Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/65pQX-5Cq9m8xgABxxXK6LsXxKo.roa
File:                     65pQX-5Cq9m8xgABxxXK6LsXxKo.roa (raw, json)
Hash identifier:          0aO0w3GoB5hvOWrvexrUEqD+WxIa2c38McmdKkOI654=
Subject key identifier:   EB:9A:50:5F:EE:42:AB:D9:BC:C6:00:01:C7:15:CA:E8:BB:17:C4:AA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019932C9FC4B65D1F7FB717A67A0DC88CDB3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/65pQX-5Cq9m8xgABxxXK6LsXxKo.roa
Signing time:             Wed 10 Sep 2025 08:42:02 +0000
ROA not before:           Wed 10 Sep 2025 08:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        109.176.15.0/24 maxlen: 24
                          217.145.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:c9:fc:4b:65:d1:f7:fb:71:7a:67:a0:dc:88:cd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 10 08:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb9a505fee42abd9bcc60001c715cae8bb17c4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:bd:ef:88:fe:83:1d:eb:e4:ab:ed:d8:02:d1:
                    79:1a:bc:b4:f1:a2:87:28:3e:45:bd:8b:4d:af:16:
                    9a:7d:34:96:fc:c9:bf:b9:06:f7:db:ea:e3:25:84:
                    59:fa:3e:86:6c:64:44:40:11:37:f6:e1:f2:83:92:
                    b9:0a:c2:c5:98:54:f9:c4:b1:5c:d5:f2:d7:d1:9f:
                    92:c7:b1:71:e3:db:3c:ff:d9:63:79:73:59:8e:3a:
                    39:3a:31:13:e0:dc:e4:73:ec:9a:b3:7f:14:83:d4:
                    6d:1a:5b:10:97:f3:3c:a3:01:7c:3f:61:f8:d9:0b:
                    d1:e5:44:10:8f:9b:d6:03:ce:52:86:10:bf:40:68:
                    af:a4:50:d3:95:52:99:3a:5d:09:74:e8:3f:ac:49:
                    96:5e:f3:85:50:cf:9d:78:54:de:44:26:80:7a:dd:
                    5f:1d:67:f3:aa:6f:6c:08:46:fe:f4:6c:92:94:20:
                    66:d5:10:b0:9c:56:79:30:ae:e5:69:d1:23:66:07:
                    b6:3b:51:e7:66:9d:29:9f:29:e3:63:c4:35:ca:da:
                    52:12:f4:c4:b5:ed:af:a2:1d:34:73:8d:a0:30:87:
                    43:63:b4:38:24:05:92:b6:1e:45:fd:23:64:a1:43:
                    cc:28:6e:55:18:ab:1d:0b:1a:44:c3:fd:39:8b:f7:
                    64:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:9A:50:5F:EE:42:AB:D9:BC:C6:00:01:C7:15:CA:E8:BB:17:C4:AA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/65pQX-5Cq9m8xgABxxXK6LsXxKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.15.0/24
                  217.145.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:63:c4:31:d8:07:f0:b6:b6:4b:25:15:5c:5e:41:a7:25:69:
         50:7f:58:58:fe:14:93:cd:65:bd:6f:7f:bd:ed:7a:04:2e:c7:
         dc:f3:a5:84:eb:dc:8c:e5:61:c6:ff:31:18:7a:e6:44:7b:c6:
         28:4e:fc:61:26:cc:3b:b0:67:98:76:ad:70:2c:3d:19:05:75:
         1b:dd:81:63:fa:22:94:2d:bd:2d:dd:c6:59:39:80:49:b4:f4:
         92:ce:91:1c:0c:4b:f3:3d:c0:e1:c7:c3:75:96:00:fa:81:38:
         cc:45:fb:37:2c:c1:c0:a0:e8:03:50:32:66:56:f0:a8:3c:b2:
         6a:3e:b3:b2:98:a8:fd:8b:de:07:20:cc:fa:6d:ca:2a:fc:6e:
         0a:11:9e:a9:9f:2b:0a:c4:02:1d:07:bf:52:85:c3:01:b0:59:
         1d:fd:80:5a:2b:e3:84:15:c8:00:a9:08:06:82:37:ac:96:e0:
         1c:65:4e:38:7d:4f:f5:24:24:89:43:b7:7f:72:04:1c:46:99:
         ea:e7:69:74:4e:3a:83:06:53:d7:7f:7e:0d:7f:6e:55:7f:63:
         d6:21:7d:6d:23:aa:20:89:76:ad:f8:84:0d:66:b1:9e:34:20:
         af:b6:b5:41:2a:ae:49:a0:c8:22:84:3d:bf:26:9b:8c:a1:5b:
         d3:16:6a:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkyyfxLZdH3+3F6Z6DciM2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTEwMDg0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjlhNTA1ZmVlNDJhYmQ5YmNjNjAwMDFjNzE1Y2FlOGJiMTdjNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwL3viP6DHevkq+3YAtF5Gry08aKH
KD5FvYtNrxaafTSW/Mm/uQb32+rjJYRZ+j6GbGREQBE39uHyg5K5CsLFmFT5xLFc
1fLX0Z+Sx7Fx49s8/9ljeXNZjjo5OjET4Nzkc+yas38Ug9RtGlsQl/M8owF8P2H4
2QvR5UQQj5vWA85ShhC/QGivpFDTlVKZOl0JdOg/rEmWXvOFUM+deFTeRCaAet1f
HWfzqm9sCEb+9GySlCBm1RCwnFZ5MK7ladEjZge2O1HnZp0pnynjY8Q1ytpSEvTE
te2voh00c42gMIdDY7Q4JAWSth5F/SNkoUPMKG5VGKsdCxpEw/05i/dkJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOuaUF/uQqvZvMYAAccVyui7F8SqMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNjVwUVgtNUNxOW04eGdBQnh4WEs2THNYeEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbAPAwQA
2ZFBMA0GCSqGSIb3DQEBCwUAA4IBAQCLY8Qx2AfwtrZLJRVcXkGnJWlQf1hY/hST
zWW9b3+97XoELsfc86WE69yM5WHG/zEYeuZEe8YoTvxhJsw7sGeYdq1wLD0ZBXUb
3YFj+iKULb0t3cZZOYBJtPSSzpEcDEvzPcDhx8N1lgD6gTjMRfs3LMHAoOgDUDJm
VvCoPLJqPrOymKj9i94HIMz6bcoq/G4KEZ6pnysKxAIdB79ShcMBsFkd/YBaK+OE
FcgAqQgGgjesluAcZU44fU/1JCSJQ7d/cgQcRpnq52l0TjqDBlPXf34Nf25Vf2PW
IX1tI6ogiXat+IQNZrGeNCCvtrVBKq5JoMgihD2/JpuMoVvTFmov
-----END CERTIFICATE-----