Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8Z8j9p9s9CwKXKGsMdQwlcXgaAU.roa
File:                     8Z8j9p9s9CwKXKGsMdQwlcXgaAU.roa (raw, json)
Hash identifier:          QHmD07UzKsxFBwUsUynp4a1XONIx2xeRCNpiNttuk5I=
Subject key identifier:   F1:9F:23:F6:9F:6C:F4:2C:0A:5C:A1:AC:31:D4:30:95:C5:E0:68:05
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197F0032BAD69507A8A56A986B86BFF9C36
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8Z8j9p9s9CwKXKGsMdQwlcXgaAU.roa
Signing time:             Wed 09 Jul 2025 16:27:09 +0000
ROA not before:           Wed 09 Jul 2025 16:27:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45815
IP address blocks:        94.249.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:03:2b:ad:69:50:7a:8a:56:a9:86:b8:6b:ff:9c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  9 16:27:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f19f23f69f6cf42c0a5ca1ac31d43095c5e06805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6e:2c:88:c0:54:da:3d:c6:e8:dd:92:2f:67:
                    76:73:02:3e:69:70:d1:e6:17:0c:2d:28:0c:9a:b9:
                    1d:1e:92:98:ef:10:c2:3b:46:49:42:27:69:29:87:
                    ff:14:5f:9c:cf:88:58:27:2d:fa:c5:a7:39:2a:0a:
                    56:18:de:e6:51:fe:4e:3c:c3:2c:64:07:5e:59:47:
                    75:6c:f9:6d:41:ec:c0:56:56:b3:d6:60:1d:13:08:
                    c5:c6:8c:50:f4:b9:0a:d8:d3:84:1f:fc:ee:2f:e8:
                    9b:b9:f8:95:79:c8:e3:8a:1d:cf:9e:44:47:00:ad:
                    50:5d:77:cc:b7:df:86:0a:17:d9:23:74:cd:20:65:
                    b5:d9:6d:21:2f:c5:a0:66:bb:b3:5c:16:f0:e1:fd:
                    13:0b:34:d6:2c:8b:88:9e:70:24:7d:40:8e:65:d6:
                    93:6d:73:a2:23:3e:a6:c2:fa:69:12:dc:f3:b9:bb:
                    9a:1f:01:2a:05:33:37:f5:fc:fc:ba:18:85:6e:83:
                    ba:b7:6d:c5:47:b8:60:8e:de:c3:88:f6:51:f7:3e:
                    b2:d1:e7:d9:c4:2d:ef:8a:57:97:26:ec:0c:81:5b:
                    48:a2:73:12:cc:60:58:74:ea:a0:37:c8:2f:db:8c:
                    6f:19:49:8e:0a:6f:40:1a:09:74:a2:8c:81:9b:98:
                    da:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:9F:23:F6:9F:6C:F4:2C:0A:5C:A1:AC:31:D4:30:95:C5:E0:68:05
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/8Z8j9p9s9CwKXKGsMdQwlcXgaAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2f:d0:85:66:8c:00:f0:18:26:21:ec:47:9a:11:0f:ba:68:
         47:74:d2:72:ff:22:18:f4:aa:7e:07:9a:5c:51:07:2d:95:d3:
         6e:b9:7e:c4:1a:83:b0:32:04:45:c6:85:91:e8:22:c1:c2:b3:
         c2:59:a6:dc:e5:5d:26:78:d3:a3:ff:fc:1c:5d:05:ab:b4:6d:
         e9:b6:8d:55:81:81:db:4f:03:ce:60:a9:48:27:53:65:b3:37:
         39:cc:9f:36:f7:89:14:91:84:c9:75:3d:1a:c0:09:0d:ea:83:
         e3:ae:01:1d:56:c0:ea:bd:d9:09:3d:05:61:3b:55:63:69:a7:
         b2:eb:63:e8:47:92:99:96:40:fe:55:6b:00:00:78:52:ad:fd:
         f6:16:5f:4b:95:f5:af:c5:7b:fa:88:8d:7f:34:3e:07:5a:d4:
         df:e5:07:c1:12:f9:36:da:33:56:09:76:e8:a9:10:03:f5:93:
         a8:48:9f:06:f5:46:5c:52:9e:f1:21:d3:c2:1d:fc:44:14:55:
         01:e7:e7:5c:61:8d:33:8b:f1:d9:18:97:de:29:f6:ca:97:43:
         5e:6b:db:03:3a:0c:3a:8d:22:86:93:41:56:f6:a1:fa:e4:a3:
         3b:ff:33:fd:8e:54:12:37:69:b2:d2:d5:98:85:43:67:44:ec:
         f5:9f:ff:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfwAyutaVB6ilaphrhr/5w2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA5MTYyNzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTlmMjNmNjlmNmNmNDJjMGE1Y2ExYWMzMWQ0MzA5NWM1ZTA2ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm4siMBU2j3G6N2SL2d2cwI+aXDR
5hcMLSgMmrkdHpKY7xDCO0ZJQidpKYf/FF+cz4hYJy36xac5KgpWGN7mUf5OPMMs
ZAdeWUd1bPltQezAVlaz1mAdEwjFxoxQ9LkK2NOEH/zuL+ibufiVecjjih3PnkRH
AK1QXXfMt9+GChfZI3TNIGW12W0hL8WgZruzXBbw4f0TCzTWLIuInnAkfUCOZdaT
bXOiIz6mwvppEtzzubuaHwEqBTM39fz8uhiFboO6t23FR7hgjt7DiPZR9z6y0efZ
xC3vileXJuwMgVtIonMSzGBYdOqgN8gv24xvGUmOCm9AGgl0ooyBm5ja1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGfI/afbPQsClyhrDHUMJXF4GgFMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvOFo4ajlwOXM5Q3dLWEtHc01kUXdsY1hnYUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnVMA0G
CSqGSIb3DQEBCwUAA4IBAQAXL9CFZowA8BgmIexHmhEPumhHdNJy/yIY9Kp+B5pc
UQctldNuuX7EGoOwMgRFxoWR6CLBwrPCWabc5V0meNOj//wcXQWrtG3pto1VgYHb
TwPOYKlIJ1Nlszc5zJ8294kUkYTJdT0awAkN6oPjrgEdVsDqvdkJPQVhO1Vjaaey
62PoR5KZlkD+VWsAAHhSrf32Fl9LlfWvxXv6iI1/ND4HWtTf5QfBEvk22jNWCXbo
qRAD9ZOoSJ8G9UZcUp7xIdPCHfxEFFUB5+dcYY0zi/HZGJfeKfbKl0Nea9sDOgw6
jSKGk0FW9qH65KM7/zP9jlQSN2my0tWYhUNnROz1n//T
-----END CERTIFICATE-----