Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_M2RJAIfhZnoEMMSN7hDCcsDn-E.roa
File:                     _M2RJAIfhZnoEMMSN7hDCcsDn-E.roa (raw, json)
Hash identifier:          dokv2P6Ang0tIRSxPTc4jsOn4TPMcaAr10mWnxgFVX0=
Subject key identifier:   FC:CD:91:24:02:1F:85:99:E8:10:C3:12:37:B8:43:09:CB:03:9F:E1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D25286EFEA166DCB9B2CDC2BE64A1180A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_M2RJAIfhZnoEMMSN7hDCcsDn-E.roa
Signing time:             Wed 25 Mar 2026 13:21:39 +0000
ROA not before:           Wed 25 Mar 2026 13:21:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402204
IP address blocks:        37.98.145.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.163.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:28:6e:fe:a1:66:dc:b9:b2:cd:c2:be:64:a1:18:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 13:21:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fccd9124021f8599e810c31237b84309cb039fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c4:71:32:d8:ac:f2:22:2c:85:52:87:00:9b:
                    31:13:4e:f4:20:87:89:f3:97:fe:ed:bb:96:21:21:
                    59:69:13:6a:b6:8c:a1:81:15:c6:6a:36:a3:c2:12:
                    94:e3:45:1c:46:bb:16:62:79:05:e7:09:20:0d:78:
                    83:af:04:de:73:d8:6c:4e:28:dd:e5:55:1c:92:c3:
                    d0:10:86:92:99:6b:3a:a8:87:55:dd:0f:ca:1b:e7:
                    29:3a:7d:f3:82:74:2c:1f:8c:81:f6:86:cc:9c:0a:
                    e5:09:67:c4:d1:fe:d3:da:ef:fc:22:0c:6d:ce:1f:
                    6b:31:fd:66:8e:7f:3e:73:23:b6:2d:9b:c5:cc:7c:
                    26:2e:b5:69:c7:1b:ce:ea:cb:40:eb:d3:c2:6e:d2:
                    c7:97:1f:ac:f9:da:32:d1:65:a0:59:33:bf:26:fb:
                    59:58:8f:a5:70:0b:a1:f8:97:0c:6c:62:db:73:5f:
                    85:32:92:6b:ff:bf:98:a1:0b:f6:86:0e:e1:23:9c:
                    9d:9b:e7:f0:11:fd:a3:12:81:b6:8f:58:ee:26:9c:
                    24:3c:c1:ce:97:ab:18:35:fd:cf:ef:e3:16:14:98:
                    f9:9f:e0:75:26:39:61:e7:ff:b1:6f:19:1e:14:83:
                    66:f3:f9:16:12:7a:9a:26:9c:74:ec:33:98:41:5d:
                    7a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CD:91:24:02:1F:85:99:E8:10:C3:12:37:B8:43:09:CB:03:9F:E1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_M2RJAIfhZnoEMMSN7hDCcsDn-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.145.0/24
                  82.152.252.0/24
                  82.163.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b8:7f:03:b0:29:89:c2:bd:8f:9d:57:11:81:47:39:8a:de:
         b1:33:29:79:4a:7a:4c:44:89:c9:5e:86:d2:fe:8f:5a:4d:22:
         02:90:44:eb:b8:fd:2e:a7:c8:93:26:94:96:da:be:b3:6e:42:
         b2:14:06:dc:b7:bb:5e:a3:e9:87:9a:5a:21:1b:73:ee:f6:8f:
         59:1b:39:42:29:18:f1:1e:53:8a:e9:8e:c2:a7:68:9b:56:ea:
         bb:9b:89:d5:ac:20:64:32:8d:7f:f0:35:14:bb:d7:18:93:2b:
         d1:73:03:7e:b2:01:04:d3:cc:22:9d:14:ed:ae:7d:3e:75:dd:
         d8:9f:2f:d3:14:3d:9e:e6:a7:1d:66:0f:c3:82:f8:0d:62:96:
         6b:9b:01:02:c2:65:e7:71:2a:b3:dc:ab:89:e4:a9:14:90:f6:
         aa:55:0e:f9:14:2f:00:1b:25:dc:de:14:43:8c:10:2e:be:ef:
         bc:70:f2:40:46:67:e6:d3:e1:ca:8d:18:d1:2b:e2:17:96:79:
         6a:85:bb:2f:e6:04:63:99:92:14:99:6b:42:86:ee:d5:50:ba:
         4b:ab:02:98:e2:72:d4:d7:64:f8:5c:65:1f:95:1e:6f:0a:d8:
         a6:00:41:d1:c5:ae:4f:43:3e:e8:2a:a2:f8:ff:4f:6a:9a:1f:
         cc:24:e8:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0lKG7+oWbcubLNwr5koRgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzI1MTMyMTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NkOTEyNDAyMWY4NTk5ZTgxMGMzMTIzN2I4NDMwOWNiMDM5ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMRxMtis8iIshVKHAJsxE070IIeJ
85f+7buWISFZaRNqtoyhgRXGajajwhKU40UcRrsWYnkF5wkgDXiDrwTec9hsTijd
5VUcksPQEIaSmWs6qIdV3Q/KG+cpOn3zgnQsH4yB9obMnArlCWfE0f7T2u/8Igxt
zh9rMf1mjn8+cyO2LZvFzHwmLrVpxxvO6stA69PCbtLHlx+s+doy0WWgWTO/JvtZ
WI+lcAuh+JcMbGLbc1+FMpJr/7+YoQv2hg7hI5ydm+fwEf2jEoG2j1juJpwkPMHO
l6sYNf3P7+MWFJj5n+B1Jjlh5/+xbxkeFINm8/kWEnqaJpx07DOYQV16AwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPzNkSQCH4WZ6BDDEje4QwnLA5/hMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX00yUkpBSWZoWm5vRU1NU043aERDY3NEbi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJWKRAwQA
Upj8AwQAUqMHMA0GCSqGSIb3DQEBCwUAA4IBAQBPuH8DsCmJwr2PnVcRgUc5it6x
Myl5SnpMRInJXobS/o9aTSICkETruP0up8iTJpSW2r6zbkKyFAbct7teo+mHmloh
G3Pu9o9ZGzlCKRjxHlOK6Y7Cp2ibVuq7m4nVrCBkMo1/8DUUu9cYkyvRcwN+sgEE
08winRTtrn0+dd3Yny/TFD2e5qcdZg/DgvgNYpZrmwECwmXncSqz3KuJ5KkUkPaq
VQ75FC8AGyXc3hRDjBAuvu+8cPJARmfm0+HKjRjRK+IXlnlqhbsv5gRjmZIUmWtC
hu7VULpLqwKY4nLU12T4XGUflR5vCtimAEHRxa5PQz7oKqL4/09qmh/MJOjA
-----END CERTIFICATE-----