Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3Y7-ouXm7S-IzxPIpgwTBzZzX4s.roa
File:                     3Y7-ouXm7S-IzxPIpgwTBzZzX4s.roa (raw, json)
Hash identifier:          VYJxP7gbqMhkdjVryZCWKeU0yOH0Y7xPj4A4LKPmvSU=
Subject key identifier:   DD:8E:FE:A2:E5:E6:ED:2F:88:CF:13:C8:A6:0C:13:07:36:73:5F:8B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DAA423F09AB4FC7F89F475EEC25FE32BF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3Y7-ouXm7S-IzxPIpgwTBzZzX4s.roa
Signing time:             Mon 20 Apr 2026 09:39:21 +0000
ROA not before:           Mon 20 Apr 2026 09:39:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20860
IP address blocks:        81.168.83.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:42:3f:09:ab:4f:c7:f8:9f:47:5e:ec:25:fe:32:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 20 09:39:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd8efea2e5e6ed2f88cf13c8a60c130736735f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1b:8e:02:a7:d4:6c:63:3c:ed:f8:a7:68:25:
                    b3:37:54:a5:95:d5:7f:59:5b:02:35:22:cd:b1:84:
                    b7:a7:c8:16:c1:85:76:b2:7b:83:c9:79:b9:e9:8d:
                    5c:82:fe:14:da:8d:2a:b7:e2:44:56:da:40:84:97:
                    11:d0:48:31:27:b9:4b:51:0c:74:42:42:1d:41:16:
                    f8:c8:a3:16:bd:4e:64:84:70:05:b7:06:4f:39:7d:
                    c2:a5:5a:ca:ce:3b:11:19:a7:63:b9:ba:07:24:f9:
                    39:d5:89:d3:b4:95:dc:56:88:99:f7:94:e8:2b:1d:
                    0f:bc:c4:51:c6:ff:7b:65:03:13:f4:64:f5:e9:a6:
                    80:69:cb:59:b2:b8:6f:98:e9:d5:e7:1f:9f:16:4e:
                    06:79:ec:03:86:75:40:88:b2:00:71:16:32:6b:3a:
                    6f:9d:a1:e2:da:b4:77:de:31:52:0b:7e:84:4d:30:
                    b6:ce:12:5b:16:b4:f5:f6:d2:40:34:8f:09:47:ad:
                    6a:8b:be:cb:af:44:aa:2e:d7:84:34:19:d3:e1:60:
                    61:29:ec:74:77:09:91:80:94:44:28:7f:1a:a1:fd:
                    d0:49:ae:77:f1:9e:c4:4a:fb:98:47:61:95:f7:c9:
                    02:44:dd:03:94:b6:77:c3:b3:73:92:d2:26:66:44:
                    85:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:8E:FE:A2:E5:E6:ED:2F:88:CF:13:C8:A6:0C:13:07:36:73:5F:8B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3Y7-ouXm7S-IzxPIpgwTBzZzX4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  81.168.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:2a:5b:19:41:b3:ed:d2:8e:3b:a9:f0:e6:ac:fe:c2:81:b9:
         5c:c8:87:71:ea:cf:86:a8:5d:38:f6:6a:4c:dd:29:98:3b:ed:
         c0:30:1c:93:88:f1:3b:c3:a4:a9:57:84:2b:70:8b:dc:5e:f2:
         e7:93:32:17:20:5a:72:f0:00:02:ea:a8:4f:c3:c9:04:30:e3:
         d6:a6:35:2a:db:2a:95:a3:13:fa:ab:85:a8:10:d8:9a:f0:7a:
         79:01:dd:d0:36:5d:7b:ec:af:8f:75:cb:42:38:45:ab:6f:bf:
         b3:f2:94:27:03:57:1a:ea:3c:a0:6f:a5:d2:49:0d:2f:7a:59:
         ec:8e:2c:47:39:e9:c5:d8:ec:e0:4a:2e:87:68:86:c6:b5:9a:
         c0:d7:f4:9c:ba:48:f5:9e:65:b7:f1:db:37:1b:83:e8:43:c1:
         e1:c4:17:16:6e:79:f4:24:fd:78:a2:2f:af:44:41:47:42:5a:
         d6:d3:13:ff:9d:15:a4:f7:0d:60:6b:83:78:85:e8:9a:c3:9b:
         4b:78:3a:88:ce:54:de:ab:68:2a:c8:4e:ca:da:9f:7a:77:85:
         9c:99:f6:7b:9e:1f:fe:e9:2d:7c:92:ab:e7:1e:96:1e:71:90:
         42:1e:fa:67:59:e2:36:97:6a:b0:cc:a0:d8:f1:d3:a4:6f:f6:
         65:33:61:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2qQj8Jq0/H+J9HXuwl/jK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDIwMDkzOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDhlZmVhMmU1ZTZlZDJmODhjZjEzYzhhNjBjMTMwNzM2NzM1ZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRuOAqfUbGM87finaCWzN1SlldV/
WVsCNSLNsYS3p8gWwYV2snuDyXm56Y1cgv4U2o0qt+JEVtpAhJcR0EgxJ7lLUQx0
QkIdQRb4yKMWvU5khHAFtwZPOX3CpVrKzjsRGadjuboHJPk51YnTtJXcVoiZ95To
Kx0PvMRRxv97ZQMT9GT16aaAactZsrhvmOnV5x+fFk4GeewDhnVAiLIAcRYyazpv
naHi2rR33jFSC36ETTC2zhJbFrT19tJANI8JR61qi77Lr0SqLteENBnT4WBhKex0
dwmRgJREKH8aof3QSa538Z7ESvuYR2GV98kCRN0DlLZ3w7NzktImZkSFKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN2O/qLl5u0viM8TyKYMEwc2c1+LMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM1k3LW91WG03Uy1JenhQSXBnd1RCelp6WDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUahTAwQA
Uah3MA0GCSqGSIb3DQEBCwUAA4IBAQCJKlsZQbPt0o47qfDmrP7CgblcyIdx6s+G
qF049mpM3SmYO+3AMByTiPE7w6SpV4QrcIvcXvLnkzIXIFpy8AAC6qhPw8kEMOPW
pjUq2yqVoxP6q4WoENia8Hp5Ad3QNl177K+PdctCOEWrb7+z8pQnA1ca6jygb6XS
SQ0velnsjixHOenF2OzgSi6HaIbGtZrA1/Scukj1nmW38ds3G4PoQ8HhxBcWbnn0
JP14oi+vREFHQlrW0xP/nRWk9w1ga4N4heiaw5tLeDqIzlTeq2gqyE7K2p96d4Wc
mfZ7nh/+6S18kqvnHpYecZBCHvpnWeI2l2qwzKDY8dOkb/ZlM2Fs
-----END CERTIFICATE-----