Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fYmHSs387uwCdUwIRb7nM-1fLEM.roa
File:                     fYmHSs387uwCdUwIRb7nM-1fLEM.roa (raw, json)
Hash identifier:          aDGcfRTgFBTiq87pBvo68MJfzDFl2Pr3BdGmbcVfqqg=
Subject key identifier:   7D:89:87:4A:CD:FC:EE:EC:02:75:4C:08:45:BE:E7:33:ED:5F:2C:43
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E15D00FC844B40E319E259E1063B12C88
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fYmHSs387uwCdUwIRb7nM-1fLEM.roa
Signing time:             Mon 11 May 2026 06:53:37 +0000
ROA not before:           Mon 11 May 2026 06:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        81.168.62.0/24 maxlen: 24
                          81.168.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:d0:0f:c8:44:b4:0e:31:9e:25:9e:10:63:b1:2c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 11 06:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d89874acdfceeec02754c0845bee733ed5f2c43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:74:88:03:8d:2c:1b:d5:9a:70:28:f9:93:78:
                    db:21:60:39:e5:8b:48:d5:b9:27:4f:8f:1f:a7:c2:
                    b9:5b:cb:85:5d:ae:45:00:61:37:46:34:0a:c7:44:
                    73:6a:bb:2b:f7:e6:59:98:60:61:1f:ae:e0:10:22:
                    76:70:2a:0d:73:71:67:40:49:77:67:c1:50:69:59:
                    d0:56:88:c8:34:6d:68:e9:26:96:76:dd:c0:52:06:
                    89:3f:2f:31:bf:12:b7:8d:1e:09:39:74:af:70:08:
                    2c:7c:c7:bb:ea:a6:67:9e:30:f5:b6:17:af:a6:01:
                    ce:f3:45:84:3f:43:09:22:9e:30:d4:4d:d4:32:b4:
                    4a:c1:7d:4c:19:1b:82:0c:01:91:40:90:e4:7d:a2:
                    20:7c:ec:b0:45:da:76:76:75:da:b0:ce:ea:49:f1:
                    6d:ec:18:38:17:df:22:ec:60:6d:48:6f:ee:c0:ea:
                    d7:b2:0b:e5:75:b4:ab:9c:c6:3b:2d:7d:e0:5f:cb:
                    53:80:36:60:de:44:17:00:8e:a2:6d:68:b1:29:f8:
                    a8:a1:7a:22:19:9e:0c:4e:28:dd:03:7b:41:47:61:
                    0c:94:f1:12:82:26:d7:a1:8a:7f:3d:26:04:f8:a0:
                    42:0e:18:94:b5:d1:d5:49:8c:1b:e0:1e:a1:64:87:
                    94:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:89:87:4A:CD:FC:EE:EC:02:75:4C:08:45:BE:E7:33:ED:5F:2C:43
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fYmHSs387uwCdUwIRb7nM-1fLEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.62.0/24
                  81.168.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:52:0a:8d:31:24:a9:cf:9f:ac:ad:95:0b:14:59:d2:bd:d6:
         4d:a4:9f:29:eb:9c:d2:2a:ef:cb:50:1b:08:ca:07:bf:36:b5:
         f7:64:b8:ca:e6:cf:b3:59:35:03:f4:af:55:d6:16:1b:5a:82:
         4d:1b:4d:42:99:39:83:04:1e:57:82:ea:d6:89:5a:a6:2a:ac:
         c2:70:c3:15:d0:52:35:47:88:8e:21:ab:2b:e2:cf:fe:5e:4d:
         bf:41:9b:d9:de:96:cc:d2:d6:e4:7c:61:59:cf:dd:cc:6f:84:
         9b:74:f9:7e:76:72:fe:66:86:b5:9a:26:95:95:fb:4a:4f:d4:
         8e:c1:7b:9d:23:00:e6:de:6b:7c:59:14:b4:c9:02:f5:be:fb:
         1a:13:fd:0e:f5:1c:49:0c:48:dd:de:f0:a8:44:85:85:5d:24:
         93:a8:27:ba:0b:16:ef:d9:a0:59:73:45:3c:9c:16:e8:4b:7f:
         f0:fa:af:1b:55:6c:6e:de:2b:b6:b5:60:6f:12:3a:bb:46:d2:
         51:f1:ec:22:c8:98:17:76:d1:66:7a:93:49:48:fd:27:25:87:
         db:03:78:b7:db:42:ed:b7:e4:d0:20:7c:f1:b1:1f:13:9e:2f:
         90:d3:d7:1d:c3:8c:a3:e8:46:f5:b5:61:fb:6b:a6:eb:ff:29:
         01:26:59:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4V0A/IRLQOMZ4lnhBjsSyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTExMDY1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg5ODc0YWNkZmNlZWVjMDI3NTRjMDg0NWJlZTczM2VkNWYyYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnSIA40sG9WacCj5k3jbIWA55YtI
1bknT48fp8K5W8uFXa5FAGE3RjQKx0Rzarsr9+ZZmGBhH67gECJ2cCoNc3FnQEl3
Z8FQaVnQVojING1o6SaWdt3AUgaJPy8xvxK3jR4JOXSvcAgsfMe76qZnnjD1thev
pgHO80WEP0MJIp4w1E3UMrRKwX1MGRuCDAGRQJDkfaIgfOywRdp2dnXasM7qSfFt
7Bg4F98i7GBtSG/uwOrXsgvldbSrnMY7LX3gX8tTgDZg3kQXAI6ibWixKfiooXoi
GZ4MTijdA3tBR2EMlPESgibXoYp/PSYE+KBCDhiUtdHVSYwb4B6hZIeUPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH2Jh0rN/O7sAnVMCEW+5zPtXyxDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZlltSFNzMzg3dXdDZFV3SVJiN25NLTFmTEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUag+AwQA
UahMMA0GCSqGSIb3DQEBCwUAA4IBAQCMUgqNMSSpz5+srZULFFnSvdZNpJ8p65zS
Ku/LUBsIyge/NrX3ZLjK5s+zWTUD9K9V1hYbWoJNG01CmTmDBB5XgurWiVqmKqzC
cMMV0FI1R4iOIasr4s/+Xk2/QZvZ3pbM0tbkfGFZz93Mb4SbdPl+dnL+Zoa1miaV
lftKT9SOwXudIwDm3mt8WRS0yQL1vvsaE/0O9RxJDEjd3vCoRIWFXSSTqCe6Cxbv
2aBZc0U8nBboS3/w+q8bVWxu3iu2tWBvEjq7RtJR8ewiyJgXdtFmepNJSP0nJYfb
A3i320Ltt+TQIHzxsR8Tni+Q09cdw4yj6Eb1tWH7a6br/ykBJlm8
-----END CERTIFICATE-----