Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ya2P0Jd5YoFHuqDGhvC6td0AB-A.roa
File:                     ya2P0Jd5YoFHuqDGhvC6td0AB-A.roa (raw, json)
Hash identifier:          DL0lJNgP+3aIXJU5kNKRuCpWbdpPhM6tHAOofSkX6YQ=
Subject key identifier:   C9:AD:8F:D0:97:79:62:81:47:BA:A0:C6:86:F0:BA:B5:DD:00:07:E0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197C7710795071DFBBA21D91DE3AD92CB09
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ya2P0Jd5YoFHuqDGhvC6td0AB-A.roa
Signing time:             Tue 01 Jul 2025 19:22:42 +0000
ROA not before:           Tue 01 Jul 2025 19:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        82.153.216.0/24 maxlen: 24
                          89.213.53.0/24 maxlen: 24
                          89.213.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:71:07:95:07:1d:fb:ba:21:d9:1d:e3:ad:92:cb:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  1 19:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9ad8fd09779628147baa0c686f0bab5dd0007e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e2:43:e7:e1:d2:ad:4d:ec:0c:01:58:2b:9f:
                    27:39:47:92:2e:a0:4b:2b:d9:64:b9:80:e7:98:95:
                    e3:1b:78:8e:e0:c8:f6:20:61:a5:28:70:c4:dd:74:
                    48:5d:d8:58:0c:25:9d:84:c3:c5:d6:a4:ff:24:0d:
                    ce:b0:7a:3c:e1:ad:ce:32:f2:f2:ed:04:c8:3a:75:
                    3a:c6:b5:b7:45:cb:19:3e:95:5c:e1:3d:e7:17:76:
                    a0:98:90:95:66:24:86:14:93:54:4f:b1:10:6e:9a:
                    bb:99:1c:a3:68:c6:42:81:58:87:5c:98:2e:93:d4:
                    e6:e4:93:ac:74:c6:51:17:de:8a:9b:22:09:6c:91:
                    b2:78:72:ac:03:b1:8d:a6:d2:cd:21:c7:6d:16:8a:
                    cc:b6:73:55:8c:a0:78:b9:46:7b:8c:b8:9e:a4:16:
                    c4:03:8c:f6:36:39:c0:dd:95:f4:f7:fe:35:be:eb:
                    9c:3b:2e:e5:a4:8b:4a:56:e1:82:6c:2a:3d:dc:7b:
                    9d:d9:fa:ff:f0:50:ca:46:c1:8b:3b:8b:30:5f:7a:
                    27:a7:b0:c2:3a:8f:2f:8e:7a:c2:ae:6f:f3:1b:93:
                    83:b5:4c:7f:28:39:1c:f1:78:48:ae:d8:b8:96:c5:
                    38:2a:d5:93:0e:26:79:40:33:88:67:b1:f8:f3:36:
                    c8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AD:8F:D0:97:79:62:81:47:BA:A0:C6:86:F0:BA:B5:DD:00:07:E0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ya2P0Jd5YoFHuqDGhvC6td0AB-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24
                  89.213.53.0/24
                  89.213.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:43:cf:64:d9:b9:c2:47:4c:51:9a:4c:c4:dd:aa:b3:82:62:
         29:ed:30:d2:72:32:37:2b:1d:1e:8a:ae:a6:b9:4e:f2:86:a1:
         97:dd:99:0b:8b:5d:a8:88:c9:83:81:2b:9a:a1:00:da:7e:4e:
         75:d5:9b:7b:ff:82:37:67:dd:4e:d1:a9:cf:8c:34:7a:50:6b:
         1c:d7:8c:8f:56:61:1d:13:3e:57:d4:8c:11:df:94:12:8e:07:
         16:8f:84:ed:7d:78:1a:38:40:4e:24:46:46:ba:10:2a:21:dc:
         a9:a9:ce:e1:53:f4:4b:00:fc:87:52:bb:5a:8d:0d:39:b0:21:
         66:25:a0:bd:b4:19:d8:cc:0b:b2:38:9a:48:8a:57:cc:45:df:
         cd:d8:1f:ac:05:f9:97:95:7d:f8:0a:0e:eb:a5:dd:77:67:ea:
         ca:fd:77:e5:d3:46:23:b0:e6:4a:b6:f5:03:4a:62:af:d4:b5:
         a1:9c:d6:26:a7:36:13:36:5e:d9:b9:7b:d1:36:e0:03:f5:02:
         89:1d:be:7b:43:94:3d:e9:75:09:77:eb:af:b3:b9:31:95:9b:
         c5:42:60:47:ea:1b:f4:b9:a3:4c:be:89:f7:ea:33:fe:5b:5e:
         c6:e7:13:e0:e3:2e:fc:24:8c:79:1f:d3:25:ca:1f:61:a5:6c:
         02:f4:de:40
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfHcQeVBx37uiHZHeOtkssJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzAxMTkyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFkOGZkMDk3Nzk2MjgxNDdiYWEwYzY4NmYwYmFiNWRkMDAwN2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuJD5+HSrU3sDAFYK58nOUeSLqBL
K9lkuYDnmJXjG3iO4Mj2IGGlKHDE3XRIXdhYDCWdhMPF1qT/JA3OsHo84a3OMvLy
7QTIOnU6xrW3RcsZPpVc4T3nF3agmJCVZiSGFJNUT7EQbpq7mRyjaMZCgViHXJgu
k9Tm5JOsdMZRF96KmyIJbJGyeHKsA7GNptLNIcdtForMtnNVjKB4uUZ7jLiepBbE
A4z2NjnA3ZX09/41vuucOy7lpItKVuGCbCo93Hud2fr/8FDKRsGLO4swX3onp7DC
Oo8vjnrCrm/zG5ODtUx/KDkc8XhIrti4lsU4KtWTDiZ5QDOIZ7H48zbIbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMmtj9CXeWKBR7qgxobwurXdAAfgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveWEyUDBKZDVZb0ZIdXFER2h2QzZ0ZDBBQi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpnYAwQA
WdU1AwQAWdXVMA0GCSqGSIb3DQEBCwUAA4IBAQANQ89k2bnCR0xRmkzE3aqzgmIp
7TDScjI3Kx0eiq6muU7yhqGX3ZkLi12oiMmDgSuaoQDafk511Zt7/4I3Z91O0anP
jDR6UGsc14yPVmEdEz5X1IwR35QSjgcWj4TtfXgaOEBOJEZGuhAqIdypqc7hU/RL
APyHUrtajQ05sCFmJaC9tBnYzAuyOJpIilfMRd/N2B+sBfmXlX34Cg7rpd13Z+rK
/Xfl00YjsOZKtvUDSmKv1LWhnNYmpzYTNl7ZuXvRNuAD9QKJHb57Q5Q96XUJd+uv
s7kxlZvFQmBH6hv0uaNMvon36jP+W17G5xPg4y78JIx5H9Mlyh9hpWwC9N5A
-----END CERTIFICATE-----