Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qruBiDKxCeqghlxYZ563okNVJB8.roa
File:                     qruBiDKxCeqghlxYZ563okNVJB8.roa (raw, json)
Hash identifier:          5goWDZEVf2c/2/JQzIGKfDIdYdBmCSXIeQ5JJ8lSFAM=
Subject key identifier:   AA:BB:81:88:32:B1:09:EA:A0:86:5C:58:67:9E:B7:A2:43:55:24:1F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196AC71F14ABEFEF24A66092608917EB609
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qruBiDKxCeqghlxYZ563okNVJB8.roa
Signing time:             Wed 07 May 2025 20:31:10 +0000
ROA not before:           Wed 07 May 2025 20:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        82.152.49.0/24 maxlen: 24
                          213.218.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ac:71:f1:4a:be:fe:f2:4a:66:09:26:08:91:7e:b6:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 20:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aabb818832b109eaa0865c58679eb7a24355241f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a0:c8:60:be:3f:74:5e:3b:4e:60:7b:9d:63:
                    44:cb:95:6f:59:9c:6b:1c:eb:eb:98:56:c3:31:6d:
                    e0:f0:dd:0d:c7:6c:5f:d2:34:86:6e:ef:4c:03:c6:
                    1d:2f:7a:36:ae:a9:79:ef:f4:e3:bb:96:4b:56:53:
                    8c:88:b7:f4:8c:bd:e0:e2:67:fc:17:34:b7:dd:f2:
                    be:a0:07:7f:53:ee:a5:03:9c:d9:80:fb:a2:e3:2f:
                    30:f7:f0:f1:58:f9:a2:72:0a:94:15:f3:9f:20:d0:
                    f2:d7:62:25:78:04:74:90:9a:cd:13:06:a4:0f:89:
                    13:5a:0f:21:11:43:c8:21:b6:0d:a9:af:bf:d9:b1:
                    dc:b6:e4:29:ea:65:e6:dc:d7:25:26:65:61:c3:18:
                    57:7b:0e:34:86:f0:5c:10:eb:1b:e0:0d:a8:26:a8:
                    88:68:e2:5c:6b:d1:a5:f2:55:b7:36:d2:a9:1d:ff:
                    b5:ec:46:3d:1d:55:01:43:9a:f7:3a:2e:eb:3b:59:
                    82:8d:3d:e7:07:0a:99:fd:5d:06:5d:95:43:1d:e9:
                    22:6d:05:ad:0e:36:c3:c4:06:ef:ec:9f:ea:2f:b8:
                    09:e4:bf:84:84:37:70:3c:24:9b:69:27:7c:c8:16:
                    79:1a:46:09:40:3b:f6:5b:3c:63:48:d2:45:98:e1:
                    ba:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BB:81:88:32:B1:09:EA:A0:86:5C:58:67:9E:B7:A2:43:55:24:1F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qruBiDKxCeqghlxYZ563okNVJB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.49.0/24
                  213.218.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:84:d1:d4:85:07:82:b8:a7:8d:e4:74:5a:fc:ad:6e:fa:bf:
         68:eb:00:ba:19:b2:0b:7d:8c:d4:ae:99:a9:07:4d:7e:02:a0:
         97:de:00:e9:1c:78:71:44:cc:bb:e5:ac:ff:d3:fc:5f:82:83:
         12:2f:00:b4:35:0d:1c:a3:46:66:1f:4c:fb:39:ce:7d:fa:dd:
         f6:c8:77:d1:de:66:1a:bb:3f:dd:f9:ec:0a:32:4f:1d:bc:a2:
         9e:28:2f:74:6f:8a:70:87:23:99:c3:8e:3e:a0:7a:be:7d:70:
         a2:d1:e5:e5:c8:11:56:5e:7d:da:f6:7d:14:80:13:44:8e:43:
         b6:7b:1b:46:be:3c:b9:0c:8b:1b:16:9a:e2:7f:16:14:e8:04:
         e1:ae:ca:72:a8:f1:21:23:be:3d:f3:cf:79:91:73:0a:13:f0:
         78:31:43:a1:0b:d1:68:1d:5e:9c:90:a2:8e:80:9a:8a:29:3a:
         63:d5:cc:90:42:32:3d:e4:bd:68:6b:16:fb:74:92:93:fc:b0:
         c9:05:cf:8f:ef:b9:f7:7c:8f:ea:76:2d:3e:f1:32:5c:32:82:
         33:e4:a2:3e:e1:63:ee:ae:dd:15:92:3d:8f:46:f0:7b:32:b2:
         fe:eb:cb:53:7f:6d:aa:49:8e:21:01:98:b8:a0:f8:57:5e:3b:
         d3:81:f6:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZascfFKvv7ySmYJJgiRfrYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA3MjAzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJiODE4ODMyYjEwOWVhYTA4NjVjNTg2NzllYjdhMjQzNTUyNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaDIYL4/dF47TmB7nWNEy5VvWZxr
HOvrmFbDMW3g8N0Nx2xf0jSGbu9MA8YdL3o2rql57/Tju5ZLVlOMiLf0jL3g4mf8
FzS33fK+oAd/U+6lA5zZgPui4y8w9/DxWPmicgqUFfOfINDy12IleAR0kJrNEwak
D4kTWg8hEUPIIbYNqa+/2bHctuQp6mXm3NclJmVhwxhXew40hvBcEOsb4A2oJqiI
aOJca9Gl8lW3NtKpHf+17EY9HVUBQ5r3Oi7rO1mCjT3nBwqZ/V0GXZVDHekibQWt
DjbDxAbv7J/qL7gJ5L+EhDdwPCSbaSd8yBZ5GkYJQDv2WzxjSNJFmOG6cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKq7gYgysQnqoIZcWGeet6JDVSQfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcXJ1QmlES3hDZXFnaGx4WVo1NjNva05WSkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgxAwQA
1drtMA0GCSqGSIb3DQEBCwUAA4IBAQBmhNHUhQeCuKeN5HRa/K1u+r9o6wC6GbIL
fYzUrpmpB01+AqCX3gDpHHhxRMy75az/0/xfgoMSLwC0NQ0co0ZmH0z7Oc59+t32
yHfR3mYauz/d+ewKMk8dvKKeKC90b4pwhyOZw44+oHq+fXCi0eXlyBFWXn3a9n0U
gBNEjkO2extGvjy5DIsbFprifxYU6AThrspyqPEhI7498895kXMKE/B4MUOhC9Fo
HV6ckKKOgJqKKTpj1cyQQjI95L1oaxb7dJKT/LDJBc+P77n3fI/qdi0+8TJcMoIz
5KI+4WPurt0Vkj2PRvB7MrL+68tTf22qSY4hAZi4oPhXXjvTgfZt
-----END CERTIFICATE-----