Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2AjrNRrOOwd6_kO3laNXTSQvDLk.roa
File:                     2AjrNRrOOwd6_kO3laNXTSQvDLk.roa (raw, json)
Hash identifier:          PWpb5MXNUhqrRgcnL38r1OhzPlGlDrUupvC4R65nOVU=
Subject key identifier:   D8:08:EB:35:1A:CE:3B:07:7A:FE:43:B7:95:A3:57:4D:24:2F:0C:B9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DE2BF7126074564F821F7A2E6AAD74702
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2AjrNRrOOwd6_kO3laNXTSQvDLk.roa
Signing time:             Fri 01 May 2026 08:54:50 +0000
ROA not before:           Fri 01 May 2026 08:54:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153786
IP address blocks:        213.130.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:bf:71:26:07:45:64:f8:21:f7:a2:e6:aa:d7:47:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  1 08:54:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d808eb351ace3b077afe43b795a3574d242f0cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:19:90:2c:e7:a2:61:4b:c9:09:c3:91:76:
                    32:58:92:52:34:f9:fe:74:6e:42:cc:c5:dc:43:b9:
                    b0:89:e1:92:68:a6:99:7b:24:e5:a8:59:93:86:e1:
                    85:71:ff:20:29:aa:56:0f:9c:ff:bb:d0:af:22:0f:
                    cc:1e:b2:0b:05:d3:15:b0:7f:8d:e1:4f:0f:ea:ab:
                    e2:66:b3:7c:ac:5c:18:db:cc:09:75:aa:07:e8:53:
                    f0:23:fe:9b:ab:bb:78:e4:c8:47:85:e1:5b:2f:75:
                    cd:0d:76:d4:04:3f:c2:a5:52:05:7f:07:2c:a5:85:
                    6b:24:2d:b4:27:75:59:20:7f:b7:bf:7a:66:1f:69:
                    51:a8:7e:8c:3c:c4:20:f8:cc:32:db:0f:c3:fd:72:
                    56:66:7d:7b:c3:e2:f8:5d:b5:f5:bb:1d:21:ec:c5:
                    4a:b4:13:f1:df:15:70:5c:80:b8:94:2b:96:06:ec:
                    a7:69:76:11:8b:1b:63:0c:ec:65:7b:e7:b3:56:d3:
                    e7:12:e4:f7:ce:bb:15:b0:c2:6e:57:e0:11:12:03:
                    8f:54:3c:8c:92:9f:0f:dc:f4:21:0d:80:8e:7d:a5:
                    e9:bf:be:bd:9c:b0:db:91:21:4e:47:3e:f5:06:06:
                    81:db:6b:52:93:0c:7d:cc:58:fd:6c:e5:c6:17:db:
                    e7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:08:EB:35:1A:CE:3B:07:7A:FE:43:B7:95:A3:57:4D:24:2F:0C:B9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2AjrNRrOOwd6_kO3laNXTSQvDLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:dc:a4:6c:33:06:46:b1:7e:a8:ac:09:fc:e3:d2:9d:ab:28:
         18:93:32:d8:cb:0a:b7:3a:d7:db:6f:1b:96:bd:5f:40:fd:72:
         62:d1:df:5d:4a:42:f5:dd:89:10:12:d5:63:ac:54:08:f6:02:
         46:0f:a7:ba:17:e6:f6:6f:e5:0d:38:bf:15:0d:33:3c:1b:bd:
         b7:4a:df:1e:0a:87:57:54:a5:67:67:26:25:e3:47:fe:79:92:
         90:8c:63:40:ff:55:2e:77:fd:81:91:f2:7e:6d:bf:62:38:f4:
         ef:70:b8:88:46:b4:eb:69:f3:bf:d8:a5:c5:49:f5:dd:5d:07:
         e1:0b:9a:7c:99:ca:ff:5a:18:6e:5c:11:f7:52:22:82:a5:8b:
         b6:d3:b0:9d:41:1d:fb:f7:65:56:2e:c3:30:6f:45:ae:85:ab:
         5a:61:57:55:27:b0:09:45:4a:86:ce:48:8a:3b:a1:a7:7e:68:
         7c:2a:c2:10:10:e6:f4:6b:af:bc:2e:83:e4:85:94:2e:bf:24:
         9f:38:ed:b4:cc:15:52:e9:cc:6f:43:0e:92:54:be:5c:82:4d:
         c6:61:04:f8:73:dc:23:7e:f3:fd:b1:be:f2:5b:55:e9:63:6b:
         3a:85:23:20:9b:45:cc:a7:08:c7:1a:81:93:d9:ff:c2:1e:3f:
         99:4d:f8:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3iv3EmB0Vk+CH3ouaq10cCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTAxMDg1NDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA4ZWIzNTFhY2UzYjA3N2FmZTQzYjc5NWEzNTc0ZDI0MmYwY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWsZkCznomFLyQnDkXYyWJJSNPn+
dG5CzMXcQ7mwieGSaKaZeyTlqFmThuGFcf8gKapWD5z/u9CvIg/MHrILBdMVsH+N
4U8P6qviZrN8rFwY28wJdaoH6FPwI/6bq7t45MhHheFbL3XNDXbUBD/CpVIFfwcs
pYVrJC20J3VZIH+3v3pmH2lRqH6MPMQg+Mwy2w/D/XJWZn17w+L4XbX1ux0h7MVK
tBPx3xVwXIC4lCuWBuynaXYRixtjDOxle+ezVtPnEuT3zrsVsMJuV+AREgOPVDyM
kp8P3PQhDYCOfaXpv769nLDbkSFORz71BgaB22tSkwx9zFj9bOXGF9vnNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgI6zUazjsHev5Dt5WjV00kLwy5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMkFqck5Sck9Pd2Q2X2tPM2xhTlhUU1F2RExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKMMA0G
CSqGSIb3DQEBCwUAA4IBAQBK3KRsMwZGsX6orAn849KdqygYkzLYywq3OtfbbxuW
vV9A/XJi0d9dSkL13YkQEtVjrFQI9gJGD6e6F+b2b+UNOL8VDTM8G723St8eCodX
VKVnZyYl40f+eZKQjGNA/1Uud/2BkfJ+bb9iOPTvcLiIRrTrafO/2KXFSfXdXQfh
C5p8mcr/WhhuXBH3UiKCpYu207CdQR3792VWLsMwb0WuhataYVdVJ7AJRUqGzkiK
O6Gnfmh8KsIQEOb0a6+8LoPkhZQuvySfOO20zBVS6cxvQw6SVL5cgk3GYQT4c9wj
fvP9sb7yW1XpY2s6hSMgm0XMpwjHGoGT2f/CHj+ZTfgC
-----END CERTIFICATE-----