Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IYMuhNWlNxiwBR4U11WmpR7OTpY.roa
File:                     IYMuhNWlNxiwBR4U11WmpR7OTpY.roa (raw, json)
Hash identifier:          J5St755H+JK7ig2ICI0VjqZ+OaKbiv00hRcxkrlhtVo=
Subject key identifier:   21:83:2E:84:D5:A5:37:18:B0:05:1E:14:D7:55:A6:A5:1E:CE:4E:96
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CFC8267CE559B9144EB79C4C2540B85A8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IYMuhNWlNxiwBR4U11WmpR7OTpY.roa
Signing time:             Tue 17 Mar 2026 15:55:30 +0000
ROA not before:           Tue 17 Mar 2026 15:55:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215287
IP address blocks:        37.98.149.0/24 maxlen: 24
                          80.240.91.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:82:67:ce:55:9b:91:44:eb:79:c4:c2:54:0b:85:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 17 15:55:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21832e84d5a53718b0051e14d755a6a51ece4e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:0e:b8:31:86:89:07:6c:57:e7:05:06:60:2e:
                    c4:f2:f8:3e:fd:e2:4e:c1:6b:b0:91:4e:17:eb:f1:
                    4f:66:b7:7e:3d:41:92:ce:3c:22:77:11:fb:82:24:
                    c5:3c:fb:04:de:69:0c:06:9e:6d:fe:5f:02:02:f8:
                    8a:8e:51:12:89:19:30:40:bb:46:67:bd:8d:cb:17:
                    d0:7f:25:07:35:19:5a:4c:dd:53:1a:0c:8c:8e:97:
                    75:89:b6:54:65:c4:74:a5:d5:3f:29:28:13:b9:49:
                    b1:44:58:df:91:00:b6:40:e4:a0:e4:8c:83:ad:ce:
                    f8:51:dd:88:d5:0d:53:f4:0a:e0:dc:a6:6b:68:2c:
                    43:e5:3f:cb:c2:da:09:a2:c4:eb:8b:2b:59:ca:57:
                    c9:9a:7b:3b:2c:cf:8f:87:e2:ca:5a:13:d0:0a:35:
                    97:c9:35:96:f6:6e:88:26:27:46:c9:fc:4c:7e:83:
                    15:0c:cc:fc:da:76:10:99:38:18:dc:67:bd:a1:81:
                    36:12:f6:c5:ce:33:f3:a0:c4:25:b4:7c:3a:7e:39:
                    af:aa:c2:b2:3f:43:1c:77:06:8d:3d:8c:62:77:fa:
                    0b:1d:59:92:d7:8c:4f:47:e8:03:66:95:f3:7c:ff:
                    ac:b7:2a:db:35:58:88:9c:7e:bb:b6:de:1f:f0:8a:
                    0a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:83:2E:84:D5:A5:37:18:B0:05:1E:14:D7:55:A6:A5:1E:CE:4E:96
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IYMuhNWlNxiwBR4U11WmpR7OTpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.149.0/24
                  80.240.91.0/24
                  212.38.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c8:a0:e1:98:5c:68:d5:27:8d:93:3b:d2:1c:a4:4d:8c:21:
         b4:7c:d0:cf:cb:0b:c1:89:31:fa:23:16:05:92:7a:ef:b5:3f:
         5c:14:b2:09:c1:26:92:60:9f:44:5a:02:35:0b:32:b5:d7:f7:
         cb:0e:cd:2d:17:0b:26:8d:20:19:f0:b0:d9:1e:d7:d6:5b:6e:
         04:5e:9f:66:56:97:13:77:b9:a9:f8:ad:e1:fe:cd:63:69:7a:
         2c:a9:a9:fb:f6:e4:30:43:f3:f0:11:7a:0c:5d:03:24:1a:f5:
         4d:3f:09:4d:f7:15:fc:1f:30:cd:e6:0c:33:6d:aa:e5:10:82:
         2d:68:02:2d:20:01:b8:bc:32:57:c4:a5:f3:65:6c:99:9e:05:
         64:cf:98:fb:77:89:32:77:42:c1:eb:04:5f:bc:22:79:ba:16:
         0a:d1:4a:60:a1:0a:18:a0:3b:3f:56:70:5c:22:38:3a:10:50:
         46:82:bc:91:e0:f0:22:78:2e:3b:f1:b7:31:53:36:fc:ce:18:
         86:74:ac:5e:0d:fe:7c:66:61:83:59:fd:1c:b4:ba:48:14:ea:
         13:b7:11:f8:1a:ae:a2:2b:ef:74:8b:6d:9f:e2:0f:c9:cb:83:
         99:34:7a:81:e2:a4:fb:0d:b7:9c:b8:8a:03:48:5f:eb:32:91:
         39:d8:c6:47
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZz8gmfOVZuRROt5xMJUC4WoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzE3MTU1NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTgzMmU4NGQ1YTUzNzE4YjAwNTFlMTRkNzU1YTZhNTFlY2U0ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4g64MYaJB2xX5wUGYC7E8vg+/eJO
wWuwkU4X6/FPZrd+PUGSzjwidxH7giTFPPsE3mkMBp5t/l8CAviKjlESiRkwQLtG
Z72NyxfQfyUHNRlaTN1TGgyMjpd1ibZUZcR0pdU/KSgTuUmxRFjfkQC2QOSg5IyD
rc74Ud2I1Q1T9Arg3KZraCxD5T/LwtoJosTriytZylfJmns7LM+Ph+LKWhPQCjWX
yTWW9m6IJidGyfxMfoMVDMz82nYQmTgY3Ge9oYE2EvbFzjPzoMQltHw6fjmvqsKy
P0McdwaNPYxid/oLHVmS14xPR+gDZpXzfP+styrbNViInH67tt4f8IoK+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCGDLoTVpTcYsAUeFNdVpqUezk6WMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVlNdWhOV2xOeGl3QlI0VTExV21wUjdPVHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJWKVAwQA
UPBbAwQA1CZPMA0GCSqGSIb3DQEBCwUAA4IBAQBpyKDhmFxo1SeNkzvSHKRNjCG0
fNDPywvBiTH6IxYFknrvtT9cFLIJwSaSYJ9EWgI1CzK11/fLDs0tFwsmjSAZ8LDZ
HtfWW24EXp9mVpcTd7mp+K3h/s1jaXosqan79uQwQ/PwEXoMXQMkGvVNPwlN9xX8
HzDN5gwzbarlEIItaAItIAG4vDJXxKXzZWyZngVkz5j7d4kyd0LB6wRfvCJ5uhYK
0UpgoQoYoDs/VnBcIjg6EFBGgryR4PAieC478bcxUzb8zhiGdKxeDf58ZmGDWf0c
tLpIFOoTtxH4Gq6iK+90i22f4g/Jy4OZNHqB4qT7DbecuIoDSF/rMpE52MZH
-----END CERTIFICATE-----