Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0U7tDUlIUg7kLuFkkPYcreURbOI.roa
File:                     0U7tDUlIUg7kLuFkkPYcreURbOI.roa (raw, json)
Hash identifier:          +RiOQNSResT/2yq568twvFXTesYJXjiWXJaHrJ9IWkc=
Subject key identifier:   D1:4E:ED:0D:49:48:52:0E:E4:2E:E1:64:90:F6:1C:AD:E5:11:6C:E2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A49A1D9A34CE74E58753517F6433A6355
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0U7tDUlIUg7kLuFkkPYcreURbOI.roa
Signing time:             Mon 03 Nov 2025 12:12:15 +0000
ROA not before:           Mon 03 Nov 2025 12:12:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7979
IP address blocks:        89.213.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:a1:d9:a3:4c:e7:4e:58:75:35:17:f6:43:3a:63:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  3 12:12:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d14eed0d4948520ee42ee16490f61cade5116ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:47:20:62:b5:51:66:ba:1b:e9:d7:4c:73:ff:
                    63:97:f1:0a:ff:63:c1:2d:a9:ab:15:39:e1:8a:34:
                    9d:0a:aa:57:5f:c6:d1:ee:f9:4e:44:c2:22:12:27:
                    02:9a:6f:51:2d:b9:60:cb:8e:21:c6:08:c7:b1:e2:
                    ef:d3:76:96:df:41:e4:2b:30:ba:b7:ba:9d:11:8f:
                    2f:44:90:f8:12:45:84:f4:72:5a:d6:21:fc:a7:0c:
                    1f:7c:c5:c2:f6:df:6e:fe:28:06:80:f5:a8:12:d5:
                    03:51:83:fe:32:95:9d:b5:46:bd:1c:ef:7b:8f:ca:
                    7c:70:4a:42:e4:3e:c1:13:66:87:2f:bd:80:07:07:
                    cc:9f:2c:ed:b1:93:1b:6f:1b:a7:20:f5:54:d1:3e:
                    9c:a5:22:e9:d6:00:18:1f:e2:27:19:84:e0:b5:1a:
                    45:53:fb:9f:75:ba:f0:48:af:2a:28:e8:30:70:f6:
                    f2:cb:33:8e:11:d0:f1:f1:2c:8d:0c:c1:6b:6d:f0:
                    cf:eb:7a:4d:b5:97:49:ad:8c:7f:30:75:f8:69:71:
                    eb:e7:71:32:b9:94:66:02:3c:a9:04:42:36:0c:54:
                    22:4a:03:3a:f8:48:01:69:37:2d:32:75:42:e4:61:
                    84:bf:50:fc:74:2d:e9:d9:05:3a:3e:48:8e:b5:0f:
                    d4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4E:ED:0D:49:48:52:0E:E4:2E:E1:64:90:F6:1C:AD:E5:11:6C:E2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0U7tDUlIUg7kLuFkkPYcreURbOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:25:59:76:f4:de:18:28:0d:1e:8c:c2:b0:ba:fd:80:59:25:
         33:09:48:e7:54:85:59:6f:8a:10:46:e2:81:18:83:3d:0a:69:
         0e:6c:12:73:bc:cc:d9:38:27:6e:a9:62:f9:b8:12:56:ea:e8:
         0b:a2:2a:d0:88:29:c4:03:b6:94:bd:57:b9:1c:8d:cc:52:60:
         d1:09:e1:3c:33:2b:60:28:65:10:d3:0d:cd:bb:5b:66:2d:8c:
         b3:65:4c:f8:9d:2b:75:7a:d5:5a:f9:17:d6:92:bb:de:a1:ed:
         cf:9e:2f:a3:9b:9f:36:01:77:2d:fc:1a:2a:53:57:8f:86:b5:
         5f:06:0d:2e:68:7f:c9:93:16:8a:df:dc:9d:d1:91:86:08:d2:
         f2:ed:08:8b:46:d1:d9:a2:a2:5b:44:20:da:8e:10:da:88:1b:
         b4:8c:72:19:30:f8:16:e7:9f:22:03:61:31:31:d9:57:32:ba:
         64:4a:8e:0d:cc:53:0f:70:c4:6b:a8:bc:8c:45:a6:13:66:a1:
         d5:18:1d:eb:ae:9b:4f:4f:e2:65:bc:52:17:ae:3a:51:82:cb:
         7f:5a:44:07:db:55:43:5d:35:61:6b:4f:00:f9:14:81:7e:4a:
         10:84:ba:76:9c:8b:0f:b6:61:2d:8c:82:03:8f:d8:48:d7:11:
         63:80:56:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpJodmjTOdOWHU1F/ZDOmNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMTIxMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRlZWQwZDQ5NDg1MjBlZTQyZWUxNjQ5MGY2MWNhZGU1MTE2Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUcgYrVRZrob6ddMc/9jl/EK/2PB
LamrFTnhijSdCqpXX8bR7vlORMIiEicCmm9RLblgy44hxgjHseLv03aW30HkKzC6
t7qdEY8vRJD4EkWE9HJa1iH8pwwffMXC9t9u/igGgPWoEtUDUYP+MpWdtUa9HO97
j8p8cEpC5D7BE2aHL72ABwfMnyztsZMbbxunIPVU0T6cpSLp1gAYH+InGYTgtRpF
U/ufdbrwSK8qKOgwcPbyyzOOEdDx8SyNDMFrbfDP63pNtZdJrYx/MHX4aXHr53Ey
uZRmAjypBEI2DFQiSgM6+EgBaTctMnVC5GGEv1D8dC3p2QU6PkiOtQ/U5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFO7Q1JSFIO5C7hZJD2HK3lEWziMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMFU3dERVbElVZzdrTHVGa2tQWWNyZVVSYk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWKMA0G
CSqGSIb3DQEBCwUAA4IBAQAlJVl29N4YKA0ejMKwuv2AWSUzCUjnVIVZb4oQRuKB
GIM9CmkObBJzvMzZOCduqWL5uBJW6ugLoirQiCnEA7aUvVe5HI3MUmDRCeE8Mytg
KGUQ0w3Nu1tmLYyzZUz4nSt1etVa+RfWkrveoe3Pni+jm582AXct/BoqU1ePhrVf
Bg0uaH/JkxaK39yd0ZGGCNLy7QiLRtHZoqJbRCDajhDaiBu0jHIZMPgW558iA2Ex
MdlXMrpkSo4NzFMPcMRrqLyMRaYTZqHVGB3rrptPT+JlvFIXrjpRgst/WkQH21VD
XTVha08A+RSBfkoQhLp2nIsPtmEtjIIDj9hI1xFjgFYu
-----END CERTIFICATE-----