Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WqvIOAD8aRvoPlUH4gA-JoennAU.roa
File:                     WqvIOAD8aRvoPlUH4gA-JoennAU.roa (raw, json)
Hash identifier:          shyosNlpYdxt3+sEwjJcK3XRFPtqNCykdv3UQVeS72s=
Subject key identifier:   5A:AB:C8:38:00:FC:69:1B:E8:3E:55:07:E2:00:3E:26:87:A7:9C:05
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197C771F24B47B35FD2B3744945E2BBA0A0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WqvIOAD8aRvoPlUH4gA-JoennAU.roa
Signing time:             Tue 01 Jul 2025 19:23:42 +0000
ROA not before:           Tue 01 Jul 2025 19:23:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:71:f2:4b:47:b3:5f:d2:b3:74:49:45:e2:bb:a0:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  1 19:23:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5aabc83800fc691be83e5507e2003e2687a79c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6d:46:80:a9:a4:22:6f:26:21:5a:a8:ee:c4:
                    6a:8f:53:14:df:5e:fd:03:24:32:f0:7a:11:6b:25:
                    d7:1a:5b:bb:26:8f:3f:0a:45:b1:9b:9e:a2:7e:f5:
                    1a:cf:53:0b:cb:b3:83:8c:7a:8d:27:7b:16:4b:3d:
                    7d:24:9c:03:18:4c:9a:58:19:d7:05:f3:16:f9:d3:
                    69:7e:2d:15:da:4f:8b:dc:d6:46:3c:a1:f8:29:f4:
                    b2:c1:db:fa:de:bc:b1:e8:30:4a:d2:e2:42:d0:f4:
                    50:17:db:37:d2:e4:43:e6:7e:4f:76:10:49:2d:cc:
                    da:25:ec:66:f0:6e:46:c6:ce:c6:1c:5f:a8:3e:3a:
                    42:e5:8f:34:d1:c9:95:fb:95:aa:d3:09:cb:c7:99:
                    6e:40:bb:b6:e4:de:6c:be:d3:0a:e6:be:15:7f:37:
                    64:1d:d1:f1:c5:46:5c:2e:8b:5f:48:40:ea:d2:9a:
                    c1:c4:52:94:34:97:2f:be:7d:52:75:ae:bb:42:3a:
                    76:4a:0f:04:bd:92:1f:6b:b9:56:00:c1:47:7c:42:
                    7a:00:95:39:7d:6f:51:0c:93:7a:50:0e:32:25:d5:
                    1e:76:f6:84:a6:5c:32:0b:a0:1d:ac:bc:6b:78:58:
                    cb:03:a3:0f:4f:48:9e:88:c2:f2:67:42:bd:ac:94:
                    4c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:AB:C8:38:00:FC:69:1B:E8:3E:55:07:E2:00:3E:26:87:A7:9C:05
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WqvIOAD8aRvoPlUH4gA-JoennAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f2:72:b1:1e:af:5d:26:19:57:b2:3a:c5:92:37:f7:ce:84:
         b9:66:f3:24:8f:33:55:8a:ef:62:10:bd:1d:36:59:0f:fe:7f:
         81:dd:d0:89:14:08:24:8a:72:0b:dd:96:f7:2c:c0:86:5c:0b:
         35:31:99:ae:9b:c0:c1:59:97:05:27:38:6c:07:80:46:ac:1c:
         49:8f:ea:c0:76:aa:d4:26:7b:a7:16:61:36:d8:40:00:63:e5:
         77:05:37:72:bc:a7:5e:9c:f9:8d:cf:f0:1a:24:e4:f1:f1:1c:
         cf:3d:02:6b:c4:92:e3:8a:68:bf:25:0d:24:63:8d:d6:db:f4:
         23:f8:f3:b7:88:aa:24:5d:93:6c:18:a1:60:77:8b:dc:6f:ee:
         0e:a7:b9:60:70:d8:32:1b:c0:ba:ce:56:c7:b9:7b:86:29:3e:
         81:67:9f:79:60:24:4f:13:37:60:1f:dc:c5:b5:eb:ad:73:67:
         d7:b1:00:1d:ed:21:5f:bf:9c:5e:82:65:cc:9b:04:13:e4:c2:
         29:7b:d1:fc:a4:66:94:24:46:2a:fa:de:21:11:d1:4e:6e:65:
         c1:de:4f:7a:5c:1f:40:2d:3e:ff:61:45:05:cd:2d:22:34:49:
         56:9d:0c:7c:47:fe:20:a5:8a:75:f1:e9:00:c1:f3:ee:a7:51:
         b2:86:a1:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfHcfJLR7Nf0rN0SUXiu6CgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzAxMTkyMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWFiYzgzODAwZmM2OTFiZTgzZTU1MDdlMjAwM2UyNjg3YTc5YzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn21GgKmkIm8mIVqo7sRqj1MU3179
AyQy8HoRayXXGlu7Jo8/CkWxm56ifvUaz1MLy7ODjHqNJ3sWSz19JJwDGEyaWBnX
BfMW+dNpfi0V2k+L3NZGPKH4KfSywdv63ryx6DBK0uJC0PRQF9s30uRD5n5PdhBJ
LczaJexm8G5Gxs7GHF+oPjpC5Y800cmV+5Wq0wnLx5luQLu25N5svtMK5r4Vfzdk
HdHxxUZcLotfSEDq0prBxFKUNJcvvn1Sda67Qjp2Sg8EvZIfa7lWAMFHfEJ6AJU5
fW9RDJN6UA4yJdUedvaEplwyC6AdrLxreFjLA6MPT0ieiMLyZ0K9rJRMmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqryDgA/Gkb6D5VB+IAPiaHp5wFMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV3F2SU9BRDhhUnZvUGxVSDRnQS1Kb2VubkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAk8nKxHq9dJhlXsjrFkjf3zoS5ZvMkjzNViu9iEL0d
NlkP/n+B3dCJFAgkinIL3Zb3LMCGXAs1MZmum8DBWZcFJzhsB4BGrBxJj+rAdqrU
JnunFmE22EAAY+V3BTdyvKdenPmNz/AaJOTx8RzPPQJrxJLjimi/JQ0kY43W2/Qj
+PO3iKokXZNsGKFgd4vcb+4Op7lgcNgyG8C6zlbHuXuGKT6BZ595YCRPEzdgH9zF
teutc2fXsQAd7SFfv5xegmXMmwQT5MIpe9H8pGaUJEYq+t4hEdFObmXB3k96XB9A
LT7/YUUFzS0iNElWnQx8R/4gpYp18ekAwfPup1GyhqE2
-----END CERTIFICATE-----