Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Oco3c4vVbQvL_Ns-iGFsWzv16Mk.roa
File:                     Oco3c4vVbQvL_Ns-iGFsWzv16Mk.roa (raw, json)
Hash identifier:          /cCSk6Ux8G6K5H0CSIXBKaYoZ6jBfCzc+/hMhsi8JbQ=
Subject key identifier:   39:CA:37:73:8B:D5:6D:0B:CB:FC:DB:3E:88:61:6C:5B:3B:F5:E8:C9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CE238FD41CEAF64E28D805343A8DD3284
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Oco3c4vVbQvL_Ns-iGFsWzv16Mk.roa
Signing time:             Thu 12 Mar 2026 13:25:11 +0000
ROA not before:           Thu 12 Mar 2026 13:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212980
IP address blocks:        80.240.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:38:fd:41:ce:af:64:e2:8d:80:53:43:a8:dd:32:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 12 13:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39ca37738bd56d0bcbfcdb3e88616c5b3bf5e8c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:23:55:1d:57:35:7d:62:7f:e9:a7:9a:63:95:
                    8d:3b:55:7d:ed:82:cf:73:24:c1:e7:b9:ca:c2:28:
                    1c:53:b4:b3:f6:90:e4:12:87:00:33:ec:f7:8c:cc:
                    20:2c:bc:54:e5:64:b8:9e:24:be:29:b5:a1:81:51:
                    5b:38:28:17:3a:7e:27:90:03:98:a2:38:5f:9b:a9:
                    ce:b7:bf:24:dd:16:d7:40:4d:9a:02:1e:d8:bd:ec:
                    f9:cf:35:82:69:83:6c:dd:eb:ff:32:d9:65:5a:5a:
                    b6:d5:5e:be:bf:f3:63:9e:d5:92:03:d7:96:1a:e2:
                    82:8f:47:72:12:4c:88:bc:b9:7f:fb:f0:7a:78:85:
                    77:17:a1:47:01:b8:9d:0f:d4:ad:33:5b:cc:6f:f4:
                    32:3f:d6:f9:54:9d:24:41:2a:e9:3d:1b:98:45:67:
                    9b:aa:d1:42:6f:e6:07:99:96:f8:16:b9:f9:2b:b2:
                    be:90:23:23:63:89:43:fa:05:35:e0:f7:80:28:c7:
                    34:fe:3e:ef:bc:56:11:d3:19:86:72:7d:7e:1b:90:
                    ce:89:49:23:a5:4d:61:8e:bb:78:1a:c8:6b:6c:41:
                    0c:b1:70:30:4d:1c:09:e9:24:2d:0b:bd:48:d0:99:
                    b8:85:c6:6d:54:c5:7e:ae:e2:0c:39:d4:3b:7d:5c:
                    e4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:CA:37:73:8B:D5:6D:0B:CB:FC:DB:3E:88:61:6C:5B:3B:F5:E8:C9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Oco3c4vVbQvL_Ns-iGFsWzv16Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:41:08:9b:c3:5c:e3:44:3e:df:0e:97:65:31:65:71:e9:02:
         0a:24:33:76:1e:a2:03:c3:89:67:dd:03:18:40:79:2e:6d:d3:
         a3:a4:3f:9c:03:39:25:a1:a6:c7:c8:20:be:e7:75:14:57:c9:
         b4:74:dd:81:7d:bd:25:dc:06:ba:57:1c:aa:e4:b6:ed:a5:38:
         b4:3f:38:13:2e:5e:33:0b:8f:1f:7b:ae:48:f4:0e:26:28:16:
         bb:c0:12:7b:36:c2:56:48:1f:99:27:81:78:0e:5f:39:52:c6:
         a5:fb:6b:34:2b:1d:2b:94:3c:eb:ce:dd:df:b3:da:46:1b:c1:
         77:e4:fb:3a:61:3c:84:2b:f6:9f:88:46:1e:8c:fc:4a:2a:28:
         03:fd:89:3b:08:00:80:ae:68:89:f1:52:ac:6b:a8:1a:9f:45:
         3e:73:cf:34:e6:b2:5c:4e:fa:d5:58:5f:f8:94:e1:33:be:4e:
         66:b1:2f:db:2e:1e:1b:d3:20:ce:29:72:12:68:e7:c5:d2:9d:
         63:73:ac:cc:1c:f5:09:2d:bb:a1:70:04:f8:0a:48:dc:61:1a:
         17:d8:65:99:09:de:85:f2:19:f2:73:61:f5:56:e2:22:cd:c5:
         31:bb:86:68:ca:8e:3b:04:35:7b:0e:0f:68:78:d6:64:d9:51:
         ea:be:17:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziOP1Bzq9k4o2AU0Oo3TKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzEyMTMyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWNhMzc3MzhiZDU2ZDBiY2JmY2RiM2U4ODYxNmM1YjNiZjVlOGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7CNVHVc1fWJ/6aeaY5WNO1V97YLP
cyTB57nKwigcU7Sz9pDkEocAM+z3jMwgLLxU5WS4niS+KbWhgVFbOCgXOn4nkAOY
ojhfm6nOt78k3RbXQE2aAh7Yvez5zzWCaYNs3ev/MtllWlq21V6+v/NjntWSA9eW
GuKCj0dyEkyIvLl/+/B6eIV3F6FHAbidD9StM1vMb/QyP9b5VJ0kQSrpPRuYRWeb
qtFCb+YHmZb4Frn5K7K+kCMjY4lD+gU14PeAKMc0/j7vvFYR0xmGcn1+G5DOiUkj
pU1hjrt4GshrbEEMsXAwTRwJ6SQtC71I0Jm4hcZtVMV+ruIMOdQ7fVzkBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnKN3OL1W0Ly/zbPohhbFs79ejJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT2NvM2M0dlZiUXZMX05zLWlHRnNXenYxNk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPBZMA0G
CSqGSIb3DQEBCwUAA4IBAQBTQQibw1zjRD7fDpdlMWVx6QIKJDN2HqIDw4ln3QMY
QHkubdOjpD+cAzkloabHyCC+53UUV8m0dN2Bfb0l3Aa6Vxyq5LbtpTi0PzgTLl4z
C48fe65I9A4mKBa7wBJ7NsJWSB+ZJ4F4Dl85Usal+2s0Kx0rlDzrzt3fs9pGG8F3
5Ps6YTyEK/afiEYejPxKKigD/Yk7CACArmiJ8VKsa6gan0U+c8805rJcTvrVWF/4
lOEzvk5msS/bLh4b0yDOKXISaOfF0p1jc6zMHPUJLbuhcAT4CkjcYRoX2GWZCd6F
8hnyc2H1VuIizcUxu4Zoyo47BDV7Dg9oeNZk2VHqvhcS
-----END CERTIFICATE-----