Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSUT8aiIVS3fVobDJiynsHsO5HQ.roa
File:                     qSUT8aiIVS3fVobDJiynsHsO5HQ.roa (raw, json)
Hash identifier:          +sgOQdtYItO7MVyPseZ8piHKkCYpmhKhd2C0/32htJo=
Subject key identifier:   A9:25:13:F1:A8:88:55:2D:DF:56:86:C3:26:2C:A7:B0:7B:0E:E4:74
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01999EF07B700401C1FA7D9FBE12FC5037CF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSUT8aiIVS3fVobDJiynsHsO5HQ.roa
Signing time:             Wed 01 Oct 2025 08:43:04 +0000
ROA not before:           Wed 01 Oct 2025 08:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215269
IP address blocks:        109.176.254.0/23 maxlen: 24
                          213.130.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:f0:7b:70:04:01:c1:fa:7d:9f:be:12:fc:50:37:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  1 08:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a92513f1a888552ddf5686c3262ca7b07b0ee474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c6:df:00:67:96:7d:df:e3:a6:2f:72:58:ba:
                    6d:9c:a8:ac:1e:c1:93:5f:50:6d:1d:6e:2a:59:51:
                    cc:80:16:63:f9:72:57:31:49:0e:a9:96:55:83:0c:
                    42:01:5b:e1:5a:cb:d1:fc:de:00:9a:cf:9e:2a:76:
                    79:4c:bb:02:3a:f7:dd:47:fb:3a:c0:19:27:0f:e2:
                    19:d2:22:a0:ee:7c:05:9b:e6:37:41:1c:05:10:ea:
                    2e:6b:01:14:34:fe:ac:92:f3:bf:2b:f0:40:9a:73:
                    2c:45:b7:d5:e0:fb:81:56:f8:4d:10:32:62:e8:a6:
                    aa:52:16:b6:e0:0e:4b:7a:d6:8c:ff:60:00:0e:81:
                    52:ae:3c:83:09:19:2f:90:52:13:e9:15:d3:36:32:
                    52:f2:04:9d:5c:d9:36:15:e8:6c:42:34:8a:f2:64:
                    ce:ce:8a:46:d8:e5:8a:33:2c:35:81:d4:d4:5c:d6:
                    87:68:82:52:c9:e1:39:94:49:03:43:18:db:db:19:
                    08:55:9e:67:73:91:b4:e0:28:2c:28:27:29:64:80:
                    f0:57:63:4f:5e:e8:4f:db:6e:b9:5b:63:93:9c:82:
                    fc:c0:d3:ee:d0:3e:1e:0d:4d:a9:fe:e4:93:a7:bc:
                    8b:6f:4f:5a:1f:7a:02:44:42:41:48:9d:6f:4a:16:
                    91:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:25:13:F1:A8:88:55:2D:DF:56:86:C3:26:2C:A7:B0:7B:0E:E4:74
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qSUT8aiIVS3fVobDJiynsHsO5HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.254.0/23
                  213.130.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:92:2a:5a:26:1e:71:14:b9:51:2f:27:0b:ec:df:ad:b7:87:
         c5:70:da:0f:49:ac:99:91:b3:32:6c:ed:e9:b5:06:4f:e5:a3:
         0e:c7:bc:11:1c:05:8f:2b:1b:2b:f2:ea:f8:38:a5:a7:d0:5b:
         2a:3b:d9:e4:30:07:53:ac:80:53:bc:f3:30:5f:40:65:43:06:
         f5:0e:91:47:21:0a:46:33:b9:b1:d3:6e:fd:28:41:70:29:b6:
         d2:ec:76:d7:e1:ed:46:6a:6d:e6:c9:84:95:f4:c1:1c:75:d0:
         7a:4d:d4:54:1e:c0:df:94:bf:86:2e:db:e0:2f:2d:45:9c:ee:
         af:ff:db:dd:88:63:49:dd:0f:da:8a:ed:b9:f2:0b:6c:82:5e:
         a6:3a:49:90:66:90:7b:d2:d9:fe:a9:59:2b:ed:85:7f:08:59:
         de:64:61:ef:5d:fc:32:29:9e:cc:94:96:6c:f3:74:66:c2:34:
         a4:a6:a2:e2:f3:6e:60:44:f7:c9:f1:f2:f3:27:e8:d6:ad:4c:
         29:e7:b6:70:cd:b2:9e:61:87:46:ef:8c:7d:05:22:45:e2:e0:
         6c:e7:e0:a6:82:dc:af:a7:68:c4:c7:77:60:a9:66:41:39:6d:
         ff:77:31:03:d8:fd:6a:6d:b2:9b:7d:a9:7b:46:51:3d:5a:7b:
         d4:0d:42:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZme8HtwBAHB+n2fvhL8UDfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDAxMDg0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI1MTNmMWE4ODg1NTJkZGY1Njg2YzMyNjJjYTdiMDdiMGVlNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosbfAGeWfd/jpi9yWLptnKisHsGT
X1BtHW4qWVHMgBZj+XJXMUkOqZZVgwxCAVvhWsvR/N4Ams+eKnZ5TLsCOvfdR/s6
wBknD+IZ0iKg7nwFm+Y3QRwFEOouawEUNP6skvO/K/BAmnMsRbfV4PuBVvhNEDJi
6KaqUha24A5LetaM/2AADoFSrjyDCRkvkFIT6RXTNjJS8gSdXNk2FehsQjSK8mTO
zopG2OWKMyw1gdTUXNaHaIJSyeE5lEkDQxjb2xkIVZ5nc5G04CgsKCcpZIDwV2NP
XuhP2265W2OTnIL8wNPu0D4eDU2p/uSTp7yLb09aH3oCREJBSJ1vShaR7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKklE/GoiFUt31aGwyYsp7B7DuR0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcVNVVDhhaUlWUzNmVm9iREppeW5zSHNPNUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbbD+AwQA
1YKcMA0GCSqGSIb3DQEBCwUAA4IBAQCNkipaJh5xFLlRLycL7N+tt4fFcNoPSayZ
kbMybO3ptQZP5aMOx7wRHAWPKxsr8ur4OKWn0FsqO9nkMAdTrIBTvPMwX0BlQwb1
DpFHIQpGM7mx0279KEFwKbbS7HbX4e1Gam3myYSV9MEcddB6TdRUHsDflL+GLtvg
Ly1FnO6v/9vdiGNJ3Q/aiu258gtsgl6mOkmQZpB70tn+qVkr7YV/CFneZGHvXfwy
KZ7MlJZs83RmwjSkpqLi825gRPfJ8fLzJ+jWrUwp57ZwzbKeYYdG74x9BSJF4uBs
5+Cmgtyvp2jEx3dgqWZBOW3/dzED2P1qbbKbfal7RlE9WnvUDUJg
-----END CERTIFICATE-----