Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRx_qh3DHEriOPlmb-MUO8Ski1k.roa
File:                     IRx_qh3DHEriOPlmb-MUO8Ski1k.roa (raw, json)
Hash identifier:          qB+Z+jQoEt7PGF4CxnynIHYQ9dAFTurO/urngCc3qjU=
Subject key identifier:   21:1C:7F:AA:1D:C3:1C:4A:E2:38:F9:66:6F:E3:14:3B:C4:A4:8B:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01967B97D7BB08E93962B1A5CAFB3F6BDA73
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRx_qh3DHEriOPlmb-MUO8Ski1k.roa
Signing time:             Mon 28 Apr 2025 08:51:10 +0000
ROA not before:           Mon 28 Apr 2025 08:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        81.168.116.0/24 maxlen: 24
                          82.153.255.0/24 maxlen: 24
                          89.213.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:97:d7:bb:08:e9:39:62:b1:a5:ca:fb:3f:6b:da:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 08:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=211c7faa1dc31c4ae238f9666fe3143bc4a48b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:4d:df:88:58:f1:98:98:24:aa:34:9e:61:
                    58:30:af:d1:3c:21:6a:07:00:9d:c8:f9:4f:5c:43:
                    04:28:e7:12:d4:53:18:50:6b:fe:22:ba:54:a4:86:
                    68:3e:59:e5:8f:a6:35:75:2a:43:1e:4e:eb:d7:a6:
                    53:51:06:18:2b:3c:82:c9:0d:06:a4:2c:46:fe:8d:
                    90:e0:b8:98:27:29:22:d3:a8:26:7b:d4:00:52:9a:
                    9b:28:2b:82:f4:bf:90:15:43:81:73:52:d3:44:77:
                    b0:c0:42:e9:ec:7e:e9:43:be:29:8c:6c:db:7d:ef:
                    f6:e2:92:b0:30:09:98:11:4b:3a:15:9b:65:d8:e9:
                    d3:36:20:7b:52:4a:9f:d8:3c:f3:db:5a:6f:2b:5b:
                    6e:2d:92:f6:e4:f6:be:f2:61:d5:25:da:18:af:4c:
                    18:00:e8:43:06:20:1c:c4:84:95:2a:4a:80:e6:90:
                    d9:de:d1:a1:42:d3:28:ff:4d:2c:c5:56:02:39:52:
                    d8:3a:a8:90:17:7a:a6:7b:85:2f:fd:3e:85:c1:9e:
                    0a:9b:ca:e7:f5:d4:a0:68:bc:93:be:42:85:26:74:
                    54:33:bf:28:16:03:2f:9c:b6:9c:ca:62:25:d7:b2:
                    ee:f2:bd:be:8a:43:2f:0c:fd:46:e7:79:9f:f0:43:
                    a3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1C:7F:AA:1D:C3:1C:4A:E2:38:F9:66:6F:E3:14:3B:C4:A4:8B:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRx_qh3DHEriOPlmb-MUO8Ski1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  82.153.255.0/24
                  89.213.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:0c:45:0a:8b:53:68:08:4a:10:3e:61:24:e2:e4:1d:62:d6:
         30:84:75:85:a3:c2:8b:cc:96:22:b3:3f:9a:00:90:59:42:1b:
         85:09:ca:29:f1:b0:46:d7:7f:25:70:1d:fa:24:0f:e4:a5:21:
         fd:56:17:85:46:32:4d:2e:b0:5c:c5:9f:a8:67:ae:ee:c9:53:
         16:2b:c1:31:93:76:59:6c:29:66:73:ae:1f:fe:2d:e8:cb:ee:
         01:fe:0d:50:b9:f6:a3:25:59:03:2e:52:62:ff:f0:27:17:8b:
         a8:98:43:46:4f:da:05:41:86:f7:82:03:f2:0e:10:5c:98:a0:
         cc:20:38:38:dd:1a:b9:9c:73:b2:6a:7d:2e:8d:8f:dd:4c:f5:
         e7:ce:e4:d4:2e:cb:9c:e8:d2:f5:86:e0:56:fc:ed:37:0f:dc:
         8c:6d:64:3c:28:fa:e0:de:22:7c:42:a7:30:12:55:2c:5f:97:
         74:10:e8:44:11:e0:ec:f4:68:fa:28:c6:a1:78:65:c7:e6:f9:
         d6:67:e9:17:02:15:0a:91:dd:b9:20:28:f1:e9:9a:ac:1d:86:
         e8:71:87:eb:4c:90:42:a9:98:aa:60:a5:b7:14:c0:45:06:37:
         b1:00:98:6a:74:87:78:25:d4:bd:8e:6f:5f:61:d0:e1:9c:be:
         74:1e:0f:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZ7l9e7COk5YrGlyvs/a9pzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI4MDg1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFjN2ZhYTFkYzMxYzRhZTIzOGY5NjY2ZmUzMTQzYmM0YTQ4YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDNN34hY8ZiYJKo0nmFYMK/RPCFq
BwCdyPlPXEMEKOcS1FMYUGv+IrpUpIZoPlnlj6Y1dSpDHk7r16ZTUQYYKzyCyQ0G
pCxG/o2Q4LiYJyki06gme9QAUpqbKCuC9L+QFUOBc1LTRHewwELp7H7pQ74pjGzb
fe/24pKwMAmYEUs6FZtl2OnTNiB7Ukqf2Dzz21pvK1tuLZL25Pa+8mHVJdoYr0wY
AOhDBiAcxISVKkqA5pDZ3tGhQtMo/00sxVYCOVLYOqiQF3qme4Uv/T6FwZ4Km8rn
9dSgaLyTvkKFJnRUM78oFgMvnLacymIl17Lu8r2+ikMvDP1G53mf8EOj2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCEcf6odwxxK4jj5Zm/jFDvEpItZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVJ4X3FoM0RIRXJpT1BsbWItTVVPOFNraTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUah0AwQA
Upn/AwQAWdU0MA0GCSqGSIb3DQEBCwUAA4IBAQBhDEUKi1NoCEoQPmEk4uQdYtYw
hHWFo8KLzJYisz+aAJBZQhuFCcop8bBG138lcB36JA/kpSH9VheFRjJNLrBcxZ+o
Z67uyVMWK8Exk3ZZbClmc64f/i3oy+4B/g1QufajJVkDLlJi//AnF4uomENGT9oF
QYb3ggPyDhBcmKDMIDg43Rq5nHOyan0ujY/dTPXnzuTULsuc6NL1huBW/O03D9yM
bWQ8KPrg3iJ8QqcwElUsX5d0EOhEEeDs9Gj6KMaheGXH5vnWZ+kXAhUKkd25ICjx
6ZqsHYbocYfrTJBCqZiqYKW3FMBFBjexAJhqdId4JdS9jm9fYdDhnL50Hg93
-----END CERTIFICATE-----