Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/oE8I7DKi5Scx62McnafbDKdkeVA.roa
File:                     oE8I7DKi5Scx62McnafbDKdkeVA.roa (raw, json)
Hash identifier:          e/rl0S5tt3ihZhVjgUohrEpN2kpCvSYZ/ikRybFoWpo=
Subject key identifier:   A0:4F:08:EC:32:A2:E5:27:31:EB:63:1C:9D:A7:DB:0C:A7:64:79:50
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       019EB62BE9F26EADFDBC14428C63797C5ED2
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/oE8I7DKi5Scx62McnafbDKdkeVA.roa
Signing time:             Thu 11 Jun 2026 10:13:11 +0000
ROA not before:           Thu 11 Jun 2026 10:13:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147003
IP address blocks:        86.109.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:2b:e9:f2:6e:ad:fd:bc:14:42:8c:63:79:7c:5e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Jun 11 10:13:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a04f08ec32a2e52731eb631c9da7db0ca7647950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:4b:47:37:c6:0b:11:4a:5a:54:b3:b6:54:
                    2b:43:ff:96:85:33:b0:85:07:de:5a:ba:fe:5f:e8:
                    f8:bc:13:b8:4d:64:2b:a0:a7:3e:f8:f9:9d:0a:eb:
                    ba:ae:2d:9b:50:32:ca:ca:b6:2c:b8:c8:b5:9e:39:
                    63:07:d8:d1:ab:be:f0:87:73:4a:25:55:8f:42:e2:
                    0d:fe:eb:0a:b6:23:d1:3a:53:37:c9:d6:76:31:45:
                    3a:67:b9:a3:46:55:7d:ac:1e:7f:4e:2f:7b:9a:2e:
                    f2:fe:7a:e0:03:b4:04:b9:a2:7b:2a:2c:42:a7:7c:
                    13:6e:72:24:10:e1:1e:70:3a:2d:29:01:f0:6f:dc:
                    cb:c1:64:44:49:4b:6f:90:46:d5:b3:8e:e5:e1:99:
                    83:b2:37:b6:aa:ce:88:06:5c:c7:69:cd:d8:41:57:
                    1e:04:7b:6a:11:72:12:72:c1:a8:b8:6a:1d:9a:03:
                    c3:97:d5:23:96:a1:a6:61:1b:a9:ba:14:09:27:04:
                    ef:0f:56:e1:4f:1a:bc:22:7e:5b:30:04:5d:ac:cc:
                    73:e3:dd:75:7d:b8:97:31:1e:4a:8c:18:9f:cb:ef:
                    35:f5:4f:38:39:31:4c:12:6b:b4:c1:68:3b:e7:d5:
                    96:32:4a:eb:6c:0b:04:5f:d8:09:12:2f:f2:74:70:
                    07:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4F:08:EC:32:A2:E5:27:31:EB:63:1C:9D:A7:DB:0C:A7:64:79:50
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/oE8I7DKi5Scx62McnafbDKdkeVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:cc:47:2c:be:52:3f:db:f7:6b:6e:41:9c:73:a9:d7:b4:ab:
         bf:03:b8:a3:3c:80:98:a5:88:6b:8a:82:8e:10:55:5e:29:3f:
         67:8e:88:cf:55:84:fb:04:6c:74:ab:5b:e4:d0:de:ae:02:5f:
         78:45:f8:31:54:aa:df:8d:45:2c:23:34:e4:7c:ae:52:b9:4f:
         39:c1:bc:e5:36:ea:ab:d9:79:b1:ca:e9:9b:60:55:54:63:b3:
         7b:f6:e9:78:75:80:91:10:a3:ed:f7:0f:e5:cf:26:d6:09:52:
         e9:2e:3b:3a:02:e7:03:2f:63:d9:27:ff:1a:3b:7d:ff:f3:07:
         73:4e:a3:cd:d1:2c:10:fa:f2:05:0f:13:c9:15:c2:a4:21:7b:
         fe:a3:a1:68:38:33:41:73:1d:7c:42:6d:42:56:d0:65:d4:6d:
         5b:3f:7f:c1:4c:a9:f9:c7:1d:e5:cd:0d:31:03:80:0a:93:c8:
         d3:de:01:1a:10:ce:43:6a:03:48:53:7e:ef:f3:44:83:c7:56:
         5e:5a:cb:63:2e:4a:85:96:10:dc:61:e0:82:29:d7:0c:27:3a:
         76:3c:93:be:b2:86:7c:ea:b1:16:18:ab:34:f5:22:a3:42:bc:
         cb:89:3e:5e:ce:7c:6f:6a:8b:a5:28:c7:5b:6d:51:da:d3:8b:
         af:16:75:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ62K+nybq39vBRCjGN5fF7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjYwNjExMTAxMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRmMDhlYzMyYTJlNTI3MzFlYjYzMWM5ZGE3ZGIwY2E3NjQ3OTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYlLRzfGCxFKWlSztlQrQ/+WhTOw
hQfeWrr+X+j4vBO4TWQroKc++PmdCuu6ri2bUDLKyrYsuMi1njljB9jRq77wh3NK
JVWPQuIN/usKtiPROlM3ydZ2MUU6Z7mjRlV9rB5/Ti97mi7y/nrgA7QEuaJ7KixC
p3wTbnIkEOEecDotKQHwb9zLwWRESUtvkEbVs47l4ZmDsje2qs6IBlzHac3YQVce
BHtqEXIScsGouGodmgPDl9UjlqGmYRupuhQJJwTvD1bhTxq8In5bMARdrMxz4911
fbiXMR5KjBify+819U84OTFMEmu0wWg759WWMkrrbAsEX9gJEi/ydHAHIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBPCOwyouUnMetjHJ2n2wynZHlQMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvb0U4STdES2k1U2N4NjJNY25hZmJES2RrZVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVm1OMA0G
CSqGSIb3DQEBCwUAA4IBAQCpzEcsvlI/2/drbkGcc6nXtKu/A7ijPICYpYhrioKO
EFVeKT9njojPVYT7BGx0q1vk0N6uAl94RfgxVKrfjUUsIzTkfK5SuU85wbzlNuqr
2XmxyumbYFVUY7N79ul4dYCREKPt9w/lzybWCVLpLjs6AucDL2PZJ/8aO33/8wdz
TqPN0SwQ+vIFDxPJFcKkIXv+o6FoODNBcx18Qm1CVtBl1G1bP3/BTKn5xx3lzQ0x
A4AKk8jT3gEaEM5DagNIU37v80SDx1ZeWstjLkqFlhDcYeCCKdcMJzp2PJO+soZ8
6rEWGKs09SKjQrzLiT5eznxvaoulKMdbbVHa04uvFnXt
-----END CERTIFICATE-----