Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lMKB7JoaYktpkHvlK8CNKfPiRrY.roa
File:                     lMKB7JoaYktpkHvlK8CNKfPiRrY.roa (raw, json)
Hash identifier:          nTciYzU5cg8pJ51MytIVIs6ZDnwfGWi6RIRC+3HS4TM=
Subject key identifier:   94:C2:81:EC:9A:1A:62:4B:69:90:7B:E5:2B:C0:8D:29:F3:E2:46:B6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0198F6041623A05AC2072196EF802955F802
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lMKB7JoaYktpkHvlK8CNKfPiRrY.roa
Signing time:             Fri 29 Aug 2025 13:28:39 +0000
ROA not before:           Fri 29 Aug 2025 13:28:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        82.153.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f6:04:16:23:a0:5a:c2:07:21:96:ef:80:29:55:f8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 29 13:28:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94c281ec9a1a624b69907be52bc08d29f3e246b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:19:5c:0f:0d:ed:25:d4:e2:f4:aa:a4:bf:e8:
                    27:e3:f0:cc:d6:1a:df:7a:01:bf:f6:a3:a0:b3:75:
                    9b:54:de:06:0e:0d:3b:19:1d:8e:51:63:a4:e5:3d:
                    53:ae:c2:32:da:51:87:c2:10:54:97:ec:d4:73:62:
                    50:09:75:cd:e8:c2:ba:40:5d:37:8a:81:4f:b7:fa:
                    22:b5:38:1a:06:b6:96:d5:4f:49:44:01:6d:57:86:
                    ad:20:ef:29:32:97:41:56:2b:13:a2:15:e6:8d:de:
                    12:74:66:09:f0:d1:ff:05:82:c7:1e:41:16:74:91:
                    7e:7c:fc:13:6d:48:7f:22:b0:4e:4c:8e:1a:af:08:
                    b8:ba:a3:fe:13:da:6f:f3:a5:cf:56:b5:a6:45:af:
                    a3:f9:80:ea:df:85:06:5a:99:28:96:d3:99:80:10:
                    e8:be:12:41:a3:cb:d8:43:64:59:31:cc:7a:f5:18:
                    21:aa:b7:85:cc:9b:fb:c1:2f:c4:68:cc:fe:7e:20:
                    f3:67:24:fc:c6:d5:87:12:1b:85:a7:d7:78:e6:5b:
                    d7:05:f7:f7:02:24:fb:7a:f3:ee:d9:c8:0e:1e:7c:
                    59:44:4c:da:9a:e5:ad:e3:4b:ee:49:9d:d5:67:33:
                    df:fd:9e:61:2e:72:78:ce:60:33:74:b9:74:c8:9d:
                    48:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C2:81:EC:9A:1A:62:4B:69:90:7B:E5:2B:C0:8D:29:F3:E2:46:B6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lMKB7JoaYktpkHvlK8CNKfPiRrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a0:88:59:52:07:65:01:08:52:36:2b:97:39:39:be:75:67:
         b9:5c:1a:b9:b6:15:d8:c9:dc:06:84:f4:61:13:ab:29:38:22:
         41:96:16:e0:ef:ec:5d:46:09:ab:2f:36:27:94:4d:d8:3e:45:
         8a:ad:75:e6:c0:7a:6c:f2:77:4f:83:4c:37:b3:ef:86:61:34:
         12:fc:44:e7:82:86:01:74:59:6d:8f:57:7f:51:cc:d2:47:08:
         e5:8d:a2:35:ba:b7:fb:13:d3:76:43:4e:73:f2:d5:57:36:c5:
         07:ae:64:25:fb:e7:fa:6f:f1:9f:a3:db:16:78:36:66:c6:55:
         5a:2e:f9:3a:42:3a:05:ac:de:91:7b:4c:74:61:e1:0f:4c:07:
         04:9f:a0:fb:42:22:52:26:0c:5e:20:13:29:f0:19:4e:d0:00:
         a6:af:42:a0:d9:f3:a7:cc:3f:07:d7:b3:e7:e7:70:77:49:6f:
         d5:f8:3f:36:2f:cc:c9:51:91:ce:32:12:e2:1d:fe:cb:42:4e:
         96:a7:97:a1:c0:33:5f:2e:00:7b:28:e4:ec:52:95:52:ec:d2:
         0d:f0:e1:cf:31:90:34:6b:37:f3:e6:60:0b:3a:ca:ba:dc:87:
         7b:e2:ed:ec:8a:68:d2:dc:ed:2e:1d:78:80:15:c6:40:9d:0c:
         e3:76:fc:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj2BBYjoFrCByGW74ApVfgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODI5MTMyODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGMyODFlYzlhMWE2MjRiNjk5MDdiZTUyYmMwOGQyOWYzZTI0NmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBlcDw3tJdTi9Kqkv+gn4/DM1hrf
egG/9qOgs3WbVN4GDg07GR2OUWOk5T1TrsIy2lGHwhBUl+zUc2JQCXXN6MK6QF03
ioFPt/oitTgaBraW1U9JRAFtV4atIO8pMpdBVisTohXmjd4SdGYJ8NH/BYLHHkEW
dJF+fPwTbUh/IrBOTI4arwi4uqP+E9pv86XPVrWmRa+j+YDq34UGWpkoltOZgBDo
vhJBo8vYQ2RZMcx69RghqreFzJv7wS/EaMz+fiDzZyT8xtWHEhuFp9d45lvXBff3
AiT7evPu2cgOHnxZREzamuWt40vuSZ3VZzPf/Z5hLnJ4zmAzdLl0yJ1ILwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTCgeyaGmJLaZB75SvAjSnz4ka2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbE1LQjdKb2FZa3Rwa0h2bEs4Q05LZlBpUnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkqMA0G
CSqGSIb3DQEBCwUAA4IBAQApoIhZUgdlAQhSNiuXOTm+dWe5XBq5thXYydwGhPRh
E6spOCJBlhbg7+xdRgmrLzYnlE3YPkWKrXXmwHps8ndPg0w3s++GYTQS/ETngoYB
dFltj1d/UczSRwjljaI1urf7E9N2Q05z8tVXNsUHrmQl++f6b/Gfo9sWeDZmxlVa
Lvk6QjoFrN6Re0x0YeEPTAcEn6D7QiJSJgxeIBMp8BlO0ACmr0Kg2fOnzD8H17Pn
53B3SW/V+D82L8zJUZHOMhLiHf7LQk6Wp5ehwDNfLgB7KOTsUpVS7NIN8OHPMZA0
azfz5mALOsq63Id74u3simjS3O0uHXiAFcZAnQzjdvyM
-----END CERTIFICATE-----