Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f9li0Ossa7_RYsskDMzu8emuuSw.roa
File:                     f9li0Ossa7_RYsskDMzu8emuuSw.roa (raw, json)
Hash identifier:          fbdYEBrDlunM51fKzloUuJZhSKJ5RD/YARbnGVsaRrU=
Subject key identifier:   7F:D9:62:D0:EB:2C:6B:BF:D1:62:CB:24:0C:CC:EE:F1:E9:AE:B9:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CFC8DB001FC1D88CD2B704BC1F94ED126
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f9li0Ossa7_RYsskDMzu8emuuSw.roa
Signing time:             Tue 17 Mar 2026 16:07:49 +0000
ROA not before:           Tue 17 Mar 2026 16:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        37.252.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:8d:b0:01:fc:1d:88:cd:2b:70:4b:c1:f9:4e:d1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 17 16:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fd962d0eb2c6bbfd162cb240ccceef1e9aeb92c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ed:cf:79:1c:24:ea:ff:6e:14:10:26:dc:2b:
                    f7:c5:61:3f:89:42:b4:49:f7:39:6e:09:52:64:20:
                    32:da:51:d3:f8:c4:dd:41:0d:84:c4:88:40:da:d9:
                    58:8c:f4:0d:9f:66:e1:7d:c0:03:07:69:b3:94:b6:
                    d3:9b:b6:05:a4:c0:fb:5e:2a:88:cb:45:92:f7:ca:
                    52:82:e8:ea:e1:e8:7c:0e:e8:b6:89:d4:03:14:ae:
                    33:96:db:52:80:e8:78:51:7f:57:c3:c8:32:03:6d:
                    f0:57:24:8c:89:7a:cf:f1:23:d5:0d:95:6d:05:64:
                    27:17:78:a7:7f:ba:e6:02:a7:b2:c5:3f:9a:ad:cf:
                    fa:f6:ca:00:aa:52:f0:f4:43:44:89:c6:dd:df:d9:
                    37:ee:b3:01:7c:fd:9a:b8:05:62:13:0a:56:c2:3e:
                    5a:5f:8b:a9:c2:82:00:f3:43:e1:27:ec:a8:b7:ae:
                    bb:95:84:7d:15:be:e0:07:92:ab:f1:12:15:68:58:
                    84:6e:9e:49:bb:99:fd:24:8e:15:16:f6:25:dc:43:
                    89:e4:ee:ab:08:cd:f7:28:58:0b:14:6b:73:70:f5:
                    7a:79:57:a8:2a:39:da:b1:5d:01:37:2f:13:b2:44:
                    bf:f8:37:12:9f:a7:30:79:6d:7f:ac:5e:26:6e:b7:
                    a2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D9:62:D0:EB:2C:6B:BF:D1:62:CB:24:0C:CC:EE:F1:E9:AE:B9:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f9li0Ossa7_RYsskDMzu8emuuSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:38:79:6a:69:bc:69:17:32:15:89:fe:65:39:0e:16:f5:fd:
         a8:ce:48:52:a2:ad:a0:bf:4f:2e:b9:f9:18:9d:fa:e5:81:4e:
         92:5e:9c:c6:b5:a3:b1:b7:81:59:6c:8b:cc:ad:52:fc:c2:d4:
         1e:b5:81:e4:38:b1:bb:b3:5a:bc:6b:fd:6a:3a:f2:07:2d:ed:
         ad:a0:18:8b:57:95:69:21:48:29:46:b0:c2:d1:e7:34:d6:87:
         69:9e:32:08:1c:a7:74:ca:66:91:98:ce:1f:2d:50:f8:51:42:
         ca:1c:ee:60:a9:15:f0:53:6c:91:e3:4a:69:50:d2:c8:42:ef:
         18:b3:37:54:cf:99:71:6f:d5:5c:6f:13:cf:ad:9b:6b:46:a0:
         ce:ac:52:e4:13:04:f6:4d:32:15:c6:10:76:5b:d1:e3:1f:1f:
         3f:02:3b:ad:68:b2:1d:56:a1:7f:f1:ca:1b:fc:d9:26:da:d0:
         69:51:b9:56:eb:1b:76:e3:2d:fa:cc:f6:fc:cc:02:1b:72:a9:
         09:11:15:e9:cb:bf:d6:e2:94:92:50:2e:d2:0c:1e:b0:2f:13:
         b0:b3:28:4a:55:a9:7d:13:f8:6d:95:48:dc:fd:2c:43:1b:0b:
         5e:78:17:14:1a:ea:52:dc:1a:1f:32:63:79:cd:d0:23:1d:2f:
         8f:f2:5b:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8jbAB/B2IzStwS8H5TtEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzE3MTYwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ5NjJkMGViMmM2YmJmZDE2MmNiMjQwY2NjZWVmMWU5YWViOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne3PeRwk6v9uFBAm3Cv3xWE/iUK0
Sfc5bglSZCAy2lHT+MTdQQ2ExIhA2tlYjPQNn2bhfcADB2mzlLbTm7YFpMD7XiqI
y0WS98pSgujq4eh8Dui2idQDFK4zlttSgOh4UX9Xw8gyA23wVySMiXrP8SPVDZVt
BWQnF3inf7rmAqeyxT+arc/69soAqlLw9ENEicbd39k37rMBfP2auAViEwpWwj5a
X4upwoIA80PhJ+yot667lYR9Fb7gB5Kr8RIVaFiEbp5Ju5n9JI4VFvYl3EOJ5O6r
CM33KFgLFGtzcPV6eVeoKjnasV0BNy8TskS/+DcSn6cweW1/rF4mbrei+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/ZYtDrLGu/0WLLJAzM7vHprrksMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZjlsaTBPc3NhN19SWXNza0RNenU4ZW11dVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJfwaMA0G
CSqGSIb3DQEBCwUAA4IBAQCdOHlqabxpFzIVif5lOQ4W9f2ozkhSoq2gv08uufkY
nfrlgU6SXpzGtaOxt4FZbIvMrVL8wtQetYHkOLG7s1q8a/1qOvIHLe2toBiLV5Vp
IUgpRrDC0ec01odpnjIIHKd0ymaRmM4fLVD4UULKHO5gqRXwU2yR40ppUNLIQu8Y
szdUz5lxb9VcbxPPrZtrRqDOrFLkEwT2TTIVxhB2W9HjHx8/AjutaLIdVqF/8cob
/Nkm2tBpUblW6xt24y36zPb8zAIbcqkJERXpy7/W4pSSUC7SDB6wLxOwsyhKVal9
E/htlUjc/SxDGwteeBcUGupS3BofMmN5zdAjHS+P8luH
-----END CERTIFICATE-----