Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KU9vlOTHtJxpg1raTQIiCRhklqI.roa
File:                     KU9vlOTHtJxpg1raTQIiCRhklqI.roa (raw, json)
Hash identifier:          op+vpjsbl0UmyVUYaDck5Zgd9kQAvocTc0figTNA9gs=
Subject key identifier:   29:4F:6F:94:E4:C7:B4:9C:69:83:5A:DA:4D:02:22:09:18:64:96:A2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196F1BE1E3EBF9E561CF52AE0B438588930
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KU9vlOTHtJxpg1raTQIiCRhklqI.roa
Signing time:             Wed 21 May 2025 07:28:10 +0000
ROA not before:           Wed 21 May 2025 07:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        80.240.87.0/24 maxlen: 24
                          109.176.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 10:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f1:be:1e:3e:bf:9e:56:1c:f5:2a:e0:b4:38:58:89:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 07:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=294f6f94e4c7b49c69835ada4d022209186496a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:56:74:cd:41:01:bc:d5:82:5f:dc:2a:3e:ff:
                    56:00:78:4c:af:0b:a1:13:9a:38:3e:d0:29:ff:3b:
                    8c:92:3a:bd:d6:93:b8:9f:89:8d:40:63:6b:e0:2b:
                    74:cf:27:7b:49:24:82:e4:fd:f7:fe:ec:07:da:84:
                    68:79:5a:b2:27:d0:83:b1:0c:d3:db:ef:e8:b1:26:
                    37:58:b4:10:78:ef:26:ee:41:30:c3:e8:0e:51:fd:
                    5d:9b:6d:fe:ee:8a:0c:01:ad:55:db:7e:d0:52:8e:
                    59:cf:80:c7:d5:91:e9:b9:b2:70:4c:aa:ce:ac:de:
                    77:0d:d7:64:0a:2f:5f:99:07:e0:74:2f:bb:c1:a8:
                    8b:12:c4:c2:7e:bd:e0:91:97:a4:9c:65:36:93:cf:
                    c0:03:e6:4e:09:08:95:61:63:6c:2a:95:72:95:b4:
                    4d:5a:93:cf:0b:22:e9:2a:b1:b7:bf:40:d2:79:cb:
                    c6:14:02:05:24:be:8a:ce:ba:df:0f:de:d3:51:c8:
                    88:08:31:47:fd:36:c9:d3:13:18:7c:23:71:7d:4b:
                    ed:d4:10:fa:a7:54:e5:63:8e:8f:a5:e7:5e:f3:b5:
                    ca:60:4f:08:f4:75:c8:af:10:86:49:ec:60:75:60:
                    6f:68:76:95:eb:7a:fd:8a:2f:22:4b:5f:88:a7:89:
                    96:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4F:6F:94:E4:C7:B4:9C:69:83:5A:DA:4D:02:22:09:18:64:96:A2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KU9vlOTHtJxpg1raTQIiCRhklqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.87.0/24
                  109.176.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a3:c0:71:dc:7f:2d:53:f7:2a:6c:47:3d:d3:a0:b8:05:56:
         c5:6c:f6:3b:e8:1b:c5:20:3c:28:ff:c2:79:4d:6a:9c:a5:50:
         4b:14:39:91:e7:b8:d4:32:df:3b:f3:ee:26:bf:7e:f3:fc:0f:
         b7:ad:94:4a:a7:03:9f:1a:e8:06:88:82:ff:55:fe:3a:17:6d:
         6a:42:ff:f0:f4:5a:d9:ed:ea:c5:43:43:2d:63:1b:75:ca:84:
         95:a4:15:63:21:be:ef:2f:66:af:fe:a3:ab:44:5d:3b:d7:43:
         6d:ca:47:9c:39:f2:ab:c9:ff:5a:32:02:6b:fb:84:2b:39:84:
         c1:c2:c8:f5:f4:fc:5e:b6:3c:70:2b:ad:12:d8:71:a4:34:fc:
         a5:c0:8b:1e:ec:db:85:26:c4:1d:1f:45:d0:76:dd:76:d1:83:
         3c:3d:4a:fe:df:23:43:a9:9e:b7:e4:75:bd:34:4e:af:eb:b8:
         d3:45:86:b9:c1:b1:65:45:62:d3:4e:92:61:f7:c3:1e:2c:b3:
         18:3f:f4:c0:03:fb:2e:e7:67:2a:bf:8b:35:09:6a:84:d5:3f:
         5d:23:15:06:23:9f:6c:80:95:05:cb:72:81:af:1b:7c:db:33:
         65:54:68:24:ed:49:80:1b:0f:1a:9e:19:25:84:dd:d3:e7:e0:
         47:fb:21:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbxvh4+v55WHPUq4LQ4WIkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTIxMDcyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRmNmY5NGU0YzdiNDljNjk4MzVhZGE0ZDAyMjIwOTE4NjQ5NmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1Z0zUEBvNWCX9wqPv9WAHhMrwuh
E5o4PtAp/zuMkjq91pO4n4mNQGNr4Ct0zyd7SSSC5P33/uwH2oRoeVqyJ9CDsQzT
2+/osSY3WLQQeO8m7kEww+gOUf1dm23+7ooMAa1V237QUo5Zz4DH1ZHpubJwTKrO
rN53DddkCi9fmQfgdC+7waiLEsTCfr3gkZeknGU2k8/AA+ZOCQiVYWNsKpVylbRN
WpPPCyLpKrG3v0DSecvGFAIFJL6KzrrfD97TUciICDFH/TbJ0xMYfCNxfUvt1BD6
p1TlY46Ppede87XKYE8I9HXIrxCGSexgdWBvaHaV63r9ii8iS1+Ip4mWwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFClPb5Tkx7ScaYNa2k0CIgkYZJaiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS1U5dmxPVEh0SnhwZzFyYVRRSWlDUmhrbHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPBXAwQA
bbAPMA0GCSqGSIb3DQEBCwUAA4IBAQCWo8Bx3H8tU/cqbEc906C4BVbFbPY76BvF
IDwo/8J5TWqcpVBLFDmR57jUMt878+4mv37z/A+3rZRKpwOfGugGiIL/Vf46F21q
Qv/w9FrZ7erFQ0MtYxt1yoSVpBVjIb7vL2av/qOrRF0710NtykecOfKryf9aMgJr
+4QrOYTBwsj19PxetjxwK60S2HGkNPylwIse7NuFJsQdH0XQdt120YM8PUr+3yND
qZ635HW9NE6v67jTRYa5wbFlRWLTTpJh98MeLLMYP/TAA/su52cqv4s1CWqE1T9d
IxUGI59sgJUFy3KBrxt82zNlVGgk7UmAGw8anhklhN3T5+BH+yGf
-----END CERTIFICATE-----