Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0XtZ6lTOPvcOzbilF-_tv8IZkpU.roa
File:                     0XtZ6lTOPvcOzbilF-_tv8IZkpU.roa (raw, json)
Hash identifier:          ZMx0bRRx9xkThMchkVworwHiq5QAQtliCMr0F3JchgM=
Subject key identifier:   D1:7B:59:EA:54:CE:3E:F7:0E:CD:B8:A5:17:EF:ED:BF:C2:19:92:95
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019957DABAC476BD0BC54BF0EB6C6EB6C103
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0XtZ6lTOPvcOzbilF-_tv8IZkpU.roa
Signing time:             Wed 17 Sep 2025 13:26:16 +0000
ROA not before:           Wed 17 Sep 2025 13:26:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215071
IP address blocks:        213.130.132.0/24 maxlen: 24
                          213.130.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:da:ba:c4:76:bd:0b:c5:4b:f0:eb:6c:6e:b6:c1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 17 13:26:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d17b59ea54ce3ef70ecdb8a517efedbfc2199295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0e:bd:ec:b5:cd:b4:b5:de:7d:51:d2:d8:33:
                    d4:1b:2a:cf:43:c0:72:93:47:21:03:1e:f3:18:7c:
                    51:b3:c7:7a:ee:ce:91:61:93:15:9b:87:e1:cf:5f:
                    e3:46:86:3f:41:a8:1b:8a:e0:d6:23:c3:28:99:0e:
                    7a:db:d8:35:9a:48:9f:91:13:16:0b:d7:aa:e0:34:
                    ee:97:f6:f7:16:30:4f:32:b3:62:eb:f0:85:83:bc:
                    2c:9b:d4:16:10:4e:4c:ae:83:bb:de:4a:b2:f1:33:
                    3a:ee:b6:2c:e4:d0:81:35:39:0d:29:f4:d2:2b:be:
                    1d:fc:f6:1c:59:ce:85:b5:45:03:02:93:dd:56:24:
                    52:de:8c:13:14:cb:92:39:b6:5d:c4:ee:12:8c:2b:
                    02:3b:73:82:6e:e3:83:ec:b8:4d:8a:21:b7:21:b0:
                    49:31:49:1a:66:88:5c:46:a7:8a:b2:73:0d:68:44:
                    0c:e3:ab:c4:87:26:8c:e0:c5:f1:5c:b0:f5:c6:59:
                    aa:16:8f:c7:af:ef:b7:7e:bf:72:29:92:69:dc:82:
                    8a:c6:c3:f5:0b:ee:5e:ee:18:f4:49:8e:57:03:c2:
                    ff:93:6c:fd:83:32:33:5e:34:5e:fa:3d:8c:8f:10:
                    80:e9:2a:3b:8a:87:74:76:49:9d:b2:7c:88:67:9d:
                    d0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:7B:59:EA:54:CE:3E:F7:0E:CD:B8:A5:17:EF:ED:BF:C2:19:92:95
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0XtZ6lTOPvcOzbilF-_tv8IZkpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:e8:ee:ed:ad:b2:60:00:ca:cc:4f:00:04:da:87:7e:d0:64:
         ea:54:fe:4a:8a:74:ed:93:db:2c:44:b4:07:6b:a4:83:ff:8e:
         e9:8a:04:f0:e0:2a:f7:b7:d2:2b:18:83:7c:93:dd:ed:a0:b3:
         45:ad:d0:ea:48:21:42:32:4d:5d:0b:08:03:77:66:1e:06:34:
         e8:18:79:18:19:14:0e:b9:01:68:bc:f1:77:9d:8a:c5:2c:75:
         9e:6f:70:5b:e0:05:d9:e3:e0:b0:5f:8e:c8:8b:42:a7:05:bd:
         52:d0:ad:76:b4:f9:16:f0:a3:76:de:0a:80:88:42:16:10:79:
         2f:c0:92:6c:96:ce:55:ed:f9:f6:48:c4:70:85:d8:ef:d1:70:
         34:f0:c7:17:3e:b8:cc:c8:42:d0:1b:2e:5d:ed:6b:a2:b6:8b:
         a2:5f:97:07:b9:63:0b:8a:40:d2:56:98:83:1d:46:b4:74:53:
         72:40:3d:60:1d:30:c1:c5:b4:65:68:0a:a5:f7:5d:42:c0:ae:
         ee:b4:3d:6c:a6:ad:7d:ba:27:19:3c:a1:96:c7:b6:34:3b:50:
         3a:a4:7a:ef:53:c4:ab:2b:d1:ed:c8:50:d0:ea:3c:48:4e:6d:
         de:b6:c7:cb:be:da:82:50:d5:1a:b8:ea:eb:fd:f7:71:9f:6b:
         5e:a7:31:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlX2rrEdr0LxUvw62xutsEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTE3MTMyNjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTdiNTllYTU0Y2UzZWY3MGVjZGI4YTUxN2VmZWRiZmMyMTk5Mjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4A697LXNtLXefVHS2DPUGyrPQ8By
k0chAx7zGHxRs8d67s6RYZMVm4fhz1/jRoY/QagbiuDWI8MomQ5629g1mkifkRMW
C9eq4DTul/b3FjBPMrNi6/CFg7wsm9QWEE5MroO73kqy8TM67rYs5NCBNTkNKfTS
K74d/PYcWc6FtUUDApPdViRS3owTFMuSObZdxO4SjCsCO3OCbuOD7LhNiiG3IbBJ
MUkaZohcRqeKsnMNaEQM46vEhyaM4MXxXLD1xlmqFo/Hr++3fr9yKZJp3IKKxsP1
C+5e7hj0SY5XA8L/k2z9gzIzXjRe+j2MjxCA6So7iod0dkmdsnyIZ53QRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNF7WepUzj73Ds24pRfv7b/CGZKVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMFh0WjZsVE9QdmNPemJpbEYtX3R2OElaa3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1YKEMA0G
CSqGSIb3DQEBCwUAA4IBAQA+6O7trbJgAMrMTwAE2od+0GTqVP5KinTtk9ssRLQH
a6SD/47pigTw4Cr3t9IrGIN8k93toLNFrdDqSCFCMk1dCwgDd2YeBjToGHkYGRQO
uQFovPF3nYrFLHWeb3Bb4AXZ4+CwX47Ii0KnBb1S0K12tPkW8KN23gqAiEIWEHkv
wJJsls5V7fn2SMRwhdjv0XA08McXPrjMyELQGy5d7WuitouiX5cHuWMLikDSVpiD
HUa0dFNyQD1gHTDBxbRlaAql911CwK7utD1spq19uicZPKGWx7Y0O1A6pHrvU8Sr
K9HtyFDQ6jxITm3etsfLvtqCUNUauOrr/fdxn2tepzHM
-----END CERTIFICATE-----