Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4nr89M1DMWJXekAxAX0AqvJeaYc.roa
File:                     4nr89M1DMWJXekAxAX0AqvJeaYc.roa (raw, json)
Hash identifier:          CkQn+OQQFuNNlTbSgVogz+mAxfE6weTSr3G+IxZ/Ijk=
Subject key identifier:   E2:7A:FC:F4:CD:43:31:62:57:7A:40:31:01:7D:00:AA:F2:5E:69:87
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019971751B4101B35580653D871E9AAC95B1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4nr89M1DMWJXekAxAX0AqvJeaYc.roa
Signing time:             Mon 22 Sep 2025 12:45:23 +0000
ROA not before:           Mon 22 Sep 2025 12:45:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        82.153.222.0/24 maxlen: 24
                          89.213.197.0/24 maxlen: 24
                          194.105.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:75:1b:41:01:b3:55:80:65:3d:87:1e:9a:ac:95:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 22 12:45:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27afcf4cd433162577a4031017d00aaf25e6987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2e:52:75:8a:cf:61:82:fe:5c:32:ea:2a:97:
                    d4:13:6b:6b:33:1f:ab:9f:60:fc:58:d6:c3:43:24:
                    42:3a:32:2b:d2:a3:10:ec:7a:ed:c2:aa:c0:e1:58:
                    88:00:46:0b:65:eb:0a:05:8c:d7:d9:ff:40:c1:06:
                    96:50:c3:63:45:52:45:75:81:52:89:ec:17:47:df:
                    ba:30:71:69:21:4b:15:6f:b8:88:7a:e6:ea:5b:8f:
                    ad:9a:0c:6b:3d:b2:72:85:d5:5d:a6:69:bb:e5:d9:
                    2a:e2:61:6f:94:7d:d4:53:36:ac:c7:06:c5:d2:81:
                    3e:bd:5f:d4:b5:43:9f:bb:91:2a:37:c3:79:9c:1b:
                    2e:98:38:81:9c:97:19:83:31:53:d5:6e:fe:0f:75:
                    d8:4b:72:be:33:13:92:c1:54:89:e1:5e:20:bd:1d:
                    da:e7:17:3a:f9:0a:e3:44:15:ab:21:dd:4e:12:ac:
                    99:af:c3:29:91:f4:7d:34:82:eb:99:b0:d4:53:a9:
                    98:8c:0e:ce:14:bf:20:21:a5:4b:09:6f:b1:1e:b9:
                    6c:2f:80:86:95:e5:2e:27:e8:76:51:4d:1d:30:8b:
                    50:da:57:b5:b4:4e:97:6a:d6:50:bf:96:d4:28:76:
                    79:6e:3a:2b:d1:4b:74:50:b0:83:96:85:97:ae:77:
                    df:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7A:FC:F4:CD:43:31:62:57:7A:40:31:01:7D:00:AA:F2:5E:69:87
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4nr89M1DMWJXekAxAX0AqvJeaYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.222.0/24
                  89.213.197.0/24
                  194.105.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:dd:93:6b:51:bc:1e:26:cc:34:29:b7:86:42:5e:9b:35:9a:
         40:6b:d9:cc:70:ab:80:07:f6:b2:9c:1c:02:c1:b2:ef:5c:d3:
         09:59:e2:b8:72:05:fc:c4:63:e4:3e:1a:28:39:8a:17:36:48:
         0e:58:c9:c0:87:35:e0:9f:10:9c:34:4e:9e:64:a1:58:b0:88:
         ef:17:3c:73:20:9d:0f:ef:c4:5f:db:08:1d:21:55:38:93:ad:
         cd:09:88:8d:d7:03:69:41:8b:f0:c0:b5:ee:4e:1a:6c:a8:c5:
         9b:92:83:d9:5c:3d:93:ae:18:f8:fa:9c:90:e2:35:98:3f:c3:
         fe:b5:6d:d0:31:f3:bd:44:3d:eb:79:84:3e:ad:3e:04:af:8d:
         46:7b:42:ed:2d:7b:53:e1:2f:ac:25:4b:a4:af:c7:a9:89:7f:
         c7:95:30:65:76:a1:c1:71:c4:40:34:3f:cb:00:d1:5e:02:11:
         5b:b8:f9:89:33:4a:66:8a:14:0f:93:89:73:a6:8b:67:0d:bd:
         de:bb:cf:7a:65:41:43:fe:ae:25:bb:e0:77:7d:81:23:35:1e:
         3c:f7:ba:27:39:96:43:03:70:a3:ba:7e:23:92:b4:c6:99:54:
         27:76:8c:11:b0:41:ae:4d:9d:86:b3:2f:59:91:ad:70:54:73:
         d7:4c:30:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlxdRtBAbNVgGU9hx6arJWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTIyMTI0NTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdhZmNmNGNkNDMzMTYyNTc3YTQwMzEwMTdkMDBhYWYyNWU2OTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4y5SdYrPYYL+XDLqKpfUE2trMx+r
n2D8WNbDQyRCOjIr0qMQ7HrtwqrA4ViIAEYLZesKBYzX2f9AwQaWUMNjRVJFdYFS
iewXR9+6MHFpIUsVb7iIeubqW4+tmgxrPbJyhdVdpmm75dkq4mFvlH3UUzasxwbF
0oE+vV/UtUOfu5EqN8N5nBsumDiBnJcZgzFT1W7+D3XYS3K+MxOSwVSJ4V4gvR3a
5xc6+QrjRBWrId1OEqyZr8MpkfR9NILrmbDUU6mYjA7OFL8gIaVLCW+xHrlsL4CG
leUuJ+h2UU0dMItQ2le1tE6XatZQv5bUKHZ5bjor0Ut0ULCDloWXrnffWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOJ6/PTNQzFiV3pAMQF9AKryXmmHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNG5yODlNMURNV0pYZWtBeEFYMEFxdkplYVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpneAwQA
WdXFAwQAwmlaMA0GCSqGSIb3DQEBCwUAA4IBAQAs3ZNrUbweJsw0KbeGQl6bNZpA
a9nMcKuAB/aynBwCwbLvXNMJWeK4cgX8xGPkPhooOYoXNkgOWMnAhzXgnxCcNE6e
ZKFYsIjvFzxzIJ0P78Rf2wgdIVU4k63NCYiN1wNpQYvwwLXuThpsqMWbkoPZXD2T
rhj4+pyQ4jWYP8P+tW3QMfO9RD3reYQ+rT4Er41Ge0LtLXtT4S+sJUukr8epiX/H
lTBldqHBccRAND/LANFeAhFbuPmJM0pmihQPk4lzpotnDb3eu896ZUFD/q4lu+B3
fYEjNR4897onOZZDA3Cjun4jkrTGmVQndowRsEGuTZ2Gsy9Zka1wVHPXTDBO
-----END CERTIFICATE-----