Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TFgbcAZkNw9NLkgAAVi6AXHhHrU.roa
File:                     TFgbcAZkNw9NLkgAAVi6AXHhHrU.roa (raw, json)
Hash identifier:          g/b0w+Skd5mrWg/dLTrHogpmF3ccWzlk2asEAkK7iI4=
Subject key identifier:   4C:58:1B:70:06:64:37:0F:4D:2E:48:00:01:58:BA:01:71:E1:1E:B5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A2F2D83E7174BAF66B675067F7A410A94
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TFgbcAZkNw9NLkgAAVi6AXHhHrU.roa
Signing time:             Wed 29 Oct 2025 08:55:03 +0000
ROA not before:           Wed 29 Oct 2025 08:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        82.152.10.0/24 maxlen: 24
                          82.152.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:2d:83:e7:17:4b:af:66:b6:75:06:7f:7a:41:0a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 29 08:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c581b700664370f4d2e48000158ba0171e11eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d3:97:25:28:0b:bc:35:c5:7e:e0:d9:90:69:
                    e3:04:49:1f:41:91:7a:1b:b2:4c:ef:ef:bb:e4:a6:
                    54:04:5a:61:6d:21:09:f1:db:ab:24:f4:ff:c8:55:
                    f3:b1:18:87:0e:a1:65:7f:18:b4:37:a4:c3:5a:a8:
                    51:34:fe:44:77:59:0b:e1:4d:7d:37:78:ac:d6:4f:
                    45:fe:27:30:3b:f5:18:1d:7c:de:4b:cd:89:43:5a:
                    e4:1c:64:c7:21:a2:aa:1d:ea:a8:ad:4e:22:00:ea:
                    cf:6d:aa:cb:a4:c2:46:fb:7a:d6:18:b8:c0:5c:d6:
                    23:c5:27:6f:5e:e7:13:f3:68:c4:42:57:90:d8:1d:
                    77:85:16:e9:06:9d:52:87:5b:8a:b9:f2:e1:47:8b:
                    ab:d6:dd:de:19:26:17:4e:c1:21:13:74:9e:39:8c:
                    d1:5e:4c:e3:eb:e8:98:b3:b2:4e:a2:c2:50:a9:64:
                    ee:e8:20:71:3c:f6:b0:68:74:37:ff:6e:4a:29:5e:
                    b3:ad:3d:02:55:82:88:b5:38:81:ca:d5:bc:80:42:
                    1d:c3:68:96:ea:7d:7c:9f:9a:a4:a9:bf:17:02:51:
                    93:e3:29:35:90:83:1b:09:c3:9c:03:76:ad:34:35:
                    92:43:6c:2b:ca:f8:53:de:04:66:88:9b:1e:3b:69:
                    d0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:58:1B:70:06:64:37:0F:4D:2E:48:00:01:58:BA:01:71:E1:1E:B5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TFgbcAZkNw9NLkgAAVi6AXHhHrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.10.0/24
                  82.152.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:da:be:5a:26:b1:cd:d6:c3:b5:0a:b8:f0:3b:1f:d4:47:83:
         e0:f8:95:06:e1:7d:e4:de:1f:d1:76:5f:54:d2:50:ab:77:c6:
         cc:26:e7:b9:37:3e:84:37:2c:44:ed:d1:e4:e5:15:92:59:e0:
         84:b0:2a:f5:a8:fe:1f:17:7b:70:9e:72:f6:5d:8e:d7:f4:a3:
         60:73:61:e0:59:33:46:9b:e4:ef:a6:f2:07:8a:b0:0a:5c:a3:
         0e:7b:87:8a:38:5a:1d:3f:03:e1:ab:70:bc:07:91:aa:b8:6b:
         1b:6f:5d:a3:ca:60:14:e0:0c:0b:62:65:d9:79:2f:7e:44:76:
         99:84:d9:a4:88:d8:81:eb:d7:09:b7:af:4f:fb:90:1f:c2:5e:
         88:86:8a:90:32:91:ed:67:07:75:4e:8b:56:ce:c4:b7:1d:0a:
         d7:b0:5b:fc:eb:4e:d2:d8:72:6b:dd:31:a8:26:44:c9:28:24:
         ef:eb:dc:9c:7f:f8:f3:59:13:73:a9:06:24:b5:56:f9:55:80:
         86:8a:37:fc:6c:48:37:88:fe:95:fd:36:e5:70:04:7c:90:1c:
         7d:c6:9f:91:a9:12:10:7f:b5:2b:b3:37:d1:27:91:18:f4:91:
         92:f6:a7:9c:c9:12:25:b3:be:18:82:e9:df:a7:9a:65:2d:1a:
         11:df:ab:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZovLYPnF0uvZrZ1Bn96QQqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDI5MDg1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU4MWI3MDA2NjQzNzBmNGQyZTQ4MDAwMTU4YmEwMTcxZTExZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydOXJSgLvDXFfuDZkGnjBEkfQZF6
G7JM7++75KZUBFphbSEJ8durJPT/yFXzsRiHDqFlfxi0N6TDWqhRNP5Ed1kL4U19
N3is1k9F/icwO/UYHXzeS82JQ1rkHGTHIaKqHeqorU4iAOrPbarLpMJG+3rWGLjA
XNYjxSdvXucT82jEQleQ2B13hRbpBp1Sh1uKufLhR4ur1t3eGSYXTsEhE3SeOYzR
Xkzj6+iYs7JOosJQqWTu6CBxPPawaHQ3/25KKV6zrT0CVYKItTiBytW8gEIdw2iW
6n18n5qkqb8XAlGT4yk1kIMbCcOcA3atNDWSQ2wryvhT3gRmiJseO2nQqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFExYG3AGZDcPTS5IAAFYugFx4R61MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVEZnYmNBWmtOdzlOTGtnQUFWaTZBWEhoSHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgKAwQA
UpizMA0GCSqGSIb3DQEBCwUAA4IBAQBz2r5aJrHN1sO1CrjwOx/UR4Pg+JUG4X3k
3h/Rdl9U0lCrd8bMJue5Nz6ENyxE7dHk5RWSWeCEsCr1qP4fF3twnnL2XY7X9KNg
c2HgWTNGm+TvpvIHirAKXKMOe4eKOFodPwPhq3C8B5GquGsbb12jymAU4AwLYmXZ
eS9+RHaZhNmkiNiB69cJt69P+5Afwl6IhoqQMpHtZwd1TotWzsS3HQrXsFv8607S
2HJr3TGoJkTJKCTv69ycf/jzWRNzqQYktVb5VYCGijf8bEg3iP6V/TblcAR8kBx9
xp+RqRIQf7UrszfRJ5EY9JGS9qecyRIls74Ygunfp5plLRoR36sF
-----END CERTIFICATE-----