Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xkxBqEL3u_xHQ1650xU3G9CV2I0.roa
File:                     xkxBqEL3u_xHQ1650xU3G9CV2I0.roa (raw, json)
Hash identifier:          8/bknavCm9tKWHeWRMnrlFqBp2P3IklwZje4nLytRbw=
Subject key identifier:   C6:4C:41:A8:42:F7:BB:FC:47:43:5E:B9:D3:15:37:1B:D0:95:D8:8D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DFDBE11B26CEF6B3E70213D8851CED862
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xkxBqEL3u_xHQ1650xU3G9CV2I0.roa
Signing time:             Wed 06 May 2026 14:43:05 +0000
ROA not before:           Wed 06 May 2026 14:43:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201386
IP address blocks:        79.99.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:be:11:b2:6c:ef:6b:3e:70:21:3d:88:51:ce:d8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  6 14:43:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c64c41a842f7bbfc47435eb9d315371bd095d88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:79:bb:ef:44:b8:ab:39:67:5e:fd:78:b6:79:
                    a8:d8:ed:83:d8:a5:bb:27:f1:43:66:35:f5:d0:0e:
                    cb:93:93:4d:c6:c4:d4:0e:de:fd:df:85:1a:07:54:
                    dd:be:a6:a9:d1:7c:7f:8b:14:88:c0:69:8f:bd:c2:
                    96:b8:ba:50:b1:f4:d1:7c:2c:8c:e1:36:9f:da:f3:
                    fc:ea:84:88:b3:f7:21:3d:62:dc:29:78:ba:38:43:
                    6f:dd:33:a5:24:89:06:3d:b3:53:98:f1:5a:94:a6:
                    e3:a8:c5:fc:dd:3b:02:f7:b7:8a:f5:9e:6f:2f:31:
                    19:bf:e1:98:e7:4b:9a:3a:c9:50:ee:2a:4d:0f:74:
                    f5:a4:4b:ba:49:4b:3a:07:ff:f0:8b:a9:08:d1:40:
                    92:c3:4c:8b:49:db:25:09:9a:6f:21:1a:17:33:a4:
                    b1:cd:05:d6:80:69:34:cd:a7:70:b7:bc:de:6b:f3:
                    0d:eb:b8:8f:43:c0:a0:0f:2c:92:c1:6a:37:5a:f7:
                    13:4a:6c:55:c2:3f:5b:0a:01:d2:33:fc:64:75:bd:
                    53:4c:41:6f:e4:cc:21:c9:73:9f:b0:72:c5:72:22:
                    5c:47:b8:85:64:fa:34:19:63:eb:d3:5e:84:5e:dd:
                    42:5c:e3:87:c7:3b:22:f5:76:02:ce:59:a0:1f:d0:
                    45:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4C:41:A8:42:F7:BB:FC:47:43:5E:B9:D3:15:37:1B:D0:95:D8:8D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xkxBqEL3u_xHQ1650xU3G9CV2I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:8d:7e:e6:ca:1d:35:7f:65:08:d3:ec:0f:24:a0:7d:80:51:
         14:3a:66:e1:3b:39:6c:80:63:48:b6:d4:5a:7a:84:8f:b3:c7:
         c1:5d:79:02:a1:d5:a8:20:62:53:e8:f7:cb:31:5d:66:7e:92:
         a7:f5:e9:d6:2c:f2:87:f2:75:96:25:1b:c6:0d:20:59:22:c3:
         6a:f9:d2:e1:e0:76:e3:5b:10:3d:ad:fd:93:df:26:13:89:22:
         85:ac:ff:6a:7d:59:0d:77:df:4e:73:b2:84:11:8d:09:6a:35:
         b4:53:b3:03:a1:33:ff:3b:02:13:2e:7e:95:37:bb:f8:ba:ec:
         43:8c:79:16:e4:16:06:01:bf:90:a7:2f:ca:21:97:c3:ef:be:
         d6:21:5e:62:81:c5:84:72:15:47:e8:b6:9a:ab:32:ea:b6:01:
         9a:82:8f:1e:c3:09:8d:d4:2c:11:c2:69:b1:e7:e7:b7:8f:14:
         ed:7a:7b:81:f9:8a:e7:0e:50:32:16:26:1d:c5:10:b4:48:18:
         57:09:f5:2a:87:19:4f:24:74:17:25:62:a1:12:31:f1:67:81:
         86:8f:32:8d:fc:ed:9d:63:9e:48:74:b5:03:7b:6a:91:8d:b4:
         07:10:ca:3a:51:fc:d7:fa:76:89:03:0b:2a:ce:ec:ab:f3:39:
         55:20:8e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39vhGybO9rPnAhPYhRzthiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA2MTQ0MzA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRjNDFhODQyZjdiYmZjNDc0MzVlYjlkMzE1MzcxYmQwOTVkODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Hm770S4qzlnXv14tnmo2O2D2KW7
J/FDZjX10A7Lk5NNxsTUDt7934UaB1Tdvqap0Xx/ixSIwGmPvcKWuLpQsfTRfCyM
4Taf2vP86oSIs/chPWLcKXi6OENv3TOlJIkGPbNTmPFalKbjqMX83TsC97eK9Z5v
LzEZv+GY50uaOslQ7ipND3T1pEu6SUs6B//wi6kI0UCSw0yLSdslCZpvIRoXM6Sx
zQXWgGk0zadwt7zea/MN67iPQ8CgDyySwWo3WvcTSmxVwj9bCgHSM/xkdb1TTEFv
5MwhyXOfsHLFciJcR7iFZPo0GWPr016EXt1CXOOHxzsi9XYCzlmgH9BFjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZMQahC97v8R0NeudMVNxvQldiNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveGt4QnFFTDN1X3hIUTE2NTB4VTNHOUNWMkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2NLMA0G
CSqGSIb3DQEBCwUAA4IBAQB5jX7myh01f2UI0+wPJKB9gFEUOmbhOzlsgGNIttRa
eoSPs8fBXXkCodWoIGJT6PfLMV1mfpKn9enWLPKH8nWWJRvGDSBZIsNq+dLh4Hbj
WxA9rf2T3yYTiSKFrP9qfVkNd99Oc7KEEY0JajW0U7MDoTP/OwITLn6VN7v4uuxD
jHkW5BYGAb+Qpy/KIZfD777WIV5igcWEchVH6LaaqzLqtgGago8ewwmN1CwRwmmx
5+e3jxTtenuB+YrnDlAyFiYdxRC0SBhXCfUqhxlPJHQXJWKhEjHxZ4GGjzKN/O2d
Y55IdLUDe2qRjbQHEMo6UfzX+naJAwsqzuyr8zlVII56
-----END CERTIFICATE-----