Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cCbE9Lf2TQ_kQm353-Fa25l0aNI.roa
File:                     cCbE9Lf2TQ_kQm353-Fa25l0aNI.roa (raw, json)
Hash identifier:          El42PHgz6wIYdgR7Z36t7RNdmazMGcmjxkH0t8w9/9g=
Subject key identifier:   70:26:C4:F4:B7:F6:4D:0F:E4:42:6D:F9:DF:E1:5A:DB:99:74:68:D2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01985A889BCDAF0B8A6CD730C205A1485EED
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cCbE9Lf2TQ_kQm353-Fa25l0aNI.roa
Signing time:             Wed 30 Jul 2025 08:52:38 +0000
ROA not before:           Wed 30 Jul 2025 08:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216026
IP address blocks:        82.152.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 Aug 2025 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:88:9b:cd:af:0b:8a:6c:d7:30:c2:05:a1:48:5e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7026c4f4b7f64d0fe4426df9dfe15adb997468d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c3:3e:99:6a:ed:71:37:c5:77:04:c0:00:87:
                    64:2b:c6:33:2c:c5:f4:68:9f:ce:42:d5:d9:ea:e7:
                    65:1c:5c:2a:7a:c4:73:66:25:aa:c4:96:c4:2e:9f:
                    b7:c8:95:78:05:0c:11:fc:21:dc:6b:e0:06:9b:bd:
                    4c:68:bb:98:11:87:b8:e0:80:6b:40:6a:52:85:f3:
                    48:f3:ed:24:9f:11:f1:93:82:ff:ba:7f:1a:ad:72:
                    6b:35:7a:bc:9f:b2:48:64:74:e9:1c:ea:c9:85:39:
                    02:68:64:f6:3a:69:a2:df:19:3e:20:65:2b:57:e2:
                    a9:62:9f:7a:f2:2b:f0:67:b8:1c:42:62:03:c8:ca:
                    c3:7e:3c:d7:42:3c:6b:72:8a:f3:11:2d:3c:fd:83:
                    37:e1:33:18:13:0a:f2:a9:0a:d7:5d:b4:9f:ae:9c:
                    26:60:15:25:93:58:d8:4c:e7:b4:d6:34:89:0b:51:
                    30:b1:2e:7f:83:83:41:cf:46:6c:eb:0c:ad:b1:f0:
                    07:92:a2:7e:5f:f8:50:25:1e:ac:38:8c:e9:6b:37:
                    38:33:17:53:df:1f:22:c2:9b:c9:49:51:1b:d7:5b:
                    b2:90:4c:d0:37:73:81:20:b5:9f:03:1d:27:2e:25:
                    d2:ae:26:72:42:6c:db:fa:65:39:4b:70:c0:6d:05:
                    46:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:26:C4:F4:B7:F6:4D:0F:E4:42:6D:F9:DF:E1:5A:DB:99:74:68:D2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cCbE9Lf2TQ_kQm353-Fa25l0aNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a3:d6:b1:46:67:53:69:12:26:e3:62:4a:99:7d:aa:f3:b8:
         c4:92:e4:99:1a:52:f0:5f:ba:aa:c6:6a:f1:82:c5:dc:ff:fc:
         28:9e:b7:d3:e5:90:73:a9:09:74:f3:c7:1d:5b:c3:d8:6e:a0:
         78:3a:52:33:6e:41:f2:a7:bb:35:ce:3f:72:a8:8c:3d:07:a7:
         8e:a2:2e:3e:0b:b6:e0:33:af:8d:db:3c:d8:aa:a1:3f:7e:3d:
         52:28:b1:19:c2:32:27:67:9e:65:9c:7a:80:18:fe:9b:3b:a5:
         c4:a3:4b:24:63:d8:71:e4:3c:bc:33:6d:7b:2d:b7:5f:a2:fb:
         09:91:31:ae:55:15:8a:56:cc:18:b9:47:74:31:f2:f4:ac:ce:
         65:2e:f1:82:5a:6d:f4:b1:51:e3:fb:77:e6:5d:13:f7:a8:23:
         6f:f6:b1:e6:94:9b:7f:95:c2:70:c4:11:51:4b:10:c7:4e:36:
         89:c2:86:cb:fa:0a:97:b3:84:80:c7:7e:99:59:d4:39:6d:9b:
         58:29:4e:cb:2e:6e:73:b0:d0:fb:b7:47:1a:b9:26:7c:01:f0:
         f0:5b:ab:8a:13:6c:8c:06:72:00:d1:77:fd:77:61:f7:ad:77:
         44:fe:36:8e:3c:90:a0:b6:70:ab:d7:fa:2f:2e:73:e1:74:3d:
         ac:ac:3e:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhaiJvNrwuKbNcwwgWhSF7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzMwMDg1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI2YzRmNGI3ZjY0ZDBmZTQ0MjZkZjlkZmUxNWFkYjk5NzQ2OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncM+mWrtcTfFdwTAAIdkK8YzLMX0
aJ/OQtXZ6udlHFwqesRzZiWqxJbELp+3yJV4BQwR/CHca+AGm71MaLuYEYe44IBr
QGpShfNI8+0knxHxk4L/un8arXJrNXq8n7JIZHTpHOrJhTkCaGT2Ommi3xk+IGUr
V+KpYp968ivwZ7gcQmIDyMrDfjzXQjxrcorzES08/YM34TMYEwryqQrXXbSfrpwm
YBUlk1jYTOe01jSJC1EwsS5/g4NBz0Zs6wytsfAHkqJ+X/hQJR6sOIzpazc4MxdT
3x8iwpvJSVEb11uykEzQN3OBILWfAx0nLiXSriZyQmzb+mU5S3DAbQVGFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAmxPS39k0P5EJt+d/hWtuZdGjSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0NiRTlMZjJUUV9rUW0zNTMtRmEyNWwwYU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUphsMA0G
CSqGSIb3DQEBCwUAA4IBAQB1o9axRmdTaRIm42JKmX2q87jEkuSZGlLwX7qqxmrx
gsXc//wonrfT5ZBzqQl088cdW8PYbqB4OlIzbkHyp7s1zj9yqIw9B6eOoi4+C7bg
M6+N2zzYqqE/fj1SKLEZwjInZ55lnHqAGP6bO6XEo0skY9hx5Dy8M217LbdfovsJ
kTGuVRWKVswYuUd0MfL0rM5lLvGCWm30sVHj+3fmXRP3qCNv9rHmlJt/lcJwxBFR
SxDHTjaJwobL+gqXs4SAx36ZWdQ5bZtYKU7LLm5zsND7t0cauSZ8AfDwW6uKE2yM
BnIA0Xf9d2H3rXdE/jaOPJCgtnCr1/ovLnPhdD2srD4/
-----END CERTIFICATE-----