Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VbRTPTSF_h5HzPlhPYYzw-89YFM.roa
File:                     VbRTPTSF_h5HzPlhPYYzw-89YFM.roa (raw, json)
Hash identifier:          gXsXjs4j8PMS/w/1/vw0cIYWEmTyrsxw3EjYr8hjM7U=
Subject key identifier:   55:B4:53:3D:34:85:FE:1E:47:CC:F9:61:3D:86:33:C3:EF:3D:60:53
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CDC02B9AE8E99E973BB93AF761933247C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VbRTPTSF_h5HzPlhPYYzw-89YFM.roa
Signing time:             Wed 11 Mar 2026 08:28:12 +0000
ROA not before:           Wed 11 Mar 2026 08:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        82.152.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:02:b9:ae:8e:99:e9:73:bb:93:af:76:19:33:24:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 11 08:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55b4533d3485fe1e47ccf9613d8633c3ef3d6053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:80:54:d0:bd:9c:ed:0d:c9:15:21:8c:48:
                    2f:de:89:bd:28:20:34:ed:6d:6b:e2:21:e0:9d:08:
                    95:a6:05:fa:b3:3a:0a:ec:19:fb:85:2a:c7:8f:94:
                    ce:9e:81:85:4b:1b:0a:43:b8:c5:86:8f:a6:13:9a:
                    1e:63:42:f4:4d:38:d6:1e:fb:af:62:eb:9a:75:de:
                    39:30:79:03:9b:39:0f:cd:7a:8c:ae:0e:9a:dc:47:
                    da:43:a5:c3:0a:6f:9b:16:85:85:22:28:f2:72:42:
                    4b:d7:32:8a:08:2d:cd:9d:64:54:ab:0e:3d:91:42:
                    c2:20:d3:16:4d:19:e8:40:bd:32:fe:97:52:5a:21:
                    29:5b:70:42:d8:42:41:cb:b4:ae:1e:43:4f:b0:7b:
                    9a:59:51:3b:61:2e:71:63:e6:c7:74:ca:70:cf:db:
                    74:ae:2e:ab:5e:af:1d:7c:11:ca:0a:e1:5d:ed:89:
                    16:a5:aa:ca:9e:6b:60:a6:ba:8e:6b:11:cb:8b:e7:
                    f5:55:bd:35:8c:26:80:5f:46:af:c2:4c:be:d8:bc:
                    38:fe:1d:ab:c0:53:bb:50:7e:4a:3d:bc:b0:8e:69:
                    09:36:be:8d:d7:6a:85:3a:37:d8:e4:bd:05:10:de:
                    f5:a4:42:36:fb:43:3f:a2:36:53:2b:c4:39:b0:37:
                    3a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B4:53:3D:34:85:FE:1E:47:CC:F9:61:3D:86:33:C3:EF:3D:60:53
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VbRTPTSF_h5HzPlhPYYzw-89YFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:63:18:d2:4c:1d:07:17:13:05:fd:e4:34:7d:09:06:31:cf:
         52:15:89:c7:53:d2:24:dc:33:6c:27:83:ed:03:13:0d:fa:e7:
         ce:3a:1b:09:9d:e7:f3:c0:d6:97:81:90:cb:ff:e0:34:6e:93:
         97:5e:6d:f7:03:bd:3c:27:c8:fe:db:49:d4:c0:3e:05:bf:08:
         ae:bd:ac:8e:8d:d1:36:36:59:42:38:0c:b7:9d:96:88:0c:7f:
         01:35:5a:69:a0:2a:76:86:66:9c:31:b2:a8:77:1b:f9:50:9a:
         fb:aa:f5:de:56:e3:3b:ec:fe:e4:66:c0:32:99:07:d0:9f:ed:
         17:65:ac:7f:1a:e3:9e:19:64:c0:f0:b7:6d:0a:50:3f:fc:47:
         09:7c:1d:a9:ac:87:78:37:ef:a2:c4:58:72:d8:21:d6:be:3d:
         0b:5d:61:47:a1:55:3e:fd:ca:4c:b3:06:3c:e8:4b:2c:03:05:
         f3:bf:c9:bb:a1:c4:0c:7e:cc:d9:7f:4f:f3:75:59:6d:b9:43:
         9e:f9:22:d4:43:ed:9a:9c:fc:ee:71:95:b6:48:00:68:e0:f1:
         8a:06:a1:a8:d6:71:fd:b8:77:c1:cf:7e:79:d9:57:06:0a:16:
         4c:65:69:2e:56:21:ec:e0:1a:dc:23:2f:fb:b5:b5:17:44:05:
         f8:a6:28:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcArmujpnpc7uTr3YZMyR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzExMDgyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI0NTMzZDM0ODVmZTFlNDdjY2Y5NjEzZDg2MzNjM2VmM2Q2MDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk72AVNC9nO0NyRUhjEgv3om9KCA0
7W1r4iHgnQiVpgX6szoK7Bn7hSrHj5TOnoGFSxsKQ7jFho+mE5oeY0L0TTjWHvuv
Yuuadd45MHkDmzkPzXqMrg6a3EfaQ6XDCm+bFoWFIijyckJL1zKKCC3NnWRUqw49
kULCINMWTRnoQL0y/pdSWiEpW3BC2EJBy7SuHkNPsHuaWVE7YS5xY+bHdMpwz9t0
ri6rXq8dfBHKCuFd7YkWparKnmtgprqOaxHLi+f1Vb01jCaAX0avwky+2Lw4/h2r
wFO7UH5KPbywjmkJNr6N12qFOjfY5L0FEN71pEI2+0M/ojZTK8Q5sDc6DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFW0Uz00hf4eR8z5YT2GM8PvPWBTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVmJSVFBUU0ZfaDVIelBsaFBZWXp3LTg5WUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUph6MA0G
CSqGSIb3DQEBCwUAA4IBAQBMYxjSTB0HFxMF/eQ0fQkGMc9SFYnHU9Ik3DNsJ4Pt
AxMN+ufOOhsJnefzwNaXgZDL/+A0bpOXXm33A708J8j+20nUwD4FvwiuvayOjdE2
NllCOAy3nZaIDH8BNVppoCp2hmacMbKodxv5UJr7qvXeVuM77P7kZsAymQfQn+0X
Zax/GuOeGWTA8LdtClA//EcJfB2prId4N++ixFhy2CHWvj0LXWFHoVU+/cpMswY8
6EssAwXzv8m7ocQMfszZf0/zdVltuUOe+SLUQ+2anPzucZW2SABo4PGKBqGo1nH9
uHfBz3552VcGChZMZWkuViHs4BrcIy/7tbUXRAX4pijG
-----END CERTIFICATE-----