Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/32c03iUZMokS0KwXW4Bo3RRkNYM.roa
File:                     32c03iUZMokS0KwXW4Bo3RRkNYM.roa (raw, json)
Hash identifier:          ERH2mXOIb8AUTalRtWhrsLSGzui5A4jJFVLoVLkkD1I=
Subject key identifier:   DF:67:34:DE:25:19:32:89:12:D0:AC:17:5B:80:68:DD:14:64:35:83
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A3989F70AAEED962BBE830832B98A37AC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/32c03iUZMokS0KwXW4Bo3RRkNYM.roa
Signing time:             Fri 31 Oct 2025 09:12:14 +0000
ROA not before:           Fri 31 Oct 2025 09:12:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        80.240.86.0/24 maxlen: 24
                          82.152.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:89:f7:0a:ae:ed:96:2b:be:83:08:32:b9:8a:37:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 31 09:12:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df6734de2519328912d0ac175b8068dd14643583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:85:3f:d0:a6:63:1e:b5:64:f2:21:6f:63:d3:
                    f0:49:c1:d3:5c:12:a7:e7:7a:a2:2b:51:08:14:be:
                    25:bf:42:82:71:e9:e6:fb:f3:d8:bf:7a:af:1c:34:
                    5c:eb:cd:bc:2e:c5:d1:46:cb:94:1b:55:be:5a:cd:
                    05:04:00:7f:9d:a3:4f:7a:56:bb:57:ab:24:1e:38:
                    7c:16:f6:c4:84:22:81:c8:ee:1c:02:19:6d:5c:2f:
                    41:e0:db:7f:9b:0e:47:6a:06:2e:5d:b6:26:23:f9:
                    f5:bc:dd:6b:37:46:75:28:a1:54:09:96:f5:4e:a5:
                    ca:e1:0f:c8:6e:f5:3b:2c:3e:2e:35:f4:60:ea:55:
                    19:69:69:d2:57:e0:d8:bc:09:d1:82:19:a7:e3:0f:
                    c4:31:dd:93:e2:df:c2:09:f6:3a:14:cf:8a:ff:58:
                    9a:d9:58:91:64:cc:b3:fe:07:5d:c0:4d:cf:de:2e:
                    26:5a:46:02:94:7a:19:ff:6a:46:c5:16:7f:a3:aa:
                    aa:a0:78:f3:f7:d2:97:50:c8:75:8f:6d:cc:e3:d4:
                    bb:73:bd:fb:f2:e5:bf:6c:5e:26:51:f3:19:58:91:
                    cb:15:39:2c:21:06:43:76:b9:eb:c9:ef:2f:b9:f8:
                    9c:b9:51:32:60:f1:cf:8c:89:b1:dd:66:8f:f1:6c:
                    bf:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:67:34:DE:25:19:32:89:12:D0:AC:17:5B:80:68:DD:14:64:35:83
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/32c03iUZMokS0KwXW4Bo3RRkNYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.86.0/24
                  82.152.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:26:6f:50:2e:f8:6d:de:c5:60:e6:36:1d:92:28:91:dd:4f:
         ab:da:73:92:8b:6d:60:16:65:5c:64:40:53:c8:87:09:d2:fc:
         46:0e:32:f3:d4:52:88:82:85:ae:b3:e9:75:f2:b5:42:aa:fd:
         1f:92:33:1c:6c:f2:64:e4:e9:73:c0:0e:c6:60:0b:aa:06:d8:
         17:17:34:6b:18:e7:df:fa:44:34:b5:a5:0e:3b:95:d8:ac:aa:
         9b:74:ce:59:1e:bf:7e:a7:e1:55:3e:f8:93:00:16:2d:3c:f5:
         7f:80:c1:ae:d5:74:ed:c1:31:e6:bc:5f:b9:4a:b6:ae:73:3f:
         08:33:c1:c3:23:6c:c9:87:38:8c:1e:59:85:fd:2d:6d:a5:bd:
         51:15:6e:c3:2a:d4:a5:f9:82:10:ad:1d:40:88:c3:6f:42:c5:
         99:87:6b:4a:e3:c0:a5:ef:2c:6d:33:4c:d6:42:fb:f8:f2:1c:
         3c:74:b8:24:52:00:1e:43:22:05:da:d0:43:d7:ab:c4:46:51:
         0d:e4:3d:96:32:a0:1a:82:5c:66:ad:8c:7a:44:a4:1b:4f:b3:
         e1:a0:4b:15:b2:14:b3:4a:bf:32:31:0b:fb:c0:ee:0c:17:2f:
         15:ac:d9:d1:a7:e4:8a:3c:f3:9d:fc:76:eb:42:88:43:a2:06:
         b0:5f:6a:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZo5ifcKru2WK76DCDK5ijesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDMxMDkxMjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjY3MzRkZTI1MTkzMjg5MTJkMGFjMTc1YjgwNjhkZDE0NjQzNTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YU/0KZjHrVk8iFvY9PwScHTXBKn
53qiK1EIFL4lv0KCcenm+/PYv3qvHDRc6828LsXRRsuUG1W+Ws0FBAB/naNPela7
V6skHjh8FvbEhCKByO4cAhltXC9B4Nt/mw5HagYuXbYmI/n1vN1rN0Z1KKFUCZb1
TqXK4Q/IbvU7LD4uNfRg6lUZaWnSV+DYvAnRghmn4w/EMd2T4t/CCfY6FM+K/1ia
2ViRZMyz/gddwE3P3i4mWkYClHoZ/2pGxRZ/o6qqoHjz99KXUMh1j23M49S7c737
8uW/bF4mUfMZWJHLFTksIQZDdrnrye8vuficuVEyYPHPjImx3WaP8Wy/bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN9nNN4lGTKJEtCsF1uAaN0UZDWDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzJjMDNpVVpNb2tTMEt3WFc0Qm8zUlJrTllNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPBWAwQA
Uph6MA0GCSqGSIb3DQEBCwUAA4IBAQAEJm9QLvht3sVg5jYdkiiR3U+r2nOSi21g
FmVcZEBTyIcJ0vxGDjLz1FKIgoWus+l18rVCqv0fkjMcbPJk5OlzwA7GYAuqBtgX
FzRrGOff+kQ0taUOO5XYrKqbdM5ZHr9+p+FVPviTABYtPPV/gMGu1XTtwTHmvF+5
Sraucz8IM8HDI2zJhziMHlmF/S1tpb1RFW7DKtSl+YIQrR1AiMNvQsWZh2tK48Cl
7yxtM0zWQvv48hw8dLgkUgAeQyIF2tBD16vERlEN5D2WMqAaglxmrYx6RKQbT7Ph
oEsVshSzSr8yMQv7wO4MFy8VrNnRp+SKPPOd/HbrQohDogawX2qv
-----END CERTIFICATE-----