Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ljohr1_D5_Mg0TJGztECJOmzvBM.roa
File:                     Ljohr1_D5_Mg0TJGztECJOmzvBM.roa (raw, json)
Hash identifier:          SVsjFvd0viF6MOsS1aWhw+SdpSJAPhWTW3h4sc0HyVY=
Subject key identifier:   2E:3A:21:AF:5F:C3:E7:F3:20:D1:32:46:CE:D1:02:24:E9:B3:BC:13
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019904D083A9774FC1FA2B3DF5495CBACCFD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ljohr1_D5_Mg0TJGztECJOmzvBM.roa
Signing time:             Mon 01 Sep 2025 10:26:37 +0000
ROA not before:           Mon 01 Sep 2025 10:26:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        82.153.222.0/24 maxlen: 24
                          109.176.18.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 13:26:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:04:d0:83:a9:77:4f:c1:fa:2b:3d:f5:49:5c:ba:cc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  1 10:26:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e3a21af5fc3e7f320d13246ced10224e9b3bc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c8:11:3b:41:a8:3b:a1:83:85:e5:8f:6f:56:
                    4c:7e:2a:7d:94:7a:5c:03:8c:50:f4:02:5d:42:4e:
                    01:b0:9c:96:29:7b:d9:ea:67:8e:47:12:36:6a:eb:
                    f3:87:c2:92:16:05:8e:72:65:8c:56:7d:67:db:06:
                    37:ef:39:bf:18:41:bc:c9:c3:22:13:09:4c:ad:62:
                    1f:4c:42:ad:db:f5:9f:e5:35:1d:2b:ee:14:9c:00:
                    a2:a9:6f:c4:21:9a:d6:66:e4:89:a4:1e:b1:b7:95:
                    c8:43:66:2f:ea:d1:83:c6:33:e1:b9:7a:cf:2f:fd:
                    0f:58:8e:2b:85:db:97:45:98:f6:2c:b9:27:35:0a:
                    2a:ca:a2:2d:c5:bd:c3:d8:05:4a:60:ef:cf:fa:c9:
                    59:0a:f8:41:71:7a:0a:d5:85:17:a2:d4:18:72:67:
                    a9:c2:24:1c:c8:1b:5c:02:99:e8:d6:f4:db:b4:08:
                    ae:11:be:75:ce:a4:ba:86:d4:4b:62:cd:8e:c6:83:
                    bc:da:a3:c9:54:52:ec:54:1d:0a:de:a0:b7:3e:a8:
                    bc:e8:17:95:a3:7c:ff:1d:a3:01:1f:01:b4:34:b2:
                    ba:f6:8d:2e:8e:a0:23:1e:52:a1:59:12:08:5c:92:
                    2e:7b:e5:06:8d:2b:9c:89:ef:60:73:92:ac:2e:ef:
                    6f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3A:21:AF:5F:C3:E7:F3:20:D1:32:46:CE:D1:02:24:E9:B3:BC:13
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ljohr1_D5_Mg0TJGztECJOmzvBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.222.0/24
                  109.176.18.0/24
                  109.176.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:81:17:09:d4:39:09:c4:8b:6d:90:80:4a:94:53:d2:22:f0:
         27:85:77:1f:e4:a7:e4:6a:c3:5d:00:ef:99:a2:fb:4f:d9:10:
         de:1b:13:82:73:c0:fc:fa:f5:b3:c3:fd:bd:f2:7c:c6:e3:da:
         9b:a4:96:f6:84:27:b7:78:26:7b:db:a1:d8:53:14:28:4a:e4:
         55:40:d4:40:c8:5a:9b:da:ce:c5:17:7f:50:eb:70:a7:0b:64:
         fa:8f:9e:70:b5:40:19:cc:3a:b4:4e:45:0a:fc:39:d6:a6:45:
         44:17:83:e3:94:62:80:a0:3a:49:49:29:45:dd:b4:9d:69:a2:
         e9:4f:cc:16:2c:af:8e:d6:ab:2e:ee:66:71:f3:00:f2:10:b3:
         17:ee:03:5c:2b:2e:3f:36:4f:21:2e:f3:4f:7b:a9:0e:dc:f4:
         47:3f:99:53:22:6e:60:fe:b7:74:e6:44:95:ed:db:c1:22:3b:
         3e:87:6c:77:b5:6a:6c:d4:06:d1:6a:3c:12:53:c8:dc:90:85:
         3c:6b:a9:7b:c3:e8:b0:e7:0d:d6:1c:5a:8c:91:c3:2e:3e:a0:
         50:cd:d0:fe:a4:2e:29:e1:b7:2b:ce:19:5c:67:03:65:77:d8:
         0f:70:56:29:61:f8:07:9c:04:f2:c6:20:57:51:b3:05:67:85:
         33:09:99:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkE0IOpd0/B+is99Ulcusz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTAxMTAyNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTNhMjFhZjVmYzNlN2YzMjBkMTMyNDZjZWQxMDIyNGU5YjNiYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8gRO0GoO6GDheWPb1ZMfip9lHpc
A4xQ9AJdQk4BsJyWKXvZ6meORxI2auvzh8KSFgWOcmWMVn1n2wY37zm/GEG8ycMi
EwlMrWIfTEKt2/Wf5TUdK+4UnACiqW/EIZrWZuSJpB6xt5XIQ2Yv6tGDxjPhuXrP
L/0PWI4rhduXRZj2LLknNQoqyqItxb3D2AVKYO/P+slZCvhBcXoK1YUXotQYcmep
wiQcyBtcApno1vTbtAiuEb51zqS6htRLYs2OxoO82qPJVFLsVB0K3qC3Pqi86BeV
o3z/HaMBHwG0NLK69o0ujqAjHlKhWRIIXJIue+UGjSucie9gc5KsLu9v0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC46Ia9fw+fzINEyRs7RAiTps7wTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTGpvaHIxX0Q1X01nMFRKR3p0RUNKT216dkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpneAwQA
bbASAwQAbbDQMA0GCSqGSIb3DQEBCwUAA4IBAQCegRcJ1DkJxIttkIBKlFPSIvAn
hXcf5KfkasNdAO+ZovtP2RDeGxOCc8D8+vWzw/298nzG49qbpJb2hCe3eCZ726HY
UxQoSuRVQNRAyFqb2s7FF39Q63CnC2T6j55wtUAZzDq0TkUK/DnWpkVEF4PjlGKA
oDpJSSlF3bSdaaLpT8wWLK+O1qsu7mZx8wDyELMX7gNcKy4/Nk8hLvNPe6kO3PRH
P5lTIm5g/rd05kSV7dvBIjs+h2x3tWps1AbRajwSU8jckIU8a6l7w+iw5w3WHFqM
kcMuPqBQzdD+pC4p4bcrzhlcZwNld9gPcFYpYfgHnATyxiBXUbMFZ4UzCZlP
-----END CERTIFICATE-----