Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tQQ8V9V074D-JpcBbFZZdn493JE.roa
File:                     tQQ8V9V074D-JpcBbFZZdn493JE.roa (raw, json)
Hash identifier:          BvSIygVdxq/1mszkrjkiSa44qoTlA66wwk4beUqezN0=
Subject key identifier:   B5:04:3C:57:D5:74:EF:80:FE:26:97:01:6C:56:59:76:7E:3D:DC:91
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A2A21B431B2D888C3E03C3FA7C47A645F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tQQ8V9V074D-JpcBbFZZdn493JE.roa
Signing time:             Tue 28 Oct 2025 09:24:03 +0000
ROA not before:           Tue 28 Oct 2025 09:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        82.152.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:21:b4:31:b2:d8:88:c3:e0:3c:3f:a7:c4:7a:64:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 28 09:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5043c57d574ef80fe2697016c5659767e3ddc91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8a:25:93:97:04:20:43:9b:d8:c1:5c:5a:ce:
                    3f:07:5c:c9:52:85:f7:29:f2:e1:c6:35:43:cf:05:
                    28:07:f1:ba:3a:97:7f:9c:5f:02:59:28:3e:51:6d:
                    d4:37:3c:72:d8:d3:be:da:e6:6c:32:71:db:76:9d:
                    5e:ee:fd:c3:13:ae:d7:d2:02:c1:88:64:27:3a:90:
                    6a:64:31:13:6e:44:25:d2:93:a9:95:48:87:11:f1:
                    11:28:c4:28:ee:2c:f0:c6:2e:f5:6d:ec:ec:06:7e:
                    7e:1b:79:62:f3:0f:ad:7f:09:10:96:94:3c:e8:2b:
                    3e:8a:43:a8:a2:10:5c:b0:8f:46:a3:3e:15:d4:4d:
                    a8:6f:b2:04:aa:5c:e9:10:a6:32:8c:39:fa:d2:63:
                    25:47:a9:b6:a0:b9:2a:dc:2e:0c:06:97:00:6c:ee:
                    53:9f:b9:ea:19:d3:e9:c2:f4:80:d0:b1:78:99:37:
                    ad:3c:99:20:fe:70:07:18:96:50:2b:19:79:df:c1:
                    83:8a:02:de:bc:fd:a3:53:58:48:42:d1:b0:f4:e4:
                    6e:51:af:c9:fb:a8:22:ac:eb:bf:27:c0:22:75:d8:
                    34:0e:d7:c6:76:01:48:b5:63:5b:f3:6f:0b:01:84:
                    b4:8e:ed:ed:03:6d:c1:05:56:75:fa:39:7d:57:ec:
                    e3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:04:3C:57:D5:74:EF:80:FE:26:97:01:6C:56:59:76:7E:3D:DC:91
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tQQ8V9V074D-JpcBbFZZdn493JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fb:ae:de:94:d9:60:4a:fd:c0:a8:e6:ba:eb:4b:f7:6e:ed:
         90:28:bf:7d:59:4e:4a:f0:1d:84:3d:c1:a4:37:58:aa:22:83:
         c1:aa:47:01:f5:aa:6f:70:e7:59:a0:9b:28:dd:3c:1c:72:2f:
         08:a8:1d:ac:43:9f:7c:f4:fe:c3:1e:01:51:e2:0d:05:5d:b9:
         63:f5:7d:f3:59:c3:de:12:0c:28:fd:9c:ce:28:57:c6:be:c7:
         46:00:39:e5:2f:b8:7c:92:28:51:dd:2a:2f:81:d3:31:ef:82:
         f3:e3:7b:35:5e:ed:35:bf:4b:a4:10:ab:6f:8b:be:ed:a4:f3:
         fd:ea:6a:d6:c6:5d:a1:c6:75:ad:4b:e7:90:5b:fc:83:65:0c:
         40:14:16:06:b6:9f:a7:c7:17:31:c4:52:1b:38:9d:f4:66:16:
         95:f5:a9:a5:37:a8:70:fe:c9:7d:1a:96:bf:a7:5a:1c:9f:41:
         ce:21:5e:09:ca:bd:ef:56:ca:99:f3:8f:02:a8:05:f9:4c:b1:
         ee:54:8a:42:f7:9f:e0:98:1a:f5:56:4e:3c:b1:d3:f5:ae:fe:
         bb:08:61:f0:83:34:81:42:6c:10:69:56:c2:a7:8a:93:97:66:
         cc:24:63:f3:2f:c5:80:7c:65:02:3f:55:ab:77:84:48:6f:7e:
         a6:d2:e0:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoqIbQxstiIw+A8P6fEemRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDI4MDkyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA0M2M1N2Q1NzRlZjgwZmUyNjk3MDE2YzU2NTk3NjdlM2RkYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroolk5cEIEOb2MFcWs4/B1zJUoX3
KfLhxjVDzwUoB/G6Opd/nF8CWSg+UW3UNzxy2NO+2uZsMnHbdp1e7v3DE67X0gLB
iGQnOpBqZDETbkQl0pOplUiHEfERKMQo7izwxi71bezsBn5+G3li8w+tfwkQlpQ8
6Cs+ikOoohBcsI9Goz4V1E2ob7IEqlzpEKYyjDn60mMlR6m2oLkq3C4MBpcAbO5T
n7nqGdPpwvSA0LF4mTetPJkg/nAHGJZQKxl538GDigLevP2jU1hIQtGw9ORuUa/J
+6girOu/J8Aiddg0DtfGdgFItWNb828LAYS0ju3tA23BBVZ1+jl9V+zjPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUEPFfVdO+A/iaXAWxWWXZ+PdyRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdFFROFY5VjA3NEQtSnBjQmJGWlpkbjQ5M0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgcMA0G
CSqGSIb3DQEBCwUAA4IBAQCY+67elNlgSv3AqOa660v3bu2QKL99WU5K8B2EPcGk
N1iqIoPBqkcB9apvcOdZoJso3Twcci8IqB2sQ5989P7DHgFR4g0FXblj9X3zWcPe
Egwo/ZzOKFfGvsdGADnlL7h8kihR3SovgdMx74Lz43s1Xu01v0ukEKtvi77tpPP9
6mrWxl2hxnWtS+eQW/yDZQxAFBYGtp+nxxcxxFIbOJ30ZhaV9amlN6hw/sl9Gpa/
p1ocn0HOIV4Jyr3vVsqZ848CqAX5TLHuVIpC95/gmBr1Vk48sdP1rv67CGHwgzSB
QmwQaVbCp4qTl2bMJGPzL8WAfGUCP1Wrd4RIb36m0uAC
-----END CERTIFICATE-----