Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3vZIFgD88S-GCNxDnP1LiF3y1Mc.roa
File:                     3vZIFgD88S-GCNxDnP1LiF3y1Mc.roa (raw, json)
Hash identifier:          IojT01yCuekhR3J8NVJlRfRwjrsV8AmZFTiDSTjzBYk=
Subject key identifier:   DE:F6:48:16:00:FC:F1:2F:86:08:DC:43:9C:FD:4B:88:5D:F2:D4:C7
Certificate issuer:       /CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
Certificate serial:       019D3EE5597106CEC6E24223CE1FF0433504
Authority key identifier: 09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3vZIFgD88S-GCNxDnP1LiF3y1Mc.roa
Signing time:             Mon 30 Mar 2026 13:18:31 +0000
ROA not before:           Mon 30 Mar 2026 13:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44486
IP address blocks:        185.238.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:e5:59:71:06:ce:c6:e2:42:23:ce:1f:f0:43:35:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
        Validity
            Not Before: Mar 30 13:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=def6481600fcf12f8608dc439cfd4b885df2d4c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2a:61:d6:47:d2:79:af:bd:10:8c:ac:4c:aa:
                    73:a9:e5:35:4c:c1:91:76:ab:ee:2e:c3:69:91:1a:
                    fc:7d:c8:d8:b5:41:02:35:64:f1:a8:78:3e:62:77:
                    b3:ee:86:7e:30:fc:de:8e:84:39:71:01:7d:7a:00:
                    64:42:0c:36:39:61:6e:df:a5:9e:c7:85:f7:25:ea:
                    79:5a:4b:d5:0f:57:b8:a2:dc:1b:cd:b8:36:09:f5:
                    de:ba:46:cc:6e:b2:3e:01:19:e6:e6:33:6a:26:d6:
                    79:4d:e7:f4:b9:28:b0:e6:f0:b7:e0:86:5e:b9:03:
                    7d:ff:96:f3:aa:61:3a:6b:73:72:b4:79:d6:ac:fb:
                    01:78:dd:8f:3b:d6:6c:08:6f:6b:ce:fe:49:bf:d0:
                    b0:9d:e4:69:67:f2:52:5c:c0:fa:c0:6c:92:b7:1f:
                    41:c1:b7:e7:1b:94:f6:ed:4a:81:b8:ae:b1:c5:ca:
                    83:36:d9:9a:7d:ea:aa:a9:ed:9d:9f:c2:31:25:04:
                    27:88:04:c8:9c:5b:d6:67:80:f6:f3:6d:33:79:5d:
                    2a:b3:3b:fc:93:c2:78:93:f9:06:c9:b5:24:99:40:
                    34:65:af:09:3d:60:84:aa:11:36:26:d5:be:80:d0:
                    92:48:70:4f:93:bd:bd:16:b4:68:48:6b:8c:a3:87:
                    e3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F6:48:16:00:FC:F1:2F:86:08:DC:43:9C:FD:4B:88:5D:F2:D4:C7
            X509v3 Authority Key Identifier:
                keyid:09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3vZIFgD88S-GCNxDnP1LiF3y1Mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ed:a2:b4:cc:65:f8:f5:d1:1f:d8:b0:65:d2:1b:75:b8:de:
         93:1d:bc:11:69:7d:d4:61:9c:78:c5:92:10:59:de:09:4f:bf:
         a5:0b:08:ed:3a:97:2a:fd:00:d1:c8:15:19:a6:a2:9b:26:84:
         0c:c9:53:c7:ab:ee:89:4c:2d:ec:43:69:25:2c:f5:db:91:e9:
         1e:70:14:17:05:21:f5:3e:a9:0a:a1:6a:81:da:00:cf:ba:48:
         6f:4d:f8:f9:7b:25:c3:88:08:a9:c2:5a:3c:02:85:dd:47:d9:
         c3:1d:b5:66:10:d2:f2:b4:c3:3b:a0:c2:9e:7f:a5:e9:1a:76:
         d8:1a:ed:cf:99:79:18:d2:de:e5:1a:60:9f:43:cf:8a:06:77:
         a4:a9:81:ab:fd:3c:33:eb:c0:8c:a7:f6:2b:b1:ea:cb:63:c5:
         a7:e2:93:09:e2:18:b0:e2:f9:63:46:3b:99:22:ac:33:39:6c:
         43:77:ee:10:73:00:a4:d5:3b:68:43:92:22:2d:f7:c4:36:02:
         c0:97:4e:f7:0c:c8:24:39:bb:90:1e:ff:02:30:3e:aa:a0:96:
         cc:e0:ed:39:26:e5:4b:0b:61:e9:f8:f2:f9:11:b3:31:27:b5:
         a7:82:c5:38:6a:1b:96:5b:da:6c:85:74:9f:6e:a7:c1:88:5d:
         5a:64:db:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+5VlxBs7G4kIjzh/wQzUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5N2JiNDhlMjE0YmI0ZDhkYjQyMzAzZTlkOTJhNmM3MDk0
OGNjMWQwHhcNMjYwMzMwMTMxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWY2NDgxNjAwZmNmMTJmODYwOGRjNDM5Y2ZkNGI4ODVkZjJkNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Sph1kfSea+9EIysTKpzqeU1TMGR
dqvuLsNpkRr8fcjYtUECNWTxqHg+Ynez7oZ+MPzejoQ5cQF9egBkQgw2OWFu36We
x4X3Jep5WkvVD1e4otwbzbg2CfXeukbMbrI+ARnm5jNqJtZ5Tef0uSiw5vC34IZe
uQN9/5bzqmE6a3NytHnWrPsBeN2PO9ZsCG9rzv5Jv9CwneRpZ/JSXMD6wGyStx9B
wbfnG5T27UqBuK6xxcqDNtmafeqqqe2dn8IxJQQniATInFvWZ4D2820zeV0qszv8
k8J4k/kGybUkmUA0Za8JPWCEqhE2JtW+gNCSSHBPk729FrRoSGuMo4fjvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN72SBYA/PEvhgjcQ5z9S4hd8tTHMB8GA1UdIwQY
MBaAFAl7tI4hS7TY20IwPp2SpscJSMwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgt
MDU2ZjQ2MzMyN2UxLzEvM3ZaSUZnRDg4Uy1HQ054RG5QMUxpRjN5MU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgtMDU2ZjQ2MzMyN2Ux
LzEvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6mMA0G
CSqGSIb3DQEBCwUAA4IBAQCY7aK0zGX49dEf2LBl0ht1uN6THbwRaX3UYZx4xZIQ
Wd4JT7+lCwjtOpcq/QDRyBUZpqKbJoQMyVPHq+6JTC3sQ2klLPXbkekecBQXBSH1
PqkKoWqB2gDPukhvTfj5eyXDiAipwlo8AoXdR9nDHbVmENLytMM7oMKef6XpGnbY
Gu3PmXkY0t7lGmCfQ8+KBnekqYGr/Twz68CMp/YrserLY8Wn4pMJ4hiw4vljRjuZ
IqwzOWxDd+4QcwCk1TtoQ5IiLffENgLAl073DMgkObuQHv8CMD6qoJbM4O05JuVL
C2Hp+PL5EbMxJ7WngsU4ahuWW9pshXSfbqfBiF1aZNv6
-----END CERTIFICATE-----