Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9fNKZdBqz0RPRqS_nKn4rPKnwZ8.roa
File:                     9fNKZdBqz0RPRqS_nKn4rPKnwZ8.roa (raw, json)
Hash identifier:          iTOfVMChdYJyzzt6CJT4dNChKJufaG0QcocofJC3nrU=
Subject key identifier:   F5:F3:4A:65:D0:6A:CF:44:4F:46:A4:BF:9C:A9:F8:AC:F2:A7:C1:9F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199DC97C7EC05C464AFB7CFD4719A30F0DE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9fNKZdBqz0RPRqS_nKn4rPKnwZ8.roa
Signing time:             Mon 13 Oct 2025 08:02:38 +0000
ROA not before:           Mon 13 Oct 2025 08:02:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        80.240.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:97:c7:ec:05:c4:64:af:b7:cf:d4:71:9a:30:f0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 13 08:02:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5f34a65d06acf444f46a4bf9ca9f8acf2a7c19f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:5c:6a:c0:e4:bd:70:e9:f8:de:e6:4f:a9:26:
                    db:bf:3f:11:21:76:2c:a6:d1:71:0c:ba:5b:f2:e0:
                    2a:5b:fd:4e:b4:13:4b:c0:21:46:07:7e:9b:a3:ee:
                    b0:91:29:55:1d:fb:f3:45:0f:e4:3f:01:dc:3e:ca:
                    ca:72:7a:a9:ad:d1:39:86:10:d6:cd:05:f2:09:94:
                    df:47:e1:ef:53:91:c9:17:64:58:55:38:a8:38:8f:
                    09:6a:16:67:59:2a:b9:2d:79:9b:09:10:4b:2d:9b:
                    0a:53:d9:c8:5c:bf:23:23:e6:6f:9a:a0:b9:25:26:
                    10:a8:93:10:68:9b:e6:92:02:c7:10:2c:c0:fa:93:
                    d9:a1:00:5f:89:c0:83:b8:e3:5b:0b:f3:f9:86:23:
                    45:ac:5b:00:c0:2e:10:e9:ab:21:54:56:ee:06:26:
                    02:25:2a:10:8c:cc:d8:e9:1e:b1:c1:2c:44:62:7a:
                    30:ea:40:8a:37:36:b1:08:a8:2a:76:17:e4:dd:e6:
                    5b:28:39:9f:42:47:25:1a:83:41:8c:e4:76:7d:36:
                    27:47:cb:a6:73:68:b6:98:b7:60:94:cd:ad:40:8a:
                    c2:06:07:64:11:a3:63:bd:bd:c4:c8:73:0d:6c:16:
                    30:fc:3c:a0:dc:67:d1:bf:cd:e6:18:a2:50:8d:f0:
                    d3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F3:4A:65:D0:6A:CF:44:4F:46:A4:BF:9C:A9:F8:AC:F2:A7:C1:9F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9fNKZdBqz0RPRqS_nKn4rPKnwZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:6b:34:65:39:fc:5a:07:ae:07:2b:a0:da:c2:c8:cc:bf:fd:
         5c:09:0d:32:56:7b:69:1a:7e:98:e4:d3:c3:71:93:c0:bb:e8:
         76:01:ae:18:68:88:e9:ab:3e:14:12:6b:3c:0b:25:a0:45:c9:
         d8:11:09:e8:2e:1a:0a:ce:bc:64:a1:76:e8:50:dc:43:75:9f:
         54:3b:e3:c7:5b:e4:e0:2f:86:45:c2:60:22:ea:37:9f:d5:fa:
         48:84:84:bc:db:8f:72:0d:10:cd:54:14:8a:e2:b9:e5:ee:ce:
         03:e5:8f:7f:34:0c:7e:e4:89:a9:40:33:6a:44:b6:7e:55:8d:
         3c:85:c7:36:42:33:1a:f4:44:43:55:44:85:97:55:bc:24:2a:
         9e:d6:26:9a:5d:0c:62:f3:44:39:fe:88:47:4b:c7:7d:9c:d4:
         b5:53:8d:31:71:b7:50:57:cc:37:b7:1e:73:de:5f:a1:31:6d:
         26:7e:7a:d7:81:87:1d:d0:75:69:10:c2:44:c3:51:8e:dd:9c:
         cf:3a:ad:e6:63:ee:2a:e1:45:86:b4:30:35:a0:56:00:39:70:
         d9:2f:75:72:7e:9f:7e:70:29:58:1e:53:fd:eb:a2:55:af:92:
         3c:bb:43:2e:a6:9a:c1:c1:01:0a:1c:75:5e:86:83:cf:d0:e2:
         2d:17:76:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZncl8fsBcRkr7fP1HGaMPDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDEzMDgwMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWYzNGE2NWQwNmFjZjQ0NGY0NmE0YmY5Y2E5ZjhhY2YyYTdjMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8FxqwOS9cOn43uZPqSbbvz8RIXYs
ptFxDLpb8uAqW/1OtBNLwCFGB36bo+6wkSlVHfvzRQ/kPwHcPsrKcnqprdE5hhDW
zQXyCZTfR+HvU5HJF2RYVTioOI8JahZnWSq5LXmbCRBLLZsKU9nIXL8jI+ZvmqC5
JSYQqJMQaJvmkgLHECzA+pPZoQBficCDuONbC/P5hiNFrFsAwC4Q6ashVFbuBiYC
JSoQjMzY6R6xwSxEYnow6kCKNzaxCKgqdhfk3eZbKDmfQkclGoNBjOR2fTYnR8um
c2i2mLdglM2tQIrCBgdkEaNjvb3EyHMNbBYw/Dyg3GfRv83mGKJQjfDTlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXzSmXQas9ET0akv5yp+Kzyp8GfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOWZOS1pkQnF6MFJQUnFTX25LbjRyUEtud1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPBWMA0G
CSqGSIb3DQEBCwUAA4IBAQCXazRlOfxaB64HK6DawsjMv/1cCQ0yVntpGn6Y5NPD
cZPAu+h2Aa4YaIjpqz4UEms8CyWgRcnYEQnoLhoKzrxkoXboUNxDdZ9UO+PHW+Tg
L4ZFwmAi6jef1fpIhIS8249yDRDNVBSK4rnl7s4D5Y9/NAx+5ImpQDNqRLZ+VY08
hcc2QjMa9ERDVUSFl1W8JCqe1iaaXQxi80Q5/ohHS8d9nNS1U40xcbdQV8w3tx5z
3l+hMW0mfnrXgYcd0HVpEMJEw1GO3ZzPOq3mY+4q4UWGtDA1oFYAOXDZL3Vyfp9+
cClYHlP966JVr5I8u0MupprBwQEKHHVehoPP0OItF3YT
-----END CERTIFICATE-----