Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3qrW0pKwWKLvjQubBXdoM6QDKv4.roa
File:                     3qrW0pKwWKLvjQubBXdoM6QDKv4.roa (raw, json)
Hash identifier:          QgVN7/uZho4NXO89ihT3Evb67NY5Tvsg8O9Ioam5AHY=
Subject key identifier:   DE:AA:D6:D2:92:B0:58:A2:EF:8D:0B:9B:05:77:68:33:A4:03:2A:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A492184BFDA962A5A2B055DE61D573D76
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3qrW0pKwWKLvjQubBXdoM6QDKv4.roa
Signing time:             Mon 03 Nov 2025 09:52:04 +0000
ROA not before:           Mon 03 Nov 2025 09:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        89.213.216.0/24 maxlen: 24
                          89.213.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:21:84:bf:da:96:2a:5a:2b:05:5d:e6:1d:57:3d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  3 09:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deaad6d292b058a2ef8d0b9b05776833a4032afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7c:21:d0:a3:9a:00:6d:cd:e6:5c:39:de:c6:
                    49:cb:50:e0:a2:10:05:54:80:db:b5:8e:14:25:45:
                    ef:99:d1:53:b1:bc:af:08:66:9f:89:16:b8:24:ed:
                    68:06:77:bb:8e:48:af:91:d7:2f:8b:97:61:fb:19:
                    9d:5b:10:59:75:3c:65:2a:e5:ba:8b:6a:09:b7:e9:
                    9f:1b:d0:88:4c:b7:99:c0:76:a9:b4:f4:41:32:ba:
                    45:ed:9e:53:fa:d1:42:c0:56:f3:4b:69:84:62:64:
                    f0:5f:80:c9:16:f9:51:16:f3:2f:69:0c:de:a2:f9:
                    9d:fa:88:69:9e:58:76:a7:46:59:7f:0b:7c:c8:84:
                    d2:4b:ef:a6:51:2f:e1:b4:a7:2c:00:66:16:78:64:
                    a5:de:c0:64:ad:4f:c3:98:07:8a:a2:7f:7c:98:ff:
                    28:03:1a:54:7d:a8:6f:fb:a6:90:79:05:57:b4:71:
                    36:95:cd:f1:ab:f2:21:32:37:d9:ae:0e:b8:73:07:
                    fe:43:d1:9a:84:d7:08:13:e3:6b:56:a5:ee:32:f6:
                    1b:81:24:87:75:a6:20:05:6d:61:5d:af:38:de:43:
                    2e:c2:60:43:88:70:74:1f:ef:4c:91:1f:c7:88:e0:
                    39:0e:10:f2:6a:ee:ba:e8:e2:a6:89:6f:5f:4b:b4:
                    03:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AA:D6:D2:92:B0:58:A2:EF:8D:0B:9B:05:77:68:33:A4:03:2A:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3qrW0pKwWKLvjQubBXdoM6QDKv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.216.0/24
                  89.213.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:37:6c:a6:98:a6:5a:1f:5b:03:a5:09:6c:c2:d5:5c:c5:ea:
         28:da:e9:bf:c8:f5:a1:2c:5c:df:be:23:52:d8:75:bd:fa:f4:
         06:11:27:52:c6:58:5c:1f:da:ac:28:a4:03:81:bc:aa:8a:16:
         d5:22:d0:fa:50:fb:36:db:f5:06:a1:ed:32:c0:9c:64:ae:19:
         15:63:6f:75:bd:67:e4:39:e6:01:a2:9d:36:e2:84:24:04:63:
         0a:4b:c4:46:7c:1d:10:02:15:19:ef:19:96:53:11:fe:f6:e5:
         97:ab:7e:fd:49:97:dc:ad:5a:a4:51:e0:e7:a1:61:18:8a:dc:
         80:f2:49:53:91:f2:c8:1a:dc:e2:71:8f:8d:42:e5:31:4f:12:
         7f:90:ad:c7:ca:9e:4f:1c:36:fc:eb:6c:52:39:db:f4:3e:be:
         58:2e:e1:ff:5b:8f:c7:43:ef:1f:81:e7:b6:63:92:65:81:eb:
         55:cf:09:a0:0b:24:f3:3d:74:44:63:b6:b9:61:63:ff:77:13:
         5d:cc:54:a1:15:bf:b4:12:a6:49:c0:2c:02:18:b2:58:eb:bd:
         1f:6c:a1:77:a9:03:3b:bd:04:81:7f:41:89:da:25:e6:76:21:
         ed:59:f8:f7:90:43:a4:73:00:6b:f5:85:e7:9f:54:b8:f1:ba:
         14:20:08:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpJIYS/2pYqWisFXeYdVz12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFhZDZkMjkyYjA1OGEyZWY4ZDBiOWIwNTc3NjgzM2E0MDMyYWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXwh0KOaAG3N5lw53sZJy1DgohAF
VIDbtY4UJUXvmdFTsbyvCGafiRa4JO1oBne7jkivkdcvi5dh+xmdWxBZdTxlKuW6
i2oJt+mfG9CITLeZwHaptPRBMrpF7Z5T+tFCwFbzS2mEYmTwX4DJFvlRFvMvaQze
ovmd+ohpnlh2p0ZZfwt8yITSS++mUS/htKcsAGYWeGSl3sBkrU/DmAeKon98mP8o
AxpUfahv+6aQeQVXtHE2lc3xq/IhMjfZrg64cwf+Q9GahNcIE+NrVqXuMvYbgSSH
daYgBW1hXa843kMuwmBDiHB0H+9MkR/HiOA5DhDyau666OKmiW9fS7QDHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN6q1tKSsFii740LmwV3aDOkAyr+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM3FyVzBwS3dXS0x2alF1YkJYZG9NNlFES3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdXYAwQA
WdXdMA0GCSqGSIb3DQEBCwUAA4IBAQBON2ymmKZaH1sDpQlswtVcxeoo2um/yPWh
LFzfviNS2HW9+vQGESdSxlhcH9qsKKQDgbyqihbVItD6UPs22/UGoe0ywJxkrhkV
Y291vWfkOeYBop024oQkBGMKS8RGfB0QAhUZ7xmWUxH+9uWXq379SZfcrVqkUeDn
oWEYityA8klTkfLIGtzicY+NQuUxTxJ/kK3Hyp5PHDb862xSOdv0Pr5YLuH/W4/H
Q+8fgee2Y5JlgetVzwmgCyTzPXREY7a5YWP/dxNdzFShFb+0EqZJwCwCGLJY670f
bKF3qQM7vQSBf0GJ2iXmdiHtWfj3kEOkcwBr9YXnn1S48boUIAhd
-----END CERTIFICATE-----