Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j8bUd-aT7cMWYjax8ywHnM9GjVY.roa
File:                     j8bUd-aT7cMWYjax8ywHnM9GjVY.roa (raw, json)
Hash identifier:          sPyd2NBqIggMYf5dBJImL15t7kctON8NIBWnXQSH4vA=
Subject key identifier:   8F:C6:D4:77:E6:93:ED:C3:16:62:36:B1:F3:2C:07:9C:CF:46:8D:56
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197F3EA4A9EEF1B8D86F02D29551A703D0A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j8bUd-aT7cMWYjax8ywHnM9GjVY.roa
Signing time:             Thu 10 Jul 2025 10:38:27 +0000
ROA not before:           Thu 10 Jul 2025 10:38:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        89.213.96.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          213.218.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:ea:4a:9e:ef:1b:8d:86:f0:2d:29:55:1a:70:3d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 10 10:38:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc6d477e693edc3166236b1f32c079ccf468d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e7:61:28:9c:49:70:fd:e0:28:4a:5e:ac:7d:
                    83:14:ba:0c:c4:02:ea:7f:b8:7d:23:5a:75:a8:ac:
                    4b:ea:5d:44:55:eb:bd:47:a4:4d:93:29:ae:6b:3a:
                    5d:d6:90:41:96:14:2a:45:ff:18:de:f6:bb:ff:96:
                    ae:6a:14:dc:5d:93:2c:25:36:3b:11:50:8a:40:05:
                    45:45:25:38:61:73:ad:ac:7a:5c:86:21:c2:63:ea:
                    c1:d7:28:46:ac:8c:b5:7b:bd:3a:5d:b5:bc:9c:8b:
                    50:94:ab:ab:70:95:2b:a6:44:38:20:80:4a:9e:0d:
                    bb:71:5b:be:de:ea:13:00:0c:f1:86:60:a8:8c:4b:
                    5a:3d:49:25:5f:da:47:7d:31:5c:02:1d:80:a0:42:
                    76:33:d3:6d:89:5f:fa:cb:49:fc:73:48:0f:6d:ec:
                    ae:7e:52:72:9d:98:81:34:e7:5f:f5:1e:5e:fd:d1:
                    e9:cd:e6:a2:24:16:b4:a5:15:27:38:f9:00:f4:0b:
                    1d:4a:57:c2:a7:34:ab:ef:ef:6a:ce:62:b5:d8:c1:
                    cb:ac:80:b5:1a:44:dc:5d:c2:52:2d:fc:fd:a8:4a:
                    23:06:36:5d:44:04:06:1d:e2:63:c9:ff:49:43:2b:
                    8c:95:ad:c3:a8:e0:ad:00:3a:3a:e7:18:0d:ca:ae:
                    fa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C6:D4:77:E6:93:ED:C3:16:62:36:B1:F3:2C:07:9C:CF:46:8D:56
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j8bUd-aT7cMWYjax8ywHnM9GjVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.96.0/24
                  109.176.243.0/24
                  213.218.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:83:ba:1f:fd:7c:79:78:43:f5:06:a2:1c:5c:b3:02:6c:ce:
         73:d2:41:59:04:9b:31:2a:52:8c:60:4b:a9:d6:20:56:70:77:
         d0:65:69:d1:48:f6:2b:fc:33:ea:49:cd:aa:f5:24:89:db:a7:
         d4:ac:24:de:77:ac:57:8d:c1:9e:c3:89:07:07:57:81:83:3d:
         a9:bb:0f:8e:f6:7e:35:99:e3:16:ff:b3:f5:36:0b:f3:7f:87:
         f6:76:f0:bc:af:ce:37:a7:0e:70:e1:7c:13:7e:d8:48:d9:25:
         fd:f1:70:55:46:61:77:ee:be:3b:0f:e9:61:7b:55:a7:11:dd:
         ec:3a:6a:cf:75:23:ad:d2:4d:a1:8f:0d:e9:42:c9:ed:3c:0d:
         12:26:09:f9:9a:ff:13:04:48:e1:48:66:96:04:86:ab:ad:01:
         bd:7d:dc:38:e2:00:58:d4:1e:d3:ff:98:6e:6f:0e:e1:0e:4f:
         62:ad:4e:99:c7:28:e7:91:45:42:35:10:5e:c4:dd:ca:ec:86:
         18:c7:ec:53:74:98:b3:ca:77:f8:7d:af:9d:1d:e2:1c:96:73:
         d2:47:de:bc:b7:4f:3c:ed:39:fb:f7:2a:d2:bc:3a:9d:95:04:
         40:01:a5:4d:ae:2d:0b:cb:62:c8:20:60:f9:05:69:f3:97:3a:
         5b:5e:ea:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfz6kqe7xuNhvAtKVUacD0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzEwMTAzODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM2ZDQ3N2U2OTNlZGMzMTY2MjM2YjFmMzJjMDc5Y2NmNDY4ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOdhKJxJcP3gKEperH2DFLoMxALq
f7h9I1p1qKxL6l1EVeu9R6RNkymuazpd1pBBlhQqRf8Y3va7/5auahTcXZMsJTY7
EVCKQAVFRSU4YXOtrHpchiHCY+rB1yhGrIy1e706XbW8nItQlKurcJUrpkQ4IIBK
ng27cVu+3uoTAAzxhmCojEtaPUklX9pHfTFcAh2AoEJ2M9NtiV/6y0n8c0gPbeyu
flJynZiBNOdf9R5e/dHpzeaiJBa0pRUnOPkA9AsdSlfCpzSr7+9qzmK12MHLrIC1
GkTcXcJSLfz9qEojBjZdRAQGHeJjyf9JQyuMla3DqOCtADo65xgNyq76+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI/G1Hfmk+3DFmI2sfMsB5zPRo1WMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvajhiVWQtYVQ3Y01XWWpheDh5d0huTTlHalZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdVgAwQA
bbDzAwQB1dr8MA0GCSqGSIb3DQEBCwUAA4IBAQCKg7of/Xx5eEP1BqIcXLMCbM5z
0kFZBJsxKlKMYEup1iBWcHfQZWnRSPYr/DPqSc2q9SSJ26fUrCTed6xXjcGew4kH
B1eBgz2puw+O9n41meMW/7P1Ngvzf4f2dvC8r843pw5w4XwTfthI2SX98XBVRmF3
7r47D+lhe1WnEd3sOmrPdSOt0k2hjw3pQsntPA0SJgn5mv8TBEjhSGaWBIarrQG9
fdw44gBY1B7T/5hubw7hDk9irU6ZxyjnkUVCNRBexN3K7IYYx+xTdJizynf4fa+d
HeIclnPSR968t0887Tn79yrSvDqdlQRAAaVNri0Ly2LIIGD5BWnzlzpbXupx
-----END CERTIFICATE-----