Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GAfPKbZy3kpZzNqGkxyqBrBy6ls.roa
File:                     GAfPKbZy3kpZzNqGkxyqBrBy6ls.roa (raw, json)
Hash identifier:          ZMTH3FdLMGvPOeDPBERfnmvuLVmXgIFOZpLhJQjYjR4=
Subject key identifier:   18:07:CF:29:B6:72:DE:4A:59:CC:DA:86:93:1C:AA:06:B0:72:EA:5B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197CF576FE74DBBFA25B699D7B70FE7E363
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GAfPKbZy3kpZzNqGkxyqBrBy6ls.roa
Signing time:             Thu 03 Jul 2025 08:11:43 +0000
ROA not before:           Thu 03 Jul 2025 08:11:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215599
IP address blocks:        82.152.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:57:6f:e7:4d:bb:fa:25:b6:99:d7:b7:0f:e7:e3:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  3 08:11:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1807cf29b672de4a59ccda86931caa06b072ea5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fb:56:7c:fa:5c:77:2d:de:7e:5a:33:09:ea:
                    f1:17:f7:4a:c2:9f:0b:75:7a:3a:c5:51:a0:f8:d0:
                    9d:04:e9:c1:05:b6:93:02:d6:d5:82:76:82:05:f4:
                    b3:89:55:fc:8e:14:da:47:57:54:b1:06:f2:d6:c0:
                    47:76:7a:13:dc:8e:9f:89:c4:01:e6:3d:82:ce:c8:
                    29:c5:2c:66:d1:33:ae:bb:f2:b4:d0:4e:de:94:15:
                    a6:7e:b6:e3:a9:b8:cd:48:05:a1:73:5c:b9:25:e1:
                    d1:a9:3b:fe:da:67:44:67:1f:cd:0f:1b:54:68:17:
                    81:f4:f4:ea:1d:36:c6:8d:8e:c9:f0:e9:1c:eb:93:
                    f2:09:d9:50:92:d6:40:30:c2:1b:95:ba:fa:e3:8d:
                    c7:9a:d1:c6:f8:df:bc:f0:84:67:21:7d:12:20:11:
                    e7:ec:bf:cc:e4:1d:a3:c4:2f:3c:83:57:1f:5c:6a:
                    f2:c1:2e:86:ca:ac:46:0a:12:51:1d:35:56:80:c1:
                    32:92:45:7e:03:f2:66:ba:92:f3:2a:a0:da:b9:d0:
                    44:9b:43:e5:e2:a7:8e:bc:95:c1:99:62:70:7c:44:
                    05:b6:4f:f8:3a:10:1b:f5:8b:f5:50:16:3f:dd:70:
                    ac:e6:20:3c:58:21:9c:84:8e:00:26:84:18:b7:b4:
                    eb:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:07:CF:29:B6:72:DE:4A:59:CC:DA:86:93:1C:AA:06:B0:72:EA:5B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GAfPKbZy3kpZzNqGkxyqBrBy6ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:af:c6:bf:d5:06:24:9f:59:bd:1c:36:5b:69:de:e4:68:25:
         74:86:58:aa:80:89:81:0f:5e:5d:c3:a5:6f:0b:8d:75:aa:8c:
         cc:41:13:b7:53:22:b5:ac:b5:c9:8e:40:91:fe:ef:d4:0e:1d:
         dd:f7:eb:e1:aa:d0:6c:df:50:18:5a:db:03:ea:78:58:e8:b0:
         ef:3f:68:6c:98:6c:7a:22:39:24:ec:48:99:2d:cc:b4:0b:70:
         e7:6e:19:07:d5:0a:d0:c7:de:36:0e:e9:24:83:75:17:c5:b0:
         50:84:6a:3b:ae:d5:32:2b:d9:6c:a5:95:32:91:dc:39:e8:fa:
         bb:13:ac:00:b6:bd:fd:db:06:69:a8:f2:c2:b4:84:7d:f1:00:
         61:76:4a:88:a4:3e:41:f0:e3:29:5d:4b:f5:d1:26:20:6e:38:
         cc:fd:58:a7:e6:7c:52:54:5f:0d:9f:de:e5:7c:ef:53:63:49:
         0d:a0:f3:68:d2:c5:ed:94:fb:02:0d:69:9b:f6:67:dd:12:11:
         3a:91:1b:56:7c:6d:4c:4f:48:97:18:1d:9b:ae:70:ed:77:76:
         14:85:81:96:77:26:af:5f:e6:1d:27:27:95:c7:26:17:ae:bb:
         a5:38:56:92:b5:f8:78:75:aa:ce:7d:8c:db:f8:2b:0d:4f:75:
         6f:f0:0c:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfPV2/nTbv6JbaZ17cP5+NjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzAzMDgxMTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA3Y2YyOWI2NzJkZTRhNTljY2RhODY5MzFjYWEwNmIwNzJlYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/tWfPpcdy3eflozCerxF/dKwp8L
dXo6xVGg+NCdBOnBBbaTAtbVgnaCBfSziVX8jhTaR1dUsQby1sBHdnoT3I6ficQB
5j2CzsgpxSxm0TOuu/K00E7elBWmfrbjqbjNSAWhc1y5JeHRqTv+2mdEZx/NDxtU
aBeB9PTqHTbGjY7J8Okc65PyCdlQktZAMMIblbr6443HmtHG+N+88IRnIX0SIBHn
7L/M5B2jxC88g1cfXGrywS6GyqxGChJRHTVWgMEykkV+A/JmupLzKqDaudBEm0Pl
4qeOvJXBmWJwfEQFtk/4OhAb9Yv1UBY/3XCs5iA8WCGchI4AJoQYt7TriwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgHzym2ct5KWczahpMcqgawcupbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR0FmUEtiWnkza3Baek5xR2t4eXFCckJ5NmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQBCr8a/1QYkn1m9HDZbad7kaCV0hliqgImBD15dw6Vv
C411qozMQRO3UyK1rLXJjkCR/u/UDh3d9+vhqtBs31AYWtsD6nhY6LDvP2hsmGx6
Ijkk7EiZLcy0C3DnbhkH1QrQx942Dukkg3UXxbBQhGo7rtUyK9lspZUykdw56Pq7
E6wAtr392wZpqPLCtIR98QBhdkqIpD5B8OMpXUv10SYgbjjM/Vin5nxSVF8Nn97l
fO9TY0kNoPNo0sXtlPsCDWmb9mfdEhE6kRtWfG1MT0iXGB2brnDtd3YUhYGWdyav
X+YdJyeVxyYXrrulOFaStfh4darOfYzb+CsNT3Vv8AzR
-----END CERTIFICATE-----