Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2Hi_D_j-t-zYCf42gBvsy2ey5I.roa
File:                     k2Hi_D_j-t-zYCf42gBvsy2ey5I.roa (raw, json)
Hash identifier:          Zx7GVdp3eIUQKDZ37AdRLJRnDCN0Yrcv9BJ3h9PwZ68=
Subject key identifier:   93:61:E2:FC:3F:E3:FA:DF:B3:60:27:F8:DA:00:6F:B3:2D:9E:CB:92
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019909F41EACE82874FCF96A1ECE3FC2004E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2Hi_D_j-t-zYCf42gBvsy2ey5I.roa
Signing time:             Tue 02 Sep 2025 10:23:37 +0000
ROA not before:           Tue 02 Sep 2025 10:23:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151964
IP address blocks:        82.153.47.0/24 maxlen: 24
                          82.153.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 15:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:f4:1e:ac:e8:28:74:fc:f9:6a:1e:ce:3f:c2:00:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  2 10:23:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9361e2fc3fe3fadfb36027f8da006fb32d9ecb92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:73:2a:8b:c4:d4:85:81:93:e4:39:69:1f:c1:
                    0a:a6:14:6b:00:73:04:92:96:56:38:f0:46:15:39:
                    92:c1:9d:40:02:82:69:97:f8:cc:82:b1:f5:23:92:
                    3f:c7:c4:6e:21:cb:3b:02:fd:51:99:cd:47:37:83:
                    db:59:8c:6c:2b:cf:1c:3e:82:77:5a:28:2c:a3:77:
                    d3:32:5b:9a:a9:b9:a8:79:7f:14:6a:d2:ef:8c:39:
                    0d:f0:6c:0e:83:3f:c0:7e:ab:9a:01:1f:23:75:5b:
                    00:4b:ef:b6:56:ce:d5:35:18:75:53:5c:3e:e1:9f:
                    6b:42:5c:16:c5:7e:d7:53:e5:a3:5d:97:de:cb:ef:
                    94:1b:9c:74:ce:34:f2:f4:f9:e5:ec:63:6a:a4:e9:
                    cf:91:eb:f8:16:3d:2c:67:62:4d:13:4e:59:29:15:
                    3e:15:de:35:62:de:c5:20:d9:4e:25:7d:32:3c:d4:
                    47:0a:75:75:8f:32:ca:08:c3:5c:f7:df:08:c9:bb:
                    f8:3d:de:69:66:aa:03:a7:41:d7:04:c7:88:df:52:
                    ad:91:c9:59:51:52:c7:06:6f:b9:da:44:43:98:d1:
                    f2:29:39:d5:ff:60:fc:40:46:4a:fa:fe:8d:dc:81:
                    a1:bc:f9:b3:fc:8a:b5:38:8d:73:3c:80:46:cf:16:
                    d9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:61:E2:FC:3F:E3:FA:DF:B3:60:27:F8:DA:00:6F:B3:2D:9E:CB:92
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2Hi_D_j-t-zYCf42gBvsy2ey5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.47.0-82.153.48.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:db:28:ad:62:22:f9:4d:6e:ce:41:63:6e:2c:43:98:1e:f7:
         17:c4:c3:d9:a1:aa:c2:b7:02:3b:b0:04:71:e5:45:61:92:ab:
         21:f6:77:0e:8c:9c:48:cd:da:a7:c0:64:d5:98:07:ab:53:d2:
         d0:13:38:bb:bb:4a:ee:57:0b:45:01:80:4a:4e:55:52:51:85:
         37:3b:8f:d8:16:19:8d:e5:d6:76:c0:ab:a7:62:87:ef:e4:62:
         46:4c:39:bd:9e:6f:63:f5:c1:7a:3a:5b:79:7d:b4:e2:c4:62:
         fa:78:87:df:a8:4e:9b:3d:51:86:33:ed:8e:26:b8:3d:1f:d9:
         cf:23:10:f4:05:8d:68:b9:24:a4:62:bc:99:18:d4:cd:4c:76:
         a5:f8:cb:77:c7:34:ca:da:ef:57:4e:7b:06:f6:df:c8:e1:d2:
         b5:a8:16:1a:63:82:f4:a8:05:85:b3:f6:25:a0:a8:38:46:c3:
         b7:72:16:bf:fa:f7:da:2c:4b:bf:c8:31:d5:1c:e3:cf:04:aa:
         b9:8a:24:81:65:da:b1:da:fb:50:dc:fb:b1:c0:9f:ff:27:cc:
         f6:9d:0d:19:6d:1d:2e:ab:b3:5f:68:a8:07:a0:57:94:b7:8d:
         78:38:fc:63:64:57:d4:f5:84:51:a7:64:f2:ba:bd:77:fa:a0:
         52:e9:28:14
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkJ9B6s6Ch0/PlqHs4/wgBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTAyMTAyMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzYxZTJmYzNmZTNmYWRmYjM2MDI3ZjhkYTAwNmZiMzJkOWVjYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXMqi8TUhYGT5DlpH8EKphRrAHME
kpZWOPBGFTmSwZ1AAoJpl/jMgrH1I5I/x8RuIcs7Av1Rmc1HN4PbWYxsK88cPoJ3
Wigso3fTMluaqbmoeX8UatLvjDkN8GwOgz/AfquaAR8jdVsAS++2Vs7VNRh1U1w+
4Z9rQlwWxX7XU+WjXZfey++UG5x0zjTy9Pnl7GNqpOnPkev4Fj0sZ2JNE05ZKRU+
Fd41Yt7FINlOJX0yPNRHCnV1jzLKCMNc998Iybv4Pd5pZqoDp0HXBMeI31KtkclZ
UVLHBm+52kRDmNHyKTnV/2D8QEZK+v6N3IGhvPmz/Iq1OI1zPIBGzxbZmQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJNh4vw/4/rfs2An+NoAb7MtnsuSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvazJIaV9EX2otdC16WUNmNDJnQnZzeTJleTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSmS8D
BABSmTAwDQYJKoZIhvcNAQELBQADggEBACzbKK1iIvlNbs5BY24sQ5ge9xfEw9mh
qsK3AjuwBHHlRWGSqyH2dw6MnEjN2qfAZNWYB6tT0tATOLu7Su5XC0UBgEpOVVJR
hTc7j9gWGY3l1nbAq6dih+/kYkZMOb2eb2P1wXo6W3l9tOLEYvp4h9+oTps9UYYz
7Y4muD0f2c8jEPQFjWi5JKRivJkY1M1MdqX4y3fHNMra71dOewb238jh0rWoFhpj
gvSoBYWz9iWgqDhGw7dyFr/699osS7/IMdUc488EqrmKJIFl2rHa+1Dc+7HAn/8n
zPadDRltHS6rs19oqAegV5S3jXg4/GNkV9T1hFGnZPK6vXf6oFLpKBQ=
-----END CERTIFICATE-----