Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aLoq4kG8BnaK5hsAqN1XwJQRIhY.roa
File:                     aLoq4kG8BnaK5hsAqN1XwJQRIhY.roa (raw, json)
Hash identifier:          pvYCkfuwRQFeu95BPaY1HcH5f925DfV24rL9o88DovA=
Subject key identifier:   68:BA:2A:E2:41:BC:06:76:8A:E6:1B:00:A8:DD:57:C0:94:11:22:16
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CDE0D7D03F463BDA9EBB2CF22689C0220
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aLoq4kG8BnaK5hsAqN1XwJQRIhY.roa
Signing time:             Wed 11 Mar 2026 17:59:11 +0000
ROA not before:           Wed 11 Mar 2026 17:59:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213250
IP address blocks:        89.213.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:0d:7d:03:f4:63:bd:a9:eb:b2:cf:22:68:9c:02:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 11 17:59:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68ba2ae241bc06768ae61b00a8dd57c094112216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e3:c1:28:77:2d:1b:10:71:07:a0:e7:11:15:
                    57:01:c3:52:a8:52:06:8f:c7:67:56:d3:3a:d5:74:
                    0f:69:bb:a8:cc:fc:f7:5f:8b:15:e1:6b:6b:5b:26:
                    5e:f0:52:80:31:26:26:a3:a3:2c:d0:c9:89:87:c9:
                    c9:58:63:0f:7c:67:e5:5f:5c:20:98:8a:03:5f:2a:
                    3f:52:2c:6b:4e:e5:3c:62:f1:14:5b:b4:0b:dc:cd:
                    75:21:f0:0a:94:eb:c2:bc:64:7a:5b:fb:ee:32:9d:
                    1c:ba:23:13:04:19:90:2f:b0:d6:d8:47:9c:3f:83:
                    0b:b2:5e:5b:78:fc:fc:14:32:6b:d8:a7:9c:d5:82:
                    7f:3e:cd:bd:88:6a:00:10:af:d7:a1:e6:d4:87:30:
                    1e:8a:c4:46:93:29:06:16:61:c3:57:7c:05:78:3b:
                    e0:f4:3a:ae:01:6b:86:90:ba:a8:40:23:a1:7b:29:
                    e1:43:68:89:2e:af:f4:61:ba:60:f0:27:c1:52:3d:
                    25:a6:c8:32:7d:b6:27:b4:7b:9f:da:c3:4d:ea:e0:
                    20:ec:39:c5:95:5b:7a:2b:73:b7:7f:78:7b:fa:ce:
                    35:a5:03:d1:77:de:2b:c1:42:4f:b9:0d:85:ff:50:
                    3e:8d:31:99:15:00:16:eb:72:88:52:47:3b:f1:0d:
                    b9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BA:2A:E2:41:BC:06:76:8A:E6:1B:00:A8:DD:57:C0:94:11:22:16
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aLoq4kG8BnaK5hsAqN1XwJQRIhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:53:87:8c:b2:31:c1:1d:8d:18:cd:55:0b:bb:fa:56:65:35:
         c3:66:e7:c4:d8:a2:ee:3b:85:d3:b8:75:86:08:f3:15:fe:c9:
         7f:8c:25:89:e1:46:83:70:4d:65:24:c5:3e:0a:73:3b:ff:59:
         eb:ce:e0:5d:18:68:cf:34:d1:5b:70:46:85:1c:29:bd:07:26:
         c4:0a:a3:e6:f1:ab:a9:ee:b0:d3:35:a4:0a:bf:74:9b:f3:5a:
         0a:0b:52:0a:44:45:84:9f:18:05:59:62:a9:10:e5:36:4d:97:
         02:f7:d3:7e:7c:b7:3a:fd:d0:1f:64:9c:cf:3b:2a:3c:b9:39:
         df:0c:02:b2:7e:a6:08:bd:f7:ae:53:cb:53:79:02:45:ee:b5:
         b1:4e:e7:08:05:a1:ec:eb:cb:2e:6e:ba:30:29:aa:26:ef:81:
         d8:85:52:4f:e9:2a:d1:4c:90:ec:0b:a8:31:40:4b:71:5b:fb:
         fa:05:79:b9:b2:d2:9f:07:2a:e8:80:2d:a3:bc:3d:4a:43:5b:
         ab:7e:2f:27:4e:88:32:64:1f:e3:4d:dc:0c:49:b8:43:2e:30:
         18:0a:0c:82:34:66:1b:eb:f1:5f:d8:5f:46:bd:d9:10:77:cd:
         8e:07:e5:0b:f4:0d:9f:c9:ed:d4:a1:c6:21:82:6f:2c:ae:45:
         16:f5:bf:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzeDX0D9GO9qeuyzyJonAIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzExMTc1OTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJhMmFlMjQxYmMwNjc2OGFlNjFiMDBhOGRkNTdjMDk0MTEyMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqePBKHctGxBxB6DnERVXAcNSqFIG
j8dnVtM61XQPabuozPz3X4sV4WtrWyZe8FKAMSYmo6Ms0MmJh8nJWGMPfGflX1wg
mIoDXyo/UixrTuU8YvEUW7QL3M11IfAKlOvCvGR6W/vuMp0cuiMTBBmQL7DW2Eec
P4MLsl5bePz8FDJr2Kec1YJ/Ps29iGoAEK/XoebUhzAeisRGkykGFmHDV3wFeDvg
9DquAWuGkLqoQCOheynhQ2iJLq/0Ybpg8CfBUj0lpsgyfbYntHuf2sNN6uAg7DnF
lVt6K3O3f3h7+s41pQPRd94rwUJPuQ2F/1A+jTGZFQAW63KIUkc78Q25swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGi6KuJBvAZ2iuYbAKjdV8CUESIWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYUxvcTRrRzhCbmFLNWhzQXFOMVh3SlFSSWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdV2MA0G
CSqGSIb3DQEBCwUAA4IBAQBmU4eMsjHBHY0YzVULu/pWZTXDZufE2KLuO4XTuHWG
CPMV/sl/jCWJ4UaDcE1lJMU+CnM7/1nrzuBdGGjPNNFbcEaFHCm9BybECqPm8aup
7rDTNaQKv3Sb81oKC1IKREWEnxgFWWKpEOU2TZcC99N+fLc6/dAfZJzPOyo8uTnf
DAKyfqYIvfeuU8tTeQJF7rWxTucIBaHs68subrowKaom74HYhVJP6SrRTJDsC6gx
QEtxW/v6BXm5stKfByrogC2jvD1KQ1urfi8nTogyZB/jTdwMSbhDLjAYCgyCNGYb
6/Ff2F9GvdkQd82OB+UL9A2fye3UocYhgm8srkUW9b+H
-----END CERTIFICATE-----