Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KH_E_GiObsmTv99gXNaiUaDc0fk.roa
File:                     KH_E_GiObsmTv99gXNaiUaDc0fk.roa (raw, json)
Hash identifier:          I4wdx7iTCMnNwgf19Dhb02k5rgLIwrb54cTcS98lJ3c=
Subject key identifier:   28:7F:C4:FC:68:8E:6E:C9:93:BF:DF:60:5C:D6:A2:51:A0:DC:D1:F9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01980D12EA5B3A37E00C38C2D9E1B6F92E33
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KH_E_GiObsmTv99gXNaiUaDc0fk.roa
Signing time:             Tue 15 Jul 2025 07:53:20 +0000
ROA not before:           Tue 15 Jul 2025 07:53:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213607
IP address blocks:        81.168.85.0/24 maxlen: 24
                          82.153.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 16:14:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:12:ea:5b:3a:37:e0:0c:38:c2:d9:e1:b6:f9:2e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 15 07:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=287fc4fc688e6ec993bfdf605cd6a251a0dcd1f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:dd:55:c4:b2:53:90:18:be:0c:42:b7:85:ab:
                    4c:a8:90:50:b5:f3:e4:16:3d:e1:95:d6:b7:da:8b:
                    0d:78:fd:5a:f1:a1:8a:9e:2f:fb:be:55:e1:2f:40:
                    b4:a4:84:b2:af:81:ee:04:fd:8c:92:ab:e5:4f:97:
                    a1:81:0d:27:0f:bd:44:4e:0a:80:04:c6:e3:b8:a7:
                    9c:3a:24:57:fa:b7:db:b1:e7:fd:28:68:03:52:36:
                    ca:77:48:81:61:e3:f7:9b:7f:e7:f7:bc:41:7b:47:
                    bd:90:5b:cb:66:8e:b9:42:3f:82:f2:be:19:b7:cb:
                    6c:9d:13:60:5e:3c:35:54:5a:01:18:32:f5:94:de:
                    0c:34:56:a5:0f:88:35:48:a6:11:15:c5:31:7b:19:
                    f6:9f:9f:24:98:b2:58:6e:5b:91:af:de:67:9d:bf:
                    a0:c8:d1:77:4f:4c:2e:51:a9:61:64:cf:7b:27:d9:
                    d1:bd:de:9e:67:65:18:67:98:e0:3f:fb:e2:6f:ae:
                    8d:7d:f2:f8:d1:84:dd:75:c5:8f:dc:32:98:b2:96:
                    78:f3:09:32:bf:83:15:08:55:5b:ee:11:cf:ee:25:
                    ca:9e:f1:f0:eb:47:84:9f:79:cc:7c:6b:27:0c:6c:
                    41:1e:35:2f:6a:15:3f:22:23:8e:6f:e8:05:4d:d2:
                    2a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7F:C4:FC:68:8E:6E:C9:93:BF:DF:60:5C:D6:A2:51:A0:DC:D1:F9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KH_E_GiObsmTv99gXNaiUaDc0fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.85.0/24
                  82.153.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:5f:7e:9e:e1:bd:e9:96:0e:de:e1:8a:8c:55:06:ab:80:d8:
         5e:07:05:9b:fb:8c:c0:04:9c:02:18:d7:b1:51:8e:b8:4c:44:
         c1:92:d5:2b:66:5c:66:b4:c1:90:09:c3:39:83:08:8a:60:a9:
         fd:5a:6d:22:b9:67:ad:90:0f:48:45:93:d9:9b:8e:7b:ae:96:
         98:af:d9:c5:97:55:71:1d:33:54:13:fd:5e:09:35:5e:90:b6:
         c6:ba:dd:9d:ca:79:b6:28:da:4a:57:e0:f1:e6:dd:ea:9b:15:
         e8:3f:d1:1d:3d:54:76:d4:87:3e:51:e0:56:9f:98:03:2a:1e:
         b4:f6:bf:49:a5:71:d4:66:f8:cc:6e:e6:88:dd:aa:5f:85:69:
         9c:e5:72:2a:fc:20:87:c2:08:4c:5a:27:62:36:34:42:b1:d9:
         3f:92:7f:b8:78:b2:d2:11:e7:a1:45:95:de:87:5d:cd:e3:ff:
         11:06:b8:3d:7f:bd:98:3f:e3:89:16:97:fa:53:62:fc:0e:8b:
         4c:d5:39:63:6f:31:92:43:78:54:36:35:02:3a:a9:07:8e:bd:
         ec:d6:11:43:29:40:65:50:fe:19:53:49:c5:38:90:95:7a:34:
         42:f4:ea:29:8a:6c:51:02:26:80:6e:df:eb:7d:ac:33:c9:05:
         b9:35:35:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgNEupbOjfgDDjC2eG2+S4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzE1MDc1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdmYzRmYzY4OGU2ZWM5OTNiZmRmNjA1Y2Q2YTI1MWEwZGNkMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut1VxLJTkBi+DEK3hatMqJBQtfPk
Fj3hlda32osNeP1a8aGKni/7vlXhL0C0pISyr4HuBP2MkqvlT5ehgQ0nD71ETgqA
BMbjuKecOiRX+rfbsef9KGgDUjbKd0iBYeP3m3/n97xBe0e9kFvLZo65Qj+C8r4Z
t8tsnRNgXjw1VFoBGDL1lN4MNFalD4g1SKYRFcUxexn2n58kmLJYbluRr95nnb+g
yNF3T0wuUalhZM97J9nRvd6eZ2UYZ5jgP/vib66NffL40YTddcWP3DKYspZ48wky
v4MVCFVb7hHP7iXKnvHw60eEn3nMfGsnDGxBHjUvahU/IiOOb+gFTdIqpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCh/xPxojm7Jk7/fYFzWolGg3NH5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0hfRV9HaU9ic21Udjk5Z1hOYWlVYURjMGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUahVAwQA
UpnsMA0GCSqGSIb3DQEBCwUAA4IBAQCCX36e4b3plg7e4YqMVQargNheBwWb+4zA
BJwCGNexUY64TETBktUrZlxmtMGQCcM5gwiKYKn9Wm0iuWetkA9IRZPZm457rpaY
r9nFl1VxHTNUE/1eCTVekLbGut2dynm2KNpKV+Dx5t3qmxXoP9EdPVR21Ic+UeBW
n5gDKh609r9JpXHUZvjMbuaI3apfhWmc5XIq/CCHwghMWidiNjRCsdk/kn+4eLLS
EeehRZXeh13N4/8RBrg9f72YP+OJFpf6U2L8DotM1TljbzGSQ3hUNjUCOqkHjr3s
1hFDKUBlUP4ZU0nFOJCVejRC9OopimxRAiaAbt/rfawzyQW5NTUb
-----END CERTIFICATE-----