Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D5R1ZCser_bblLNIcKFKToP1W-k.roa
File:                     D5R1ZCser_bblLNIcKFKToP1W-k.roa (raw, json)
Hash identifier:          OlQPOHtB5gtoG20PiQ4UqMcDvrShipvqwSJURFivH0w=
Subject key identifier:   0F:94:75:64:2B:1E:AF:F6:DB:94:B3:48:70:A1:4A:4E:83:F5:5B:E9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199097EEDEB5FB2EBCB2ADA06196C7F0862
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D5R1ZCser_bblLNIcKFKToP1W-k.roa
Signing time:             Tue 02 Sep 2025 08:15:37 +0000
ROA not before:           Tue 02 Sep 2025 08:15:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401922
IP address blocks:        82.152.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 22:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:7e:ed:eb:5f:b2:eb:cb:2a:da:06:19:6c:7f:08:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  2 08:15:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f9475642b1eaff6db94b34870a14a4e83f55be9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b8:71:fa:ff:2e:95:5e:09:5d:ac:34:43:b1:
                    f8:52:85:41:23:63:38:1d:29:b2:e5:30:79:6f:5d:
                    e8:c6:6f:f6:11:3a:4d:29:5f:34:ea:d5:ab:c3:14:
                    e6:f5:80:c7:44:6c:ed:9c:ff:59:b4:c2:14:15:c9:
                    3d:ad:80:6f:01:41:7a:66:71:4f:05:13:6f:9c:f0:
                    c1:bf:bb:0d:b2:79:4b:ec:7e:06:89:33:e7:12:88:
                    e8:02:f0:e9:fd:c7:0c:01:fd:a6:12:24:cc:31:20:
                    63:6c:4f:6e:d1:f1:03:3f:75:2f:45:9e:ae:b9:03:
                    68:3b:9b:e2:78:78:6f:81:71:61:47:25:bc:fe:d7:
                    23:9c:b9:03:dc:6f:18:35:13:e2:04:ad:48:9b:ec:
                    27:e3:ec:b9:9a:40:0a:32:c8:f6:0d:e0:65:b5:8c:
                    b7:44:77:50:ec:29:1f:4f:a8:ac:ef:13:76:84:fa:
                    d5:53:4f:6e:58:a3:3f:46:64:3d:85:bc:56:c3:24:
                    ac:3b:1b:9c:0c:b9:54:a2:91:81:a5:de:03:e7:a4:
                    38:c2:c9:b0:ec:7f:1a:bd:78:91:7c:74:61:d9:f7:
                    5b:b5:e3:e7:af:1e:df:95:e9:12:85:85:c2:17:ad:
                    5c:c4:00:47:27:1d:8e:a4:77:d3:d3:ee:24:63:6c:
                    e2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:94:75:64:2B:1E:AF:F6:DB:94:B3:48:70:A1:4A:4E:83:F5:5B:E9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D5R1ZCser_bblLNIcKFKToP1W-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:95:dd:6b:16:d2:37:61:a5:a2:78:ab:23:d4:5f:c0:46:51:
         72:59:6f:64:7d:c2:e8:6e:ce:cb:92:9a:94:d9:1b:86:bb:06:
         77:4e:66:6e:7f:fc:37:ba:0c:c5:e9:03:b6:59:ab:75:a8:a2:
         3f:0a:ae:37:b7:08:3b:13:fe:c9:68:61:30:03:21:94:43:11:
         f1:9f:9a:8b:aa:62:21:96:97:a9:af:81:aa:c5:ea:c9:f1:9c:
         f8:3d:78:14:f8:13:68:fa:a3:ed:36:1a:16:6c:13:bd:7c:69:
         7e:ab:21:25:cb:fa:9f:8d:9c:7f:62:5a:7a:3f:36:93:89:cf:
         90:0f:e1:a1:75:dc:a1:02:c3:fa:fc:95:32:dc:ec:22:ae:ea:
         fc:9d:91:0d:07:8c:f3:bb:34:b9:55:7c:d9:da:3b:41:05:c5:
         f7:32:a0:32:de:bb:84:e5:82:f7:c7:fc:dd:47:5f:70:49:d8:
         7d:8a:fd:40:67:7a:90:7f:c2:cb:58:82:54:77:a6:e8:a0:fc:
         e9:29:0f:ab:fd:4f:c4:f5:ea:54:a0:1d:5c:7f:c6:9d:0d:67:
         95:45:79:76:f9:ba:1f:44:cb:99:5b:ff:92:80:48:b1:fc:4a:
         d7:fe:11:0b:37:ff:98:e8:19:4e:91:70:d3:7c:4e:98:cb:20:
         f4:43:38:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJfu3rX7LryyraBhlsfwhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTAyMDgxNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjk0NzU2NDJiMWVhZmY2ZGI5NGIzNDg3MGExNGE0ZTgzZjU1YmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47hx+v8ulV4JXaw0Q7H4UoVBI2M4
HSmy5TB5b13oxm/2ETpNKV806tWrwxTm9YDHRGztnP9ZtMIUFck9rYBvAUF6ZnFP
BRNvnPDBv7sNsnlL7H4GiTPnEojoAvDp/ccMAf2mEiTMMSBjbE9u0fEDP3UvRZ6u
uQNoO5vieHhvgXFhRyW8/tcjnLkD3G8YNRPiBK1Im+wn4+y5mkAKMsj2DeBltYy3
RHdQ7CkfT6is7xN2hPrVU09uWKM/RmQ9hbxWwySsOxucDLlUopGBpd4D56Q4wsmw
7H8avXiRfHRh2fdbtePnrx7flekShYXCF61cxABHJx2OpHfT0+4kY2ziBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+UdWQrHq/225SzSHChSk6D9VvpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRDVSMVpDc2VyX2JibExOSWNLRktUb1AxVy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg+MA0G
CSqGSIb3DQEBCwUAA4IBAQCBld1rFtI3YaWieKsj1F/ARlFyWW9kfcLobs7LkpqU
2RuGuwZ3TmZuf/w3ugzF6QO2Wat1qKI/Cq43twg7E/7JaGEwAyGUQxHxn5qLqmIh
lpepr4GqxerJ8Zz4PXgU+BNo+qPtNhoWbBO9fGl+qyEly/qfjZx/Ylp6PzaTic+Q
D+GhddyhAsP6/JUy3Owirur8nZENB4zzuzS5VXzZ2jtBBcX3MqAy3ruE5YL3x/zd
R19wSdh9iv1AZ3qQf8LLWIJUd6booPzpKQ+r/U/E9epUoB1cf8adDWeVRXl2+bof
RMuZW/+SgEix/ErX/hELN/+Y6BlOkXDTfE6YyyD0QzgY
-----END CERTIFICATE-----