Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fhbe5UHDa-_iOrxfDGKZbksGNts.roa
File:                     fhbe5UHDa-_iOrxfDGKZbksGNts.roa (raw, json)
Hash identifier:          8jZnyvr9SPScfl5UhroXaYLZtjDv+4osCm5Z9/xKZCc=
Subject key identifier:   7E:16:DE:E5:41:C3:6B:EF:E2:3A:BC:5F:0C:62:99:6E:4B:06:36:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019952EFE174DAD375C036DB4F4C475EF516
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fhbe5UHDa-_iOrxfDGKZbksGNts.roa
Signing time:             Tue 16 Sep 2025 14:31:16 +0000
ROA not before:           Tue 16 Sep 2025 14:31:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215599
IP address blocks:        82.152.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:ef:e1:74:da:d3:75:c0:36:db:4f:4c:47:5e:f5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 16 14:31:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e16dee541c36befe23abc5f0c62996e4b0636db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fb:2d:8e:12:1b:26:bd:73:63:4f:4c:8b:21:
                    f3:7d:8a:57:d9:1a:d1:da:c2:13:7b:8e:ac:ce:6f:
                    5c:3d:27:4e:c0:73:eb:2c:08:73:98:fc:b9:62:3f:
                    29:50:10:8b:25:83:74:03:3d:20:f6:e8:fd:55:5a:
                    7c:24:53:2b:a5:37:d3:6c:8b:26:49:06:b1:eb:a3:
                    0b:36:33:79:c1:7f:04:08:fe:a7:f7:75:c3:83:44:
                    25:6e:da:6a:c4:c0:f4:76:06:a9:0b:98:1f:3f:a1:
                    41:d2:2d:97:f4:ce:39:2e:b7:31:82:0c:8f:df:3f:
                    3c:b3:a8:75:fb:84:08:2e:89:22:0f:6b:b2:fc:85:
                    be:db:f0:23:88:77:6b:98:8f:1f:32:3f:b1:4e:ab:
                    39:06:2c:d2:eb:d9:c1:a0:c9:0c:55:b6:35:4a:8d:
                    a7:15:65:8b:a1:6a:ea:e8:6b:46:5a:35:a5:bf:b5:
                    19:63:b3:1d:b5:55:dd:c6:0e:ec:8a:de:9a:b9:98:
                    2c:01:47:15:9b:d1:c8:af:8f:b6:b6:96:84:8d:2e:
                    10:81:1f:22:94:0a:fa:56:71:9d:97:e8:3d:90:2e:
                    58:a4:f2:6e:2e:3c:6b:fd:57:ab:ce:f3:f5:97:39:
                    c3:9e:a8:8b:83:66:86:5b:86:1d:88:cb:e2:94:02:
                    b1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:16:DE:E5:41:C3:6B:EF:E2:3A:BC:5F:0C:62:99:6E:4B:06:36:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fhbe5UHDa-_iOrxfDGKZbksGNts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c1:80:22:21:fb:19:8e:54:07:50:ed:f1:b9:1c:ae:6f:ae:
         36:43:a8:2e:81:8a:aa:07:1a:3b:aa:91:c0:24:4f:39:9d:b4:
         d0:ad:64:4d:40:ac:a4:47:5d:12:a9:79:e1:fe:af:6f:75:9e:
         a1:e5:ac:34:79:c3:68:78:d7:d1:02:5c:14:23:27:93:01:8a:
         44:3a:7b:9c:bd:ee:ae:1d:d9:34:e0:ef:fa:97:ed:80:59:7d:
         28:9a:49:f6:34:f4:21:3b:14:a3:da:23:0a:25:a1:29:0a:86:
         8d:9e:6a:44:17:3b:49:fb:21:8c:4a:0b:1a:e8:19:23:19:92:
         b7:d3:d0:44:a0:1b:18:3d:c1:06:04:fb:37:98:d4:e8:bf:af:
         f1:d6:a3:1d:6e:85:de:02:2e:04:a0:5f:d5:5a:ea:96:64:82:
         86:7d:db:50:1e:cc:a6:42:47:06:a6:0f:ba:07:86:93:17:6c:
         6e:b4:c9:a9:39:40:4f:29:c3:c2:cb:26:84:06:fb:39:2f:eb:
         d3:07:fb:d1:73:f4:67:34:d8:85:68:b4:4a:ac:22:4b:6e:e3:
         7a:33:f5:3f:9c:23:d2:fc:9a:28:c6:55:06:bc:60:06:c6:75:
         94:4f:47:77:8a:8c:be:3a:7b:65:4c:16:89:f5:ba:a7:be:a3:
         ac:57:81:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlS7+F02tN1wDbbT0xHXvUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTE2MTQzMTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE2ZGVlNTQxYzM2YmVmZTIzYWJjNWYwYzYyOTk2ZTRiMDYzNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/stjhIbJr1zY09MiyHzfYpX2RrR
2sITe46szm9cPSdOwHPrLAhzmPy5Yj8pUBCLJYN0Az0g9uj9VVp8JFMrpTfTbIsm
SQax66MLNjN5wX8ECP6n93XDg0QlbtpqxMD0dgapC5gfP6FB0i2X9M45LrcxggyP
3z88s6h1+4QILokiD2uy/IW+2/AjiHdrmI8fMj+xTqs5BizS69nBoMkMVbY1So2n
FWWLoWrq6GtGWjWlv7UZY7MdtVXdxg7sit6auZgsAUcVm9HIr4+2tpaEjS4QgR8i
lAr6VnGdl+g9kC5YpPJuLjxr/VerzvP1lznDnqiLg2aGW4YdiMvilAKxMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4W3uVBw2vv4jq8XwximW5LBjbbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZmhiZTVVSERhLV9pT3J4ZkRHS1pia3NHTnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQBjwYAiIfsZjlQHUO3xuRyub642Q6gugYqqBxo7qpHA
JE85nbTQrWRNQKykR10SqXnh/q9vdZ6h5aw0ecNoeNfRAlwUIyeTAYpEOnucve6u
Hdk04O/6l+2AWX0omkn2NPQhOxSj2iMKJaEpCoaNnmpEFztJ+yGMSgsa6BkjGZK3
09BEoBsYPcEGBPs3mNTov6/x1qMdboXeAi4EoF/VWuqWZIKGfdtQHsymQkcGpg+6
B4aTF2xutMmpOUBPKcPCyyaEBvs5L+vTB/vRc/RnNNiFaLRKrCJLbuN6M/U/nCPS
/JooxlUGvGAGxnWUT0d3ioy+OntlTBaJ9bqnvqOsV4E/
-----END CERTIFICATE-----