Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m_qaS8uCZYoG2oXA0tnK-hqKb68.roa
File:                     m_qaS8uCZYoG2oXA0tnK-hqKb68.roa (raw, json)
Hash identifier:          tWz9FhUvMSQO7YvSO4GeZhJlySvSAlo8ip0vX7QFuJQ=
Subject key identifier:   9B:FA:9A:4B:CB:82:65:8A:06:DA:85:C0:D2:D9:CA:FA:1A:8A:6F:AF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197C7701F88A6CE2D6F4C8AE69F8FF70251
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m_qaS8uCZYoG2oXA0tnK-hqKb68.roa
Signing time:             Tue 01 Jul 2025 19:21:43 +0000
ROA not before:           Tue 01 Jul 2025 19:21:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:70:1f:88:a6:ce:2d:6f:4c:8a:e6:9f:8f:f7:02:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  1 19:21:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bfa9a4bcb82658a06da85c0d2d9cafa1a8a6faf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b0:5f:f4:be:68:1e:26:43:93:7a:91:ea:f7:
                    ee:8c:02:e5:78:6e:75:97:47:ce:93:f1:99:56:36:
                    df:79:53:d0:de:80:da:c9:ee:ac:7b:2e:ce:0e:0e:
                    08:32:bd:3b:85:43:3d:37:5d:70:e2:d3:97:eb:43:
                    11:b8:41:06:dc:ed:77:61:42:0a:59:e8:0c:30:d2:
                    b3:1d:54:ca:5a:bc:f0:f8:3d:8e:99:1d:47:1d:50:
                    19:ae:dc:96:ad:f9:1e:5a:d9:21:e1:9b:a4:99:bb:
                    32:75:d8:0a:6a:d6:d7:21:68:fd:1c:39:f2:57:8a:
                    f9:81:b1:fa:ff:e8:eb:9c:d2:a7:3f:4e:2f:9e:8d:
                    57:9f:5a:8d:18:12:ba:15:f4:ba:2a:b7:2c:94:4a:
                    5b:8e:35:ce:26:fb:31:01:a2:12:56:aa:bf:79:4c:
                    87:a5:53:45:0a:c2:cc:9e:7e:2a:7e:dd:5a:2a:2b:
                    4b:08:96:d7:02:29:0f:1c:71:a9:62:af:ae:43:37:
                    d1:89:cc:f6:30:95:15:4e:3a:f5:50:e8:e6:87:58:
                    4c:ee:58:54:f5:64:f4:20:97:8a:f3:e6:53:ac:98:
                    aa:02:67:c2:29:6f:99:f7:ed:65:c8:1e:0d:d8:fb:
                    11:96:cb:4c:af:5e:e5:e0:59:85:6a:82:53:ea:05:
                    82:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FA:9A:4B:CB:82:65:8A:06:DA:85:C0:D2:D9:CA:FA:1A:8A:6F:AF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m_qaS8uCZYoG2oXA0tnK-hqKb68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:0f:fc:dc:d9:71:5d:67:ed:8e:72:3a:b8:cf:a6:cd:c5:b1:
         3d:49:d2:8f:4d:1e:2f:28:e1:a7:55:24:7f:c6:28:0c:84:f1:
         40:d9:fd:cd:7c:8a:7a:65:21:29:88:e0:13:92:6b:7a:24:91:
         63:41:a6:a4:82:54:28:09:81:97:d6:59:cd:ef:6a:47:84:cd:
         85:94:6c:8a:a6:65:31:bd:d3:d7:cd:c1:0d:8a:2b:3b:d0:b9:
         3b:e0:d3:be:ba:d2:ac:3d:91:6e:9d:d9:00:16:b7:3f:44:cd:
         1b:f4:4b:d5:1b:ab:66:48:da:a9:0c:fa:85:93:48:3e:09:4f:
         66:fe:0e:33:04:23:b9:f6:d3:e3:4a:c8:d4:6e:f4:b2:79:72:
         3d:fa:b3:8f:97:c5:88:f9:bb:27:1f:98:de:a5:71:02:05:0c:
         a5:7e:52:7a:5b:a9:59:4f:d4:7e:c7:29:7b:63:df:43:72:74:
         e3:d6:49:1c:24:12:77:89:02:19:10:4a:21:fd:a8:9e:45:9a:
         15:f0:73:10:43:12:8e:02:f4:bf:46:b3:cf:5b:05:4d:d6:ae:
         1b:cf:26:27:d0:35:b7:61:71:d0:5f:7f:fa:4f:93:05:0a:bd:
         2c:94:56:a9:5f:4d:2f:f3:03:c8:aa:5c:83:2e:b9:a5:31:cf:
         67:2c:97:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfHcB+Ips4tb0yK5p+P9wJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzAxMTkyMTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZhOWE0YmNiODI2NThhMDZkYTg1YzBkMmQ5Y2FmYTFhOGE2ZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLBf9L5oHiZDk3qR6vfujALleG51
l0fOk/GZVjbfeVPQ3oDaye6sey7ODg4IMr07hUM9N11w4tOX60MRuEEG3O13YUIK
WegMMNKzHVTKWrzw+D2OmR1HHVAZrtyWrfkeWtkh4ZukmbsyddgKatbXIWj9HDny
V4r5gbH6/+jrnNKnP04vno1Xn1qNGBK6FfS6KrcslEpbjjXOJvsxAaISVqq/eUyH
pVNFCsLMnn4qft1aKitLCJbXAikPHHGpYq+uQzfRicz2MJUVTjr1UOjmh1hM7lhU
9WT0IJeK8+ZTrJiqAmfCKW+Z9+1lyB4N2PsRlstMr17l4FmFaoJT6gWC+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJv6mkvLgmWKBtqFwNLZyvoaim+vMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbV9xYVM4dUNaWW9HMm9YQTB0bkstaHFLYjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAJD/zc2XFdZ+2Ocjq4z6bNxbE9SdKPTR4vKOGnVSR/
xigMhPFA2f3NfIp6ZSEpiOATkmt6JJFjQaakglQoCYGX1lnN72pHhM2FlGyKpmUx
vdPXzcENiis70Lk74NO+utKsPZFundkAFrc/RM0b9EvVG6tmSNqpDPqFk0g+CU9m
/g4zBCO59tPjSsjUbvSyeXI9+rOPl8WI+bsnH5jepXECBQylflJ6W6lZT9R+xyl7
Y99DcnTj1kkcJBJ3iQIZEEoh/aieRZoV8HMQQxKOAvS/RrPPWwVN1q4bzyYn0DW3
YXHQX3/6T5MFCr0slFapX00v8wPIqlyDLrmlMc9nLJdu
-----END CERTIFICATE-----