Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3mYRB2pRO_DJ88HrBmAsWHoUXC8.roa
File:                     3mYRB2pRO_DJ88HrBmAsWHoUXC8.roa (raw, json)
Hash identifier:          5/z5YdKLXaJrmnObxGVXbMz/UN3JINPDm4bZtrhOrdA=
Subject key identifier:   DE:66:11:07:6A:51:3B:F0:C9:F3:C1:EB:06:60:2C:58:7A:14:5C:2F
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019DFDAFFEBD005C4FF11510470F4738CD48
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3mYRB2pRO_DJ88HrBmAsWHoUXC8.roa
Signing time:             Wed 06 May 2026 14:27:42 +0000
ROA not before:           Wed 06 May 2026 14:27:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        85.239.156.0/24 maxlen: 24
                          85.239.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:af:fe:bd:00:5c:4f:f1:15:10:47:0f:47:38:cd:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May  6 14:27:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de6611076a513bf0c9f3c1eb06602c587a145c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f5:03:93:6a:c3:f4:6b:e3:96:6c:6d:3b:35:
                    8b:1d:d9:22:ac:92:f0:7c:31:6f:85:2c:76:ed:ce:
                    1b:8a:b7:d7:f9:ae:9f:cc:f2:35:9c:f8:6e:3e:3b:
                    f5:ed:f0:17:ff:23:37:30:09:47:c6:28:c1:17:25:
                    c3:31:96:1e:f9:36:d6:98:18:2c:10:20:52:e2:22:
                    f8:3c:c9:c6:81:e7:5e:6f:f8:8c:61:90:8f:4f:f9:
                    03:df:47:2d:b2:9a:5d:03:5a:06:fc:8b:da:86:b4:
                    05:58:03:9f:33:49:4c:dd:26:fb:a4:7a:6b:42:a4:
                    87:96:f6:88:af:77:80:36:0d:ff:9e:2c:4f:16:26:
                    a6:de:9f:25:e4:c1:f8:dd:28:2e:2c:af:48:85:a1:
                    21:08:37:8c:1f:4e:e5:32:a1:04:25:a3:13:89:3d:
                    11:fa:5b:29:8a:46:b8:bc:11:db:78:b5:1d:0c:9b:
                    84:40:70:c0:b5:51:11:cc:a6:08:4f:86:89:22:5f:
                    94:5b:e6:9a:09:e3:92:9b:4e:ac:90:a3:ba:5a:4f:
                    4d:24:5b:72:c4:43:57:bf:b1:25:cc:37:0f:e2:53:
                    37:6a:5b:82:4a:fd:1b:a4:59:d3:26:c9:e8:d5:89:
                    d3:02:41:6c:da:fa:61:af:9e:e0:82:81:d5:11:b5:
                    b5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:66:11:07:6A:51:3B:F0:C9:F3:C1:EB:06:60:2C:58:7A:14:5C:2F
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3mYRB2pRO_DJ88HrBmAsWHoUXC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.156.0/24
                  85.239.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ee:3b:a1:a0:76:6d:cb:c1:80:b6:d6:85:7b:f4:89:2a:f4:
         c6:a6:b8:30:e5:3b:6f:60:8d:f1:40:a2:d4:e8:6e:ba:64:e6:
         c1:8d:0d:fb:1e:aa:2f:44:e1:ad:c1:7f:ff:06:e7:12:3b:b0:
         d6:73:67:bf:7d:13:70:f4:f6:65:26:23:b8:d9:7e:f0:52:57:
         5d:85:8f:fd:f6:29:84:cf:59:1b:08:7a:a1:e7:7d:a4:23:cb:
         39:ae:60:8a:57:bf:19:40:19:e3:27:17:c2:f0:49:f9:96:29:
         44:2d:fc:fe:0a:5c:83:c6:62:29:a0:e3:62:08:d4:bc:33:75:
         37:c5:c7:ab:ed:f5:ff:25:b3:d2:99:e2:c3:a5:9d:8e:a4:5a:
         71:c5:2c:bf:8f:19:ba:1a:86:c6:e2:21:cf:6b:32:64:96:af:
         33:eb:67:4c:57:a2:18:51:dd:5c:56:ff:97:b0:07:df:97:d8:
         da:09:f9:4a:d2:54:44:ae:70:95:4b:cd:13:78:7f:00:92:df:
         b9:44:7d:f1:14:c9:3e:d9:a7:69:2a:3e:c5:ee:06:11:f1:0d:
         e2:e1:7a:88:f2:f0:46:36:e8:5f:94:15:28:b8:52:aa:56:de:
         76:fa:01:3f:a3:c9:42:0a:82:c2:ef:10:88:41:45:c5:2e:f8:
         1d:96:65:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ39r/69AFxP8RUQRw9HOM1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNTA2MTQyNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTY2MTEwNzZhNTEzYmYwYzlmM2MxZWIwNjYwMmM1ODdhMTQ1YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PUDk2rD9GvjlmxtOzWLHdkirJLw
fDFvhSx27c4birfX+a6fzPI1nPhuPjv17fAX/yM3MAlHxijBFyXDMZYe+TbWmBgs
ECBS4iL4PMnGgedeb/iMYZCPT/kD30ctsppdA1oG/IvahrQFWAOfM0lM3Sb7pHpr
QqSHlvaIr3eANg3/nixPFiam3p8l5MH43SguLK9IhaEhCDeMH07lMqEEJaMTiT0R
+lspika4vBHbeLUdDJuEQHDAtVERzKYIT4aJIl+UW+aaCeOSm06skKO6Wk9NJFty
xENXv7ElzDcP4lM3aluCSv0bpFnTJsno1YnTAkFs2vphr57ggoHVEbW1VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN5mEQdqUTvwyfPB6wZgLFh6FFwvMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvM21ZUkIycFJPX0RKODhIckJtQXNXSG9VWEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVe+cAwQA
Ve+eMA0GCSqGSIb3DQEBCwUAA4IBAQBM7juhoHZty8GAttaFe/SJKvTGprgw5Ttv
YI3xQKLU6G66ZObBjQ37HqovROGtwX//BucSO7DWc2e/fRNw9PZlJiO42X7wUldd
hY/99imEz1kbCHqh532kI8s5rmCKV78ZQBnjJxfC8En5lilELfz+ClyDxmIpoONi
CNS8M3U3xcer7fX/JbPSmeLDpZ2OpFpxxSy/jxm6GobG4iHPazJklq8z62dMV6IY
Ud1cVv+XsAffl9jaCflK0lRErnCVS80TeH8Akt+5RH3xFMk+2adpKj7F7gYR8Q3i
4XqI8vBGNuhflBUouFKqVt52+gE/o8lCCoLC7xCIQUXFLvgdlmVu
-----END CERTIFICATE-----