Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6o24-IOqhk1L9bAexpjLH0Dpim4.roa
File:                     6o24-IOqhk1L9bAexpjLH0Dpim4.roa (raw, json)
Hash identifier:          N8OLIqZ3c+VMBJUZbsi4Ccxyrq6SNr+5I74nu2UUiQ4=
Subject key identifier:   EA:8D:B8:F8:83:AA:86:4D:4B:F5:B0:1E:C6:98:CB:1F:40:E9:8A:6E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E0663A5E992BC255876D3F0CD9DC701A4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6o24-IOqhk1L9bAexpjLH0Dpim4.roa
Signing time:             Fri 08 May 2026 07:00:54 +0000
ROA not before:           Fri 08 May 2026 07:00:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31924
IP address blocks:        82.153.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:63:a5:e9:92:bc:25:58:76:d3:f0:cd:9d:c7:01:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 07:00:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea8db8f883aa864d4bf5b01ec698cb1f40e98a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7c:a8:e2:e2:b2:a6:74:d0:a5:f6:9c:ca:1f:
                    cb:35:f0:27:7b:9f:5c:a4:be:af:af:f3:ee:4f:bc:
                    eb:c1:d6:9a:f7:25:56:ad:be:48:c8:5e:c9:0c:af:
                    e6:fe:55:75:6a:3f:71:0f:a5:64:3e:3f:06:5c:73:
                    d6:8d:e2:23:96:cc:55:35:63:96:65:3e:9a:a8:d5:
                    98:c2:4c:90:2b:e0:e7:24:44:55:3e:48:7c:22:5b:
                    1e:80:e5:17:d2:eb:1f:30:f6:73:92:6c:98:73:2c:
                    eb:c4:d2:05:29:59:b2:b2:ea:b3:72:45:5b:87:88:
                    6c:e5:8d:8e:23:cc:94:9b:f0:b0:fa:fb:69:ae:fe:
                    df:51:47:28:fc:d6:dc:de:57:f1:23:d0:55:c3:bd:
                    01:1f:a8:05:4f:25:d1:b9:64:1e:0d:ec:e9:db:5c:
                    dc:a7:10:ba:99:0e:aa:e0:0b:84:db:83:d9:1b:71:
                    cf:d2:4c:6d:f2:71:51:f0:d6:ab:1e:1a:af:1f:cf:
                    4d:a0:65:5a:c6:bd:1e:89:78:80:91:6b:64:e0:64:
                    7b:fb:42:fd:22:7c:d2:55:05:ef:38:03:f8:8b:c0:
                    bf:3d:46:1b:96:c0:a1:d7:94:65:a1:49:51:a1:8b:
                    b4:ca:51:5c:63:06:d2:7f:1e:92:58:4c:2d:b9:d5:
                    e9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:8D:B8:F8:83:AA:86:4D:4B:F5:B0:1E:C6:98:CB:1F:40:E9:8A:6E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6o24-IOqhk1L9bAexpjLH0Dpim4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fe:67:bb:4a:d7:fb:73:ef:22:e5:08:4e:e5:6e:53:61:9d:
         9d:a7:6e:a4:20:25:8e:72:bc:a3:7b:0d:b9:4b:12:4a:7c:fb:
         45:b1:5d:d2:43:cb:fd:c4:ed:ad:dc:ad:ef:0b:5c:63:25:5e:
         00:36:2c:d9:7d:94:f8:e9:a6:88:92:74:22:46:5b:7b:8d:2e:
         01:70:42:64:7b:7b:0b:d8:e5:18:54:b1:6b:92:d2:84:b7:28:
         10:da:46:70:51:b1:95:7d:95:45:32:5b:1c:72:bd:09:56:07:
         1e:4a:bd:0a:4d:8c:26:5f:af:f5:12:cb:32:70:30:67:36:17:
         3a:e9:b7:1b:79:3c:92:73:e8:e8:e1:35:f4:f6:34:b8:19:0c:
         6a:7f:45:4f:2e:03:0b:15:a6:76:ef:6c:71:24:ba:fb:0d:d4:
         83:77:c7:e8:b3:e4:ea:8a:e4:3f:2e:22:cd:20:cf:77:b2:76:
         d3:5a:d1:ba:50:d2:0e:32:c7:ae:0d:62:aa:be:24:b0:10:66:
         17:01:43:3b:63:15:2e:65:d7:52:f4:a3:7e:08:52:35:80:b9:
         83:6f:1e:27:f7:4b:35:b0:b9:40:40:e7:39:13:ef:18:29:a6:
         d6:75:8b:16:40:7f:c1:c5:c2:72:00:e7:55:a4:53:d2:88:2c:
         f0:71:03:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GY6XpkrwlWHbT8M2dxwGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA4MDcwMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYThkYjhmODgzYWE4NjRkNGJmNWIwMWVjNjk4Y2IxZjQwZTk4YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3yo4uKypnTQpfacyh/LNfAne59c
pL6vr/PuT7zrwdaa9yVWrb5IyF7JDK/m/lV1aj9xD6VkPj8GXHPWjeIjlsxVNWOW
ZT6aqNWYwkyQK+DnJERVPkh8IlsegOUX0usfMPZzkmyYcyzrxNIFKVmysuqzckVb
h4hs5Y2OI8yUm/Cw+vtprv7fUUco/Nbc3lfxI9BVw70BH6gFTyXRuWQeDezp21zc
pxC6mQ6q4AuE24PZG3HP0kxt8nFR8NarHhqvH89NoGVaxr0eiXiAkWtk4GR7+0L9
InzSVQXvOAP4i8C/PUYblsCh15RloUlRoYu0ylFcYwbSfx6SWEwtudXp5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqNuPiDqoZNS/WwHsaYyx9A6YpuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNm8yNC1JT3FoazFMOWJBZXhwakxIMERwaW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4/me7Stf7c+8i5QhO5W5TYZ2dp26kICWOcryjew25
SxJKfPtFsV3SQ8v9xO2t3K3vC1xjJV4ANizZfZT46aaIknQiRlt7jS4BcEJke3sL
2OUYVLFrktKEtygQ2kZwUbGVfZVFMlsccr0JVgceSr0KTYwmX6/1EssycDBnNhc6
6bcbeTySc+jo4TX09jS4GQxqf0VPLgMLFaZ272xxJLr7DdSDd8fos+TqiuQ/LiLN
IM93snbTWtG6UNIOMseuDWKqviSwEGYXAUM7YxUuZddS9KN+CFI1gLmDbx4n90s1
sLlAQOc5E+8YKabWdYsWQH/BxcJyAOdVpFPSiCzwcQNw
-----END CERTIFICATE-----