Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MnqM7s-Zc2ByMqgpxP64zUbTIc4.roa
File:                     MnqM7s-Zc2ByMqgpxP64zUbTIc4.roa (raw, json)
Hash identifier:          Eof27wKpNSt9dYorIVT5Tfq1N8hL4NKwvdQ0wJmWAR4=
Subject key identifier:   32:7A:8C:EE:CF:99:73:60:72:32:A8:29:C4:FE:B8:CD:46:D3:21:CE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DF762F9CED5D222381B93AEF51C131D60
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MnqM7s-Zc2ByMqgpxP64zUbTIc4.roa
Signing time:             Tue 05 May 2026 09:05:51 +0000
ROA not before:           Tue 05 May 2026 09:05:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402298
IP address blocks:        81.168.100.0/24 maxlen: 24
                          82.152.84.0/24 maxlen: 24
                          82.153.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:62:f9:ce:d5:d2:22:38:1b:93:ae:f5:1c:13:1d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  5 09:05:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=327a8ceecf9973607232a829c4feb8cd46d321ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0d:6d:4e:ba:17:49:7e:3b:17:df:94:24:75:
                    45:77:ff:a4:16:f1:9a:dc:88:ce:45:80:2c:33:f2:
                    b3:7b:8e:1a:f5:9b:a8:01:d6:3b:9f:21:50:11:d5:
                    11:e1:32:d4:93:55:d3:8c:84:1a:b1:4f:53:56:7e:
                    de:6d:34:df:08:68:ec:35:7b:cb:8c:f1:fe:4c:67:
                    66:6d:bc:41:d2:aa:a8:57:1b:55:09:35:e1:e3:1b:
                    0f:90:3d:7f:56:28:c9:5e:42:79:03:f7:5f:54:37:
                    be:c3:54:9a:8a:99:fd:6d:64:17:86:d4:fb:d0:be:
                    e3:a5:52:f1:f9:d3:76:7f:a6:27:d2:1c:93:5d:84:
                    35:75:61:5a:b7:35:f3:99:20:5b:68:b2:0f:5d:07:
                    06:58:1c:f3:86:96:9b:e8:96:6b:08:84:a7:4d:6b:
                    c0:c8:b3:be:9c:48:19:b4:00:7f:7c:b3:6a:ee:8f:
                    c6:02:87:4a:c1:8f:a5:93:e9:14:8f:4f:b0:6d:28:
                    68:17:c2:a2:2a:2e:b2:ad:f9:9d:e6:83:fe:33:c5:
                    68:d8:21:df:a6:1d:40:8d:72:dd:5b:ef:0b:45:5e:
                    43:03:c9:cd:a4:11:7f:07:03:90:87:81:a4:06:ae:
                    9e:38:38:36:a9:0b:d7:52:be:04:f3:ec:85:91:6d:
                    d1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7A:8C:EE:CF:99:73:60:72:32:A8:29:C4:FE:B8:CD:46:D3:21:CE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MnqM7s-Zc2ByMqgpxP64zUbTIc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.100.0/24
                  82.152.84.0/24
                  82.153.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:d1:47:f4:c6:e0:11:da:4d:0e:d3:ec:bb:1c:5d:79:c1:bb:
         98:74:dc:e9:dd:a2:70:ff:af:65:13:9b:5c:06:95:1f:fb:66:
         7c:e4:f4:a4:cf:d9:fc:8d:7a:cb:0d:a2:9b:c9:99:57:f2:57:
         00:64:10:b5:7b:a8:74:91:50:22:4b:10:cf:1a:57:47:c3:cc:
         fb:bc:d0:d6:bd:c3:a1:12:e6:d4:f6:c1:2f:5b:69:e9:a6:5e:
         02:96:42:6b:52:16:3b:5e:00:cd:e8:12:3f:97:04:80:0e:c3:
         5c:f8:d6:81:8b:5c:51:22:c4:47:cb:de:1d:0d:0a:3d:33:a2:
         48:c2:1a:ef:f3:6a:7f:d8:72:ae:06:39:d7:93:87:2a:5b:d4:
         29:9b:dd:ef:2d:26:57:6d:e9:51:ca:cb:e0:08:ae:bb:6f:35:
         62:6b:a1:44:cf:7c:30:49:6f:27:44:49:b2:37:72:f4:9e:03:
         d5:55:f9:bb:64:13:9e:e6:b8:83:52:c8:f1:e8:ec:83:9e:76:
         fd:7a:09:cb:5f:41:02:a0:0a:10:e9:6d:e3:4e:ac:e6:57:33:
         e5:a6:6b:ad:54:56:e7:92:c0:3c:6b:b5:9d:0c:ec:17:21:04:
         4b:52:f5:68:bd:7d:9b:8e:0c:c7:19:43:e9:21:53:69:dd:12:
         4a:a4:3e:8c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ33YvnO1dIiOBuTrvUcEx1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA1MDkwNTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdhOGNlZWNmOTk3MzYwNzIzMmE4MjljNGZlYjhjZDQ2ZDMyMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug1tTroXSX47F9+UJHVFd/+kFvGa
3IjORYAsM/Kze44a9ZuoAdY7nyFQEdUR4TLUk1XTjIQasU9TVn7ebTTfCGjsNXvL
jPH+TGdmbbxB0qqoVxtVCTXh4xsPkD1/VijJXkJ5A/dfVDe+w1Saipn9bWQXhtT7
0L7jpVLx+dN2f6Yn0hyTXYQ1dWFatzXzmSBbaLIPXQcGWBzzhpab6JZrCISnTWvA
yLO+nEgZtAB/fLNq7o/GAodKwY+lk+kUj0+wbShoF8KiKi6yrfmd5oP+M8Vo2CHf
ph1AjXLdW+8LRV5DA8nNpBF/BwOQh4GkBq6eODg2qQvXUr4E8+yFkW3R8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDJ6jO7PmXNgcjKoKcT+uM1G0yHOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTW5xTTdzLVpjMkJ5TXFncHhQNjR6VWJUSWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUahkAwQA
UphUAwQAUplzMA0GCSqGSIb3DQEBCwUAA4IBAQCS0Uf0xuAR2k0O0+y7HF15wbuY
dNzp3aJw/69lE5tcBpUf+2Z85PSkz9n8jXrLDaKbyZlX8lcAZBC1e6h0kVAiSxDP
GldHw8z7vNDWvcOhEubU9sEvW2nppl4ClkJrUhY7XgDN6BI/lwSADsNc+NaBi1xR
IsRHy94dDQo9M6JIwhrv82p/2HKuBjnXk4cqW9Qpm93vLSZXbelRysvgCK67bzVi
a6FEz3wwSW8nREmyN3L0ngPVVfm7ZBOe5riDUsjx6OyDnnb9egnLX0ECoAoQ6W3j
TqzmVzPlpmutVFbnksA8a7WdDOwXIQRLUvVovX2bjgzHGUPpIVNp3RJKpD6M
-----END CERTIFICATE-----