Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HcOW35p0MVkV2bnkxicPJUqXsA.roa
File:                     5HcOW35p0MVkV2bnkxicPJUqXsA.roa (raw, json)
Hash identifier:          E3Q/UzcZFUC/mSulh/eedIZE2qGsVFpNj1ISKg22s2s=
Subject key identifier:   E4:77:0E:5B:7E:69:D0:C5:64:57:66:E7:93:18:9C:3C:95:2A:5E:C0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DCE29522F9340EAA371DFDFDC753BB4CC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HcOW35p0MVkV2bnkxicPJUqXsA.roa
Signing time:             Mon 27 Apr 2026 08:58:27 +0000
ROA not before:           Mon 27 Apr 2026 08:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        89.213.3.0/24 maxlen: 24
                          185.49.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:29:52:2f:93:40:ea:a3:71:df:df:dc:75:3b:b4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 27 08:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4770e5b7e69d0c5645766e793189c3c952a5ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:66:66:6c:36:60:74:56:45:11:cd:ee:cf:a1:
                    08:f8:95:1e:12:ea:5a:48:16:ec:5f:cc:2b:8b:3f:
                    2c:24:7c:fe:3b:56:c9:9e:70:98:b1:41:98:82:a0:
                    2f:f0:c7:ff:6d:e9:11:f4:45:86:02:9e:5c:72:59:
                    f9:59:ca:38:2c:31:fa:84:5a:a3:f2:c4:61:12:1f:
                    d0:1c:db:9e:d3:e3:bf:af:3e:75:25:c7:e7:1e:aa:
                    4a:a1:bb:3c:e5:62:4c:b2:8f:e3:e7:57:0c:60:a8:
                    f4:f3:b9:4e:c3:62:3b:ee:4e:0e:90:cd:01:e8:44:
                    b1:26:c3:35:53:28:48:b6:a4:14:25:7d:93:66:27:
                    58:b2:f4:ab:e3:de:36:c8:ac:cb:65:81:da:54:73:
                    e3:a4:fc:ba:cd:e0:2c:6a:48:20:31:65:2a:54:d6:
                    a9:8f:af:29:3d:fc:06:b2:6d:21:fb:56:b9:9a:ed:
                    75:66:52:7b:4f:b1:0b:43:d7:5a:5d:4d:c4:d9:95:
                    54:26:f6:4a:a1:42:eb:95:81:e2:12:61:0e:e6:d3:
                    9f:d2:d1:e4:5f:37:ed:9f:07:d1:93:c0:45:42:1e:
                    24:e7:61:33:2d:64:ef:57:42:39:75:31:cc:1d:25:
                    f8:8b:3b:59:6d:1e:3e:0f:ab:01:16:1a:7c:0e:23:
                    50:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:77:0E:5B:7E:69:D0:C5:64:57:66:E7:93:18:9C:3C:95:2A:5E:C0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HcOW35p0MVkV2bnkxicPJUqXsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.3.0/24
                  185.49.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:93:fd:c1:15:c8:78:92:a6:63:1f:5b:8a:07:df:ed:ca:68:
         1b:30:04:e1:26:5e:8f:3a:8a:7c:86:0f:b1:c1:b4:26:f5:e3:
         7c:e6:1a:85:d6:3b:f1:56:87:a3:9a:5f:6c:d6:a3:25:49:f3:
         b9:d5:e4:bf:12:c9:d1:82:94:78:7f:87:44:aa:3b:7e:22:8a:
         02:2c:11:8c:db:d6:0c:0e:fe:a5:5f:98:5a:cf:b6:8d:d4:4b:
         12:d4:12:7f:36:e3:e7:44:44:16:3e:fe:c1:9b:6d:61:6a:a5:
         73:be:dd:26:0a:23:7b:33:a6:d1:84:b7:22:1d:e4:f9:1c:90:
         ce:4c:fe:c2:f4:b3:71:27:cd:a9:10:3e:b4:b6:d0:07:52:d1:
         05:50:66:0f:05:a7:19:4c:ea:cc:03:76:07:5a:10:69:2f:01:
         6d:94:b8:83:e4:0a:20:96:d5:64:16:ee:4f:45:aa:98:5d:26:
         25:b4:cc:ea:2d:16:d1:b3:3d:60:4e:f8:a1:d2:7d:37:de:ca:
         24:9b:bc:5e:f3:c7:68:33:94:42:25:0f:50:a3:98:5b:aa:6e:
         0b:28:94:b4:13:c0:c3:69:d0:6d:74:92:a2:32:01:96:ed:16:
         f6:1c:22:45:c5:2f:d4:d5:d6:df:4c:31:e8:01:d9:83:c4:ba:
         cd:4c:e2:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3OKVIvk0Dqo3Hf39x1O7TMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDI3MDg1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDc3MGU1YjdlNjlkMGM1NjQ1NzY2ZTc5MzE4OWMzYzk1MmE1ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWZmbDZgdFZFEc3uz6EI+JUeEupa
SBbsX8wriz8sJHz+O1bJnnCYsUGYgqAv8Mf/bekR9EWGAp5ccln5Wco4LDH6hFqj
8sRhEh/QHNue0+O/rz51JcfnHqpKobs85WJMso/j51cMYKj087lOw2I77k4OkM0B
6ESxJsM1UyhItqQUJX2TZidYsvSr4942yKzLZYHaVHPjpPy6zeAsakggMWUqVNap
j68pPfwGsm0h+1a5mu11ZlJ7T7ELQ9daXU3E2ZVUJvZKoULrlYHiEmEO5tOf0tHk
XzftnwfRk8BFQh4k52EzLWTvV0I5dTHMHSX4iztZbR4+D6sBFhp8DiNQRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOR3Dlt+adDFZFdm55MYnDyVKl7AMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNUhjT1czNXAwTVZrVjJibmt4aWNQSlVxWHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdUDAwQA
uTF/MA0GCSqGSIb3DQEBCwUAA4IBAQAxk/3BFch4kqZjH1uKB9/tymgbMAThJl6P
Oop8hg+xwbQm9eN85hqF1jvxVoejml9s1qMlSfO51eS/EsnRgpR4f4dEqjt+IooC
LBGM29YMDv6lX5haz7aN1EsS1BJ/NuPnREQWPv7Bm21haqVzvt0mCiN7M6bRhLci
HeT5HJDOTP7C9LNxJ82pED60ttAHUtEFUGYPBacZTOrMA3YHWhBpLwFtlLiD5Aog
ltVkFu5PRaqYXSYltMzqLRbRsz1gTvih0n033sokm7xe88doM5RCJQ9Qo5hbqm4L
KJS0E8DDadBtdJKiMgGW7Rb2HCJFxS/U1dbfTDHoAdmDxLrNTOK0
-----END CERTIFICATE-----