Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/guizq-hgEpjGo2VYqeS0nQgd_uU.roa
File:                     guizq-hgEpjGo2VYqeS0nQgd_uU.roa (raw, json)
Hash identifier:          K8gVJZFqIMistVoifh3kRPgeKs9mSIr3Flc4aNcM6Mw=
Subject key identifier:   82:E8:B3:AB:E8:60:12:98:C6:A3:65:58:A9:E4:B4:9D:08:1D:FE:E5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01994C7984D712382172A4B4DE4DC1C97388
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/guizq-hgEpjGo2VYqeS0nQgd_uU.roa
Signing time:             Mon 15 Sep 2025 08:24:16 +0000
ROA not before:           Mon 15 Sep 2025 08:24:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12027
IP address blocks:        81.168.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 17:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:79:84:d7:12:38:21:72:a4:b4:de:4d:c1:c9:73:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 15 08:24:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82e8b3abe8601298c6a36558a9e4b49d081dfee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:85:8b:e9:94:bc:d1:e0:a1:7d:78:7b:ee:c2:
                    26:6b:b7:7e:e1:3b:f2:3f:5f:d9:c6:99:a8:e8:5b:
                    5e:39:63:bb:bd:cd:08:9c:90:42:04:5d:0a:65:95:
                    c1:e1:a2:57:8c:07:16:71:cb:97:88:ac:3b:c2:dc:
                    b4:92:4e:a6:6e:57:48:68:5e:24:0e:be:42:5e:b1:
                    4e:e4:4e:05:42:46:e7:7c:8d:c1:9f:c2:22:13:50:
                    05:ac:b7:7b:da:f0:fa:e8:26:a2:bb:70:8a:fa:f9:
                    86:ed:68:bb:b0:f0:c4:9f:0b:21:d1:4e:8a:a2:c8:
                    20:a1:57:e4:ff:26:53:64:83:f2:15:81:d9:22:2b:
                    50:96:d6:44:43:a9:d9:1e:97:74:96:1a:a3:02:e0:
                    a1:8b:f2:25:84:7b:ae:4f:4d:e7:d7:b9:e3:1b:fd:
                    08:62:c5:bb:1d:13:e1:84:3c:19:6b:99:86:3a:40:
                    73:49:74:e6:34:c6:3a:ba:7c:23:db:63:17:f4:dd:
                    f2:57:d6:55:20:55:86:70:b6:07:b4:8d:99:f3:59:
                    71:4a:8e:5e:08:ea:e9:9a:c3:8d:8f:0c:2b:c7:d0:
                    56:57:60:0f:d4:91:0c:f1:20:0b:1a:51:cd:dc:be:
                    aa:00:c1:ee:19:46:8e:1a:ee:8e:ff:bd:21:39:96:
                    c2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E8:B3:AB:E8:60:12:98:C6:A3:65:58:A9:E4:B4:9D:08:1D:FE:E5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/guizq-hgEpjGo2VYqeS0nQgd_uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:b7:d0:55:1e:64:d0:69:f0:9e:4e:3b:28:18:e9:58:dc:e1:
         4c:6c:55:0c:b2:da:1e:45:14:9c:dc:e6:9f:33:99:29:5e:8d:
         91:f6:aa:53:df:69:1b:c4:6c:65:cf:22:16:05:09:8b:99:ef:
         dc:a3:79:6d:97:82:0c:9f:9c:b4:2b:50:83:56:fd:37:4c:9f:
         34:a3:9a:4e:14:f1:c8:97:f8:22:63:b5:f3:e1:04:ec:b1:33:
         ce:30:f0:b9:b9:17:67:79:e0:81:7c:2d:9d:c7:bb:e8:9b:aa:
         bd:45:c1:01:08:d5:86:f9:5f:b1:82:51:23:ae:89:58:6e:3f:
         54:2f:56:aa:ef:f7:b0:a7:a8:40:b7:6f:e0:06:45:95:0d:2b:
         ff:ea:6e:ad:de:ed:2b:ed:ce:5e:fd:e1:d9:72:9f:81:0c:a8:
         fc:2b:a5:ec:02:30:c6:6d:cb:c3:ec:07:20:9b:cf:0b:c3:04:
         d1:c9:4c:f5:83:0c:d6:47:f8:ba:d8:35:df:c2:0c:33:d4:a0:
         3b:ae:fd:73:6c:d0:be:55:74:8d:65:60:76:2e:0e:e0:38:9c:
         a1:21:44:2e:84:b2:35:41:09:47:74:89:6c:aa:21:96:b3:11:
         24:46:68:51:29:11:df:2d:e7:d8:59:f7:87:5e:e0:8f:32:26:
         57:f5:2a:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlMeYTXEjghcqS03k3ByXOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTE1MDgyNDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU4YjNhYmU4NjAxMjk4YzZhMzY1NThhOWU0YjQ5ZDA4MWRmZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoWL6ZS80eChfXh77sIma7d+4Tvy
P1/Zxpmo6FteOWO7vc0InJBCBF0KZZXB4aJXjAcWccuXiKw7wty0kk6mbldIaF4k
Dr5CXrFO5E4FQkbnfI3Bn8IiE1AFrLd72vD66Caiu3CK+vmG7Wi7sPDEnwsh0U6K
osggoVfk/yZTZIPyFYHZIitQltZEQ6nZHpd0lhqjAuChi/IlhHuuT03n17njG/0I
YsW7HRPhhDwZa5mGOkBzSXTmNMY6unwj22MX9N3yV9ZVIFWGcLYHtI2Z81lxSo5e
COrpmsONjwwrx9BWV2AP1JEM8SALGlHN3L6qAMHuGUaOGu6O/70hOZbC6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILos6voYBKYxqNlWKnktJ0IHf7lMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ3VpenEtaGdFcGpHbzJWWXFlUzBuUWdkX3VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUahXMA0G
CSqGSIb3DQEBCwUAA4IBAQCXt9BVHmTQafCeTjsoGOlY3OFMbFUMstoeRRSc3Oaf
M5kpXo2R9qpT32kbxGxlzyIWBQmLme/co3ltl4IMn5y0K1CDVv03TJ80o5pOFPHI
l/giY7Xz4QTssTPOMPC5uRdneeCBfC2dx7vom6q9RcEBCNWG+V+xglEjrolYbj9U
L1aq7/ewp6hAt2/gBkWVDSv/6m6t3u0r7c5e/eHZcp+BDKj8K6XsAjDGbcvD7Acg
m88LwwTRyUz1gwzWR/i62DXfwgwz1KA7rv1zbNC+VXSNZWB2Lg7gOJyhIUQuhLI1
QQlHdIlsqiGWsxEkRmhRKRHfLefYWfeHXuCPMiZX9Srl
-----END CERTIFICATE-----