Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wal2R7NgtsUclnZbDnOodT1X2jg.roa
File:                     Wal2R7NgtsUclnZbDnOodT1X2jg.roa (raw, json)
Hash identifier:          b57CpxvvBEaoFDyubitR+L6LR9/2eLrUPkJz18woqZ4=
Subject key identifier:   59:A9:76:47:B3:60:B6:C5:1C:96:76:5B:0E:73:A8:75:3D:57:DA:38
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01985A8962A21BE381DA69EBC4FF6C9779E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wal2R7NgtsUclnZbDnOodT1X2jg.roa
Signing time:             Wed 30 Jul 2025 08:53:29 +0000
ROA not before:           Wed 30 Jul 2025 08:53:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206300
IP address blocks:        82.152.18.0/24 maxlen: 24
                          82.152.64.0/24 maxlen: 24
                          89.213.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 20:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:89:62:a2:1b:e3:81:da:69:eb:c4:ff:6c:97:79:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:53:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59a97647b360b6c51c96765b0e73a8753d57da38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8b:b7:56:ac:fa:ef:1c:68:2c:fd:9a:af:c4:
                    bd:31:07:bb:8f:4d:77:5c:42:aa:b2:05:97:43:29:
                    ec:01:48:4e:d7:c3:bc:93:8f:be:07:21:04:d9:05:
                    06:02:94:fa:1f:26:d6:58:df:6d:4b:e2:77:19:d8:
                    c1:64:7b:44:ea:ff:22:b9:99:09:93:0d:fe:ed:ef:
                    c3:3e:54:b6:b9:1d:81:73:86:c4:d5:e3:d3:68:24:
                    18:01:14:ce:b5:36:b8:58:44:2d:94:41:91:84:09:
                    5e:24:9f:fd:1e:54:f8:dc:85:4e:f3:ee:b9:5d:ae:
                    6b:3d:31:82:15:2d:81:99:d9:5f:07:2a:6b:23:7e:
                    da:b4:78:7d:e8:11:73:18:9a:93:8b:4e:3e:7a:10:
                    ff:0a:69:ab:b0:2d:56:eb:90:c5:b9:5a:67:24:53:
                    40:21:5b:48:b9:c3:54:43:de:5e:6b:c5:b3:ec:be:
                    c5:55:22:29:6d:f9:67:50:f5:71:dc:8d:91:5b:d8:
                    80:c8:2f:90:95:ae:0d:14:b8:3a:56:ab:66:2b:c8:
                    05:fe:9c:24:f0:61:18:d3:59:86:27:b5:ac:0b:5d:
                    90:94:20:1f:2b:62:78:35:20:98:c1:cd:db:f1:f7:
                    e8:85:85:72:db:49:ad:0f:c2:72:33:9a:02:43:e7:
                    00:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A9:76:47:B3:60:B6:C5:1C:96:76:5B:0E:73:A8:75:3D:57:DA:38
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wal2R7NgtsUclnZbDnOodT1X2jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.18.0/24
                  82.152.64.0/24
                  89.213.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:79:3f:79:2c:87:73:9d:d7:8f:05:d5:52:54:4a:4a:95:e7:
         02:2a:0e:09:d4:d5:3b:da:36:df:b5:0e:ee:c1:49:43:a5:5b:
         e4:d6:b8:9c:e0:22:95:56:37:86:35:f1:ec:cc:f1:6e:9b:b1:
         8b:e9:62:d6:d8:5c:f6:01:68:2c:0d:00:96:2a:ee:e6:b8:2d:
         16:2c:bd:4b:0a:79:e5:43:38:7b:58:93:3f:a9:9a:05:c1:e1:
         0d:b4:79:a8:18:de:23:72:de:d5:5c:e9:f7:e0:e7:63:9c:46:
         60:c9:ab:86:d2:7f:94:08:8d:f5:2c:92:49:65:86:61:fc:aa:
         6b:f9:06:2b:e1:72:c3:8c:c3:31:3b:88:f3:cd:c5:3a:95:1e:
         15:1e:00:04:20:4e:45:b6:7d:a2:6e:90:5f:93:c7:70:50:53:
         19:6f:e6:07:b2:be:6f:be:a5:16:45:ca:0d:bc:b9:2d:45:03:
         31:98:35:86:40:81:6c:0b:3c:60:93:2d:c2:cb:5a:96:83:a3:
         19:bf:da:e6:11:21:e0:db:55:9a:4e:1d:85:c5:aa:34:5a:6b:
         4e:30:d4:d5:2e:61:98:22:d9:e4:c5:fa:4e:01:21:d9:27:1f:
         78:9b:01:9a:1a:b7:cb:14:3e:54:53:01:db:b0:c8:45:be:4b:
         d5:b8:ef:0a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhaiWKiG+OB2mnrxP9sl3nmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzMwMDg1MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE5NzY0N2IzNjBiNmM1MWM5Njc2NWIwZTczYTg3NTNkNTdkYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjou3Vqz67xxoLP2ar8S9MQe7j013
XEKqsgWXQynsAUhO18O8k4++ByEE2QUGApT6HybWWN9tS+J3GdjBZHtE6v8iuZkJ
kw3+7e/DPlS2uR2Bc4bE1ePTaCQYARTOtTa4WEQtlEGRhAleJJ/9HlT43IVO8+65
Xa5rPTGCFS2BmdlfByprI37atHh96BFzGJqTi04+ehD/CmmrsC1W65DFuVpnJFNA
IVtIucNUQ95ea8Wz7L7FVSIpbflnUPVx3I2RW9iAyC+Qla4NFLg6VqtmK8gF/pwk
8GEY01mGJ7WsC12QlCAfK2J4NSCYwc3b8ffohYVy20mtD8JyM5oCQ+cAaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFmpdkezYLbFHJZ2Ww5zqHU9V9o4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV2FsMlI3Tmd0c1VjbG5aYkRuT29kVDFYMmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpgSAwQA
UphAAwQAWdXBMA0GCSqGSIb3DQEBCwUAA4IBAQA4eT95LIdzndePBdVSVEpKlecC
Kg4J1NU72jbftQ7uwUlDpVvk1ric4CKVVjeGNfHszPFum7GL6WLW2Fz2AWgsDQCW
Ku7muC0WLL1LCnnlQzh7WJM/qZoFweENtHmoGN4jct7VXOn34OdjnEZgyauG0n+U
CI31LJJJZYZh/Kpr+QYr4XLDjMMxO4jzzcU6lR4VHgAEIE5Ftn2ibpBfk8dwUFMZ
b+YHsr5vvqUWRcoNvLktRQMxmDWGQIFsCzxgky3Cy1qWg6MZv9rmESHg21WaTh2F
xao0WmtOMNTVLmGYItnkxfpOASHZJx94mwGaGrfLFD5UUwHbsMhFvkvVuO8K
-----END CERTIFICATE-----