Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6HgQPmkCp6X3rcG73-_xuDuryY8.roa
File:                     6HgQPmkCp6X3rcG73-_xuDuryY8.roa (raw, json)
Hash identifier:          3yEKUF+JErNmcYNLGykbRdKqsHgXZQWkg9yCGGsJJZE=
Subject key identifier:   E8:78:10:3E:69:02:A7:A5:F7:AD:C1:BB:DF:EF:F1:B8:3B:AB:C9:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199C9228B5AF6F2CD68960A200DA90E9590
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6HgQPmkCp6X3rcG73-_xuDuryY8.roa
Signing time:             Thu 09 Oct 2025 13:21:48 +0000
ROA not before:           Thu 09 Oct 2025 13:21:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401443
IP address blocks:        89.213.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c9:22:8b:5a:f6:f2:cd:68:96:0a:20:0d:a9:0e:95:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  9 13:21:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e878103e6902a7a5f7adc1bbdfeff1b83babc98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:98:73:61:80:b5:00:f6:38:68:09:c7:50:01:
                    7f:17:e6:0e:7e:cd:56:48:b5:f9:a8:05:8a:67:0a:
                    6d:c8:57:25:aa:82:f6:df:36:7a:ab:48:a9:58:97:
                    57:83:70:28:0b:11:5f:4f:42:df:ef:6f:e1:dc:6e:
                    28:ec:bc:bd:ad:d1:55:5a:d0:d7:37:e1:71:ba:e0:
                    e2:a1:8e:0c:a5:c2:58:9b:bb:fc:ba:dd:43:4b:a0:
                    d6:b8:bc:66:99:62:3f:f8:8c:8b:8f:11:60:da:56:
                    66:ee:cf:73:d3:6e:72:4d:3e:a8:d1:7c:ee:2a:8d:
                    48:46:2a:48:af:8b:79:ab:92:76:31:de:3f:0e:bf:
                    f4:2a:84:f3:a2:6e:6e:73:2b:02:7c:ce:3b:30:e5:
                    f7:02:ee:2b:f9:0e:36:3a:30:26:fa:9e:88:95:97:
                    49:c0:95:4f:33:4f:1e:ff:3a:6c:81:a2:8f:7e:40:
                    c7:c5:eb:6c:26:1d:3c:45:12:f0:d3:d4:76:f4:d1:
                    f8:8f:4e:c0:64:ac:56:f4:0d:2f:06:70:cf:6e:25:
                    50:e1:ae:b3:1b:59:1c:98:31:3d:90:99:90:97:5d:
                    96:d1:94:21:19:8d:02:67:cf:14:1f:78:7a:58:0c:
                    c1:f1:11:5f:d1:34:f7:3f:2f:d2:4f:bb:93:1d:40:
                    1c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:78:10:3E:69:02:A7:A5:F7:AD:C1:BB:DF:EF:F1:B8:3B:AB:C9:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6HgQPmkCp6X3rcG73-_xuDuryY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:78:2d:89:fd:31:e5:b6:f6:60:21:60:c3:ff:45:df:7c:75:
         8e:b4:cd:df:26:91:d2:c8:0e:d6:4a:74:01:f3:5d:99:4c:ca:
         89:45:f5:53:91:a4:09:22:e1:74:9a:2c:ed:5e:cf:61:74:0a:
         87:a1:24:03:ee:ad:79:80:18:1d:d1:99:85:95:11:99:ab:8b:
         57:26:5a:d2:94:7f:20:8f:75:60:a2:fb:25:c7:e4:b3:77:e3:
         59:2b:a0:24:ec:d4:09:79:80:7e:bc:a1:b1:4a:12:60:16:fa:
         33:3a:51:33:1c:ac:ee:1e:9e:a5:f9:1f:e8:b0:2c:4b:5e:73:
         0f:e4:7a:b1:0f:85:66:63:9a:77:07:8c:9e:2a:90:8e:c7:84:
         95:e6:82:e0:cd:62:91:a5:3c:15:9d:b9:1b:50:39:46:14:74:
         cd:b0:f9:7f:1d:a7:b5:fd:ab:db:51:fc:31:3c:ec:a8:f0:27:
         1c:38:20:ea:30:0f:ff:47:c2:3a:9e:7c:02:3e:d3:2d:e3:74:
         fe:85:0e:91:45:a1:35:a1:e5:cd:2b:78:8f:62:69:14:af:ff:
         15:00:21:3d:fb:9b:2e:2b:b3:a2:7b:fd:4a:84:a5:70:94:38:
         fd:4a:1e:bc:5d:bf:81:48:ca:82:63:3e:b2:5d:a0:8b:31:71:
         a8:09:fa:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnJIota9vLNaJYKIA2pDpWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDA5MTMyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODc4MTAzZTY5MDJhN2E1ZjdhZGMxYmJkZmVmZjFiODNiYWJjOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJhzYYC1APY4aAnHUAF/F+YOfs1W
SLX5qAWKZwptyFclqoL23zZ6q0ipWJdXg3AoCxFfT0Lf72/h3G4o7Ly9rdFVWtDX
N+FxuuDioY4MpcJYm7v8ut1DS6DWuLxmmWI/+IyLjxFg2lZm7s9z025yTT6o0Xzu
Ko1IRipIr4t5q5J2Md4/Dr/0KoTzom5ucysCfM47MOX3Au4r+Q42OjAm+p6IlZdJ
wJVPM08e/zpsgaKPfkDHxetsJh08RRLw09R29NH4j07AZKxW9A0vBnDPbiVQ4a6z
G1kcmDE9kJmQl12W0ZQhGY0CZ88UH3h6WAzB8RFf0TT3Py/ST7uTHUAcpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOh4ED5pAqel963Bu9/v8bg7q8mPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNkhnUVBta0NwNlgzcmNHNzMtX3h1RHVyeVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWcMA0G
CSqGSIb3DQEBCwUAA4IBAQAVeC2J/THltvZgIWDD/0XffHWOtM3fJpHSyA7WSnQB
812ZTMqJRfVTkaQJIuF0miztXs9hdAqHoSQD7q15gBgd0ZmFlRGZq4tXJlrSlH8g
j3Vgovslx+Szd+NZK6Ak7NQJeYB+vKGxShJgFvozOlEzHKzuHp6l+R/osCxLXnMP
5HqxD4VmY5p3B4yeKpCOx4SV5oLgzWKRpTwVnbkbUDlGFHTNsPl/Hae1/avbUfwx
POyo8CccOCDqMA//R8I6nnwCPtMt43T+hQ6RRaE1oeXNK3iPYmkUr/8VACE9+5su
K7Oie/1KhKVwlDj9Sh68Xb+BSMqCYz6yXaCLMXGoCfoV
-----END CERTIFICATE-----