:5b:59:f8:96:15:d8:aa:26:ef:12:69:7d:
         21:c2:d7:ee:a7:11:e4:49:7d:ae:19:44:86:8f:b9:de:e3:e2:
         f8:98:b3:91:7a:ec:0b:f1:c2:9b:a4:7c:11:0f:43:71:b0:01:
         81:d9:7f:1c:3f:9b:d1:36:9f:5f:f5:f3:06:f9:7c:70:ea:7f:
         41:77:34:eb:cc:61:ed:97:96:16:ea:9a:50:1a:f5:7c:20:34:
         53:54:b9:6a:fa:31:5c:ea:63:2c:4f:75:b4:df:43:00:4f:c6:
         f8:dc:51:f7:4c:a9:cc:60:de:bc:13:8f:08:98:eb:0f:d4:db:
         d7:e0:2b:f7:7b:80:bb:13:e0:24:a5:f4:e3:06:80:a9:fa:16:
         1b:b7:c4:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rSAA9+dlSZgHYaJECiUlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA5MDcyODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM4MGEzMTBlN2EyN2Q3YWVkZjk1NjcxMDVhNWE5MWExZDdiNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2/6Q5meK8WIcFFRS1fQx/6Zot02
PArE1HkN6cpoCuzYk7spQDBZEbxYR2ofBCbeEBbP+IN7sFTqPMJw8A0amM3S7QYl
UC+czICZshxcT6zdLxDJAKT9pUJ0aZ2/POYvYroDjojgqqAR4MlmjhW9kuRten+H
EcOq5V5XDc4lmNtCKEO73vLnbLvnon3DXx+hZjO0MaLbFuWIZlsFQn31vE4MX4nN
F3lktXM9YaljWV9hWLzLiAWgSFhRsLVReEFy8OMRLkuhPnkTbfCYuErI+2CVun6s
gIB+gxxTk6HbELpp4WvfKzWHuJBNBmE2QaIwA7wzHGSfjh4DVWDayN2utwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY4CjEOeifXrt+VZxBaWpGh17S+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveGpnS01RNTZKOWV1MzVWbkVGcGFrYUhYdEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUphEMA0G
CSqGSIb3DQEBCwUAA4IBAQCUJOY0IFiDpMwuaS/JBEDAdgcV1T0M4cfoLXcn2SU8
XgnzsYlLusHzo4GT3upbBCicOK1W/74kRnhZo0vM5xbXGaMQsaEJd5LG4nZZoXLY
H5Uhg5tdFNG3nyU6ufG0bLKBtXMoQNDddWIGoXrzy//iqlBbWfiWFdiqJu8SaX0h
wtfupxHkSX2uGUSGj7ne4+L4mLOReuwL8cKbpHwRD0NxsAGB2X8cP5vRNp9f9fMG
+Xxw6n9BdzTrzGHtl5YW6ppQGvV8IDRTVLlq+jFc6mMsT3W030MAT8b43FH3TKnM
YN68E48ImOsP1NvX4Cv3e4C7E+AkpfTjBoCp+hYbt8RE
-----END CERTIFICATE-----