Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LGrRCMdwpeIJQXzQuQt3x06ChBE.roa
File:                     LGrRCMdwpeIJQXzQuQt3x06ChBE.roa (raw, json)
Hash identifier:          3ZF6cvEBxzka6cB1vShCl9vFF/F1nvB647kT9mwDLRM=
Subject key identifier:   2C:6A:D1:08:C7:70:A5:E2:09:41:7C:D0:B9:0B:77:C7:4E:82:84:11
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019855330B163153DF13064750DB5A7BD308
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LGrRCMdwpeIJQXzQuQt3x06ChBE.roa
Signing time:             Tue 29 Jul 2025 08:01:05 +0000
ROA not before:           Tue 29 Jul 2025 08:01:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204044
IP address blocks:        79.99.146.0/24 maxlen: 24
                          213.210.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:33:0b:16:31:53:df:13:06:47:50:db:5a:7b:d3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 29 08:01:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c6ad108c770a5e209417cd0b90b77c74e828411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:31:b3:68:b9:be:d8:10:b1:39:12:ff:81:13:
                    e2:1f:7b:17:e5:a1:d2:aa:a1:68:e1:41:41:20:50:
                    4e:7d:44:d9:ae:75:00:b9:98:ac:66:cb:bf:f7:7d:
                    e7:3b:62:79:a8:a0:9d:bf:8c:08:6e:82:13:d6:02:
                    b3:71:a1:79:f7:7b:c1:db:1e:3e:b8:c7:dc:f2:31:
                    d5:73:6f:b4:57:26:51:83:08:e6:c4:bb:3e:e0:c1:
                    bc:8e:2d:d5:dc:0f:e2:cc:38:94:1b:db:6f:ec:d4:
                    90:58:d9:76:a9:11:bb:5b:80:8a:d8:f3:27:21:3d:
                    d4:81:a9:ee:e8:07:39:34:9f:fe:3f:07:2f:e3:19:
                    f8:a2:8e:2b:7a:b0:02:da:5e:fc:6b:45:2e:3f:4d:
                    de:f6:8e:ed:2f:93:c7:3c:88:c1:d9:af:c4:55:35:
                    6e:03:a3:64:8e:eb:ef:5f:ea:ed:72:43:b8:47:9c:
                    84:19:d4:82:1d:de:59:53:32:ba:0a:dc:8b:0a:db:
                    ab:05:c5:82:f0:93:63:51:e5:5c:df:e9:c7:de:40:
                    d0:a5:d8:52:de:3a:4b:4b:f9:d5:87:98:c1:38:e7:
                    23:5b:38:bf:3c:5b:5f:e8:6b:2b:e9:28:b5:58:0f:
                    1e:45:b9:c2:f9:d2:39:86:34:b4:1a:04:24:b8:1d:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6A:D1:08:C7:70:A5:E2:09:41:7C:D0:B9:0B:77:C7:4E:82:84:11
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LGrRCMdwpeIJQXzQuQt3x06ChBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.146.0/24
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:84:d1:be:f1:18:b5:3f:f1:ca:a8:60:dd:e4:67:bc:33:58:
         b5:65:34:4d:89:c8:58:03:bf:57:ff:79:db:5c:76:6f:25:d8:
         9a:3a:f4:86:f5:dd:f6:e3:26:85:59:be:5a:4c:3c:5e:bc:ec:
         02:57:82:98:83:b3:f4:f5:7e:4d:ed:74:75:2b:67:a6:7a:4f:
         84:a1:d3:89:35:6e:e5:e1:5c:81:e0:f4:f0:ee:72:66:1a:4a:
         e8:f3:78:3d:a3:c2:6c:9f:d9:41:80:ab:95:86:0e:a4:2f:7d:
         60:f0:46:7f:b0:ed:62:c0:a9:dd:3b:91:fc:ae:ed:d6:c4:d0:
         06:9a:19:c9:ef:99:ce:d3:f8:c1:c8:7f:b9:72:d5:6c:f7:5d:
         a7:5d:fd:49:14:e6:c6:ce:6d:47:c2:71:4e:7b:2f:34:81:07:
         05:8c:60:7f:5a:41:a1:a7:f6:97:b9:59:c5:0c:15:84:9a:d0:
         a3:65:6e:c9:88:45:c8:21:cd:36:c6:94:15:77:b7:29:ad:a5:
         ed:a8:b5:6d:23:a4:87:b3:76:5b:45:77:00:c9:d8:9c:fd:c1:
         3c:8b:df:f7:de:60:1d:63:dd:21:f2:37:13:c1:a3:65:d7:1e:
         98:b2:46:28:db:13:88:64:d5:dd:6f:c3:62:84:1d:01:78:f9:
         23:b8:b7:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhVMwsWMVPfEwZHUNtae9MIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzI5MDgwMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZhZDEwOGM3NzBhNWUyMDk0MTdjZDBiOTBiNzdjNzRlODI4NDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9zGzaLm+2BCxORL/gRPiH3sX5aHS
qqFo4UFBIFBOfUTZrnUAuZisZsu/933nO2J5qKCdv4wIboIT1gKzcaF593vB2x4+
uMfc8jHVc2+0VyZRgwjmxLs+4MG8ji3V3A/izDiUG9tv7NSQWNl2qRG7W4CK2PMn
IT3Uganu6Ac5NJ/+Pwcv4xn4oo4rerAC2l78a0UuP03e9o7tL5PHPIjB2a/EVTVu
A6NkjuvvX+rtckO4R5yEGdSCHd5ZUzK6CtyLCturBcWC8JNjUeVc3+nH3kDQpdhS
3jpLS/nVh5jBOOcjWzi/PFtf6Gsr6Si1WA8eRbnC+dI5hjS0GgQkuB3+7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCxq0QjHcKXiCUF80LkLd8dOgoQRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTEdyUkNNZHdwZUlKUVh6UXVRdDN4MDZDaEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT2OSAwQA
1dI6MA0GCSqGSIb3DQEBCwUAA4IBAQAnhNG+8Ri1P/HKqGDd5Ge8M1i1ZTRNichY
A79X/3nbXHZvJdiaOvSG9d324yaFWb5aTDxevOwCV4KYg7P09X5N7XR1K2emek+E
odOJNW7l4VyB4PTw7nJmGkro83g9o8Jsn9lBgKuVhg6kL31g8EZ/sO1iwKndO5H8
ru3WxNAGmhnJ75nO0/jByH+5ctVs912nXf1JFObGzm1HwnFOey80gQcFjGB/WkGh
p/aXuVnFDBWEmtCjZW7JiEXIIc02xpQVd7cpraXtqLVtI6SHs3ZbRXcAydic/cE8
i9/33mAdY90h8jcTwaNl1x6YskYo2xOIZNXdb8NihB0BePkjuLd+
-----END CERTIFICATE-----