Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mUbpc_-lAqyOt9w1PqqocjPHbJ0.roa
File:                     mUbpc_-lAqyOt9w1PqqocjPHbJ0.roa (raw, json)
Hash identifier:          66xK56K9F88oLVoIMZF9iGuBj8yYJPxs3m6X8s4XSIY=
Subject key identifier:   99:46:E9:73:FF:A5:02:AC:8E:B7:DC:35:3E:AA:A8:72:33:C7:6C:9D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019CB45F43D705A23CD7B95E6904F31D1757
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mUbpc_-lAqyOt9w1PqqocjPHbJ0.roa
Signing time:             Tue 03 Mar 2026 15:44:27 +0000
ROA not before:           Tue 03 Mar 2026 15:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        89.213.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:04:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:5f:43:d7:05:a2:3c:d7:b9:5e:69:04:f3:1d:17:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  3 15:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9946e973ffa502ac8eb7dc353eaaa87233c76c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b4:16:e3:0d:d7:aa:b3:c2:c7:df:98:48:b8:
                    c7:02:23:24:5b:26:90:a7:55:48:89:8d:e3:d1:36:
                    f0:09:e4:ff:b6:5b:4c:88:9a:e0:63:3e:df:18:ab:
                    d9:74:ef:e9:12:0c:e0:e5:1a:2d:4b:a9:c1:15:59:
                    e4:f6:ff:9e:b2:29:fe:9c:d7:f5:36:b4:f9:fe:34:
                    52:74:9a:82:c1:be:b6:68:e1:81:dd:85:6f:ab:d7:
                    51:9b:05:c2:50:1c:8f:7a:40:45:66:87:f8:9c:76:
                    6e:79:3f:78:6f:95:03:cb:c5:ee:d0:ae:02:65:93:
                    0c:ad:fa:72:ca:a7:a0:60:2c:67:01:5f:81:55:c8:
                    38:2c:2b:24:7b:a5:89:f4:74:d1:c0:70:55:9b:eb:
                    c8:d2:59:16:75:d4:e8:f8:ec:d6:40:bd:74:84:2f:
                    af:ed:c3:bd:86:5b:5a:bb:fc:dc:82:28:e7:0c:f1:
                    91:cc:d3:39:78:82:60:b5:34:ae:e3:28:18:c7:6a:
                    fe:26:cc:37:f2:80:ca:78:67:87:33:91:84:c4:36:
                    e9:fb:08:ac:77:c2:56:87:0e:87:27:12:27:50:73:
                    1a:8f:97:33:45:38:cc:17:85:b0:cc:9e:26:20:f9:
                    69:ee:c4:e8:c9:3a:74:2e:99:76:41:4f:05:64:f3:
                    a3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:46:E9:73:FF:A5:02:AC:8E:B7:DC:35:3E:AA:A8:72:33:C7:6C:9D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mUbpc_-lAqyOt9w1PqqocjPHbJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:67:0d:c3:c9:3e:a6:39:03:c6:b4:9c:d4:95:2c:b7:6a:ae:
         c7:36:c9:5c:45:8a:eb:6d:73:a7:e9:58:9c:47:d1:e5:70:28:
         68:7b:ee:9c:34:18:05:03:35:7e:60:1a:87:08:9a:1c:e0:cc:
         34:5e:9a:81:42:da:b0:dd:45:20:b9:1b:0d:fc:20:de:c3:ff:
         57:fb:6b:86:d4:69:93:a2:e1:34:4c:9c:39:2c:e9:5e:9e:ec:
         b7:8f:3f:8a:de:c8:19:b9:72:20:b5:70:aa:94:7c:a6:38:34:
         4b:9f:29:80:34:48:dc:cf:5d:8b:ea:a7:ec:4c:f0:9b:dc:49:
         44:40:92:0c:6e:60:a8:6e:a0:b6:d2:f9:a5:87:00:fd:ea:a6:
         92:af:df:fb:7e:d1:00:a2:4a:82:fc:36:3e:d9:63:97:75:c0:
         a8:b1:32:d7:8d:10:6c:f4:b2:8f:25:2f:37:66:65:af:d8:b8:
         a9:07:fd:2e:d1:74:49:c3:6b:db:24:9a:af:b9:fe:e5:eb:35:
         9a:10:9e:23:18:3b:a1:d7:96:ee:74:32:d6:27:dc:cc:fa:a9:
         d6:24:38:0c:0b:e1:f7:a7:52:3f:06:70:24:1c:90:1d:74:c2:
         be:c6:be:1c:61:95:8b:29:5b:48:21:90:4a:1c:d7:bc:97:e2:
         f2:2b:9d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy0X0PXBaI817leaQTzHRdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzAzMTU0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTQ2ZTk3M2ZmYTUwMmFjOGViN2RjMzUzZWFhYTg3MjMzYzc2YzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7QW4w3XqrPCx9+YSLjHAiMkWyaQ
p1VIiY3j0TbwCeT/tltMiJrgYz7fGKvZdO/pEgzg5RotS6nBFVnk9v+esin+nNf1
NrT5/jRSdJqCwb62aOGB3YVvq9dRmwXCUByPekBFZof4nHZueT94b5UDy8Xu0K4C
ZZMMrfpyyqegYCxnAV+BVcg4LCske6WJ9HTRwHBVm+vI0lkWddTo+OzWQL10hC+v
7cO9hltau/zcgijnDPGRzNM5eIJgtTSu4ygYx2r+Jsw38oDKeGeHM5GExDbp+wis
d8JWhw6HJxInUHMaj5czRTjMF4WwzJ4mIPlp7sToyTp0Lpl2QU8FZPOjqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlG6XP/pQKsjrfcNT6qqHIzx2ydMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbVVicGNfLWxBcXlPdDl3MVBxcW9jalBIYkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdW2MA0G
CSqGSIb3DQEBCwUAA4IBAQCSZw3DyT6mOQPGtJzUlSy3aq7HNslcRYrrbXOn6Vic
R9HlcChoe+6cNBgFAzV+YBqHCJoc4Mw0XpqBQtqw3UUguRsN/CDew/9X+2uG1GmT
ouE0TJw5LOlenuy3jz+K3sgZuXIgtXCqlHymODRLnymANEjcz12L6qfsTPCb3ElE
QJIMbmCobqC20vmlhwD96qaSr9/7ftEAokqC/DY+2WOXdcCosTLXjRBs9LKPJS83
ZmWv2LipB/0u0XRJw2vbJJqvuf7l6zWaEJ4jGDuh15budDLWJ9zM+qnWJDgMC+H3
p1I/BnAkHJAddMK+xr4cYZWLKVtIIZBKHNe8l+LyK52r
-----END CERTIFICATE-----