Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3r8mEjhqhUVnwog5XCDk8HtJlUc.roa
File:                     3r8mEjhqhUVnwog5XCDk8HtJlUc.roa (raw, json)
Hash identifier:          xQD0c+kOUijuTtKh8HVefCZODz+yn2Eu4V10NUHYyAU=
Subject key identifier:   DE:BF:26:12:38:6A:85:45:67:C2:88:39:5C:20:E4:F0:7B:49:95:47
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0199A916BC856653049E2DA489B201323F97
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3r8mEjhqhUVnwog5XCDk8HtJlUc.roa
Signing time:             Fri 03 Oct 2025 08:01:03 +0000
ROA not before:           Fri 03 Oct 2025 08:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213282
IP address blocks:        93.88.201.0/24 maxlen: 24
                          94.177.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:16:bc:85:66:53:04:9e:2d:a4:89:b2:01:32:3f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct  3 08:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=debf2612386a854567c288395c20e4f07b499547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c6:65:cf:c6:e7:8a:80:08:98:22:a2:03:da:
                    ce:cb:39:0a:a3:83:86:74:80:e6:7b:75:79:63:87:
                    92:2e:e5:88:bc:70:c8:f5:cb:d7:11:92:99:43:fe:
                    00:98:03:f5:53:96:0a:9a:70:60:e5:38:88:e5:6b:
                    71:dd:70:85:3a:d6:ff:0c:47:89:63:db:be:10:cb:
                    68:39:9d:c9:85:a9:09:52:8d:21:ce:6e:38:98:5c:
                    76:14:46:f4:bb:7d:bf:12:89:f0:15:ce:02:4c:2b:
                    d3:e3:9f:9a:82:c7:db:f0:5f:f0:c5:b4:c6:20:4e:
                    27:82:06:57:a3:28:1b:e6:b5:77:7b:af:50:4d:00:
                    d6:10:63:e4:17:d2:c3:98:31:b7:e2:7f:19:c2:0a:
                    eb:0c:a3:f6:ec:2c:00:25:ea:39:d9:d1:fd:18:1c:
                    92:25:e0:32:90:70:56:3e:68:6f:2b:13:05:c9:93:
                    d5:f0:3e:42:4b:52:e7:b1:7f:0d:c7:a6:f3:fb:fa:
                    36:41:87:31:37:2b:b3:da:59:f5:be:b3:ab:cf:6e:
                    96:e9:2b:4a:5d:cc:10:40:e2:55:02:63:be:2b:90:
                    31:3e:62:05:e3:13:9a:75:43:82:91:44:0b:3c:43:
                    f8:4a:14:00:53:11:d5:f4:d3:5c:fb:e3:65:ab:2a:
                    6a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BF:26:12:38:6A:85:45:67:C2:88:39:5C:20:E4:F0:7B:49:95:47
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3r8mEjhqhUVnwog5XCDk8HtJlUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.201.0/24
                  94.177.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:cd:3c:e7:fa:f4:7b:c0:28:c2:42:23:60:aa:94:cb:ca:fd:
         c6:84:a9:2b:57:0d:97:0c:e5:72:8c:1d:83:55:41:e1:3a:01:
         51:aa:bd:1d:88:cd:15:cd:53:c2:58:14:f1:6f:3f:4d:99:ee:
         46:e9:2d:81:37:1c:0b:05:69:54:9b:dd:bf:03:b0:84:85:10:
         ba:d5:c3:b6:51:de:ed:c0:9f:08:bd:fb:30:29:44:24:52:ba:
         ca:72:8e:09:85:f8:8e:41:3c:e7:e7:10:8c:f5:46:75:f9:19:
         6b:8b:cb:18:13:99:bf:bf:d2:f6:c8:88:80:e3:c2:04:ba:28:
         0c:58:d2:c8:66:1d:94:08:05:eb:21:48:49:e9:c0:4a:70:39:
         07:d0:ab:3e:32:0c:98:e7:4f:3b:0a:97:14:89:31:67:82:f8:
         34:07:4b:a2:69:9f:f0:fb:2d:13:a8:ca:e1:2c:0c:b4:21:37:
         76:00:ed:16:9c:68:02:59:ee:7c:59:11:3e:e9:ef:6a:50:aa:
         d8:61:1a:45:04:8d:0b:48:38:05:9c:46:43:03:67:5b:54:c6:
         a9:eb:95:36:fc:b3:37:29:03:42:69:d6:24:5c:7f:27:06:3d:
         bc:c0:bb:1d:9d:10:45:10:01:0d:94:8a:db:bd:aa:91:51:fe:
         7f:88:65:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmpFryFZlMEni2kibIBMj+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMDAzMDgwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJmMjYxMjM4NmE4NTQ1NjdjMjg4Mzk1YzIwZTRmMDdiNDk5NTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sZlz8bnioAImCKiA9rOyzkKo4OG
dIDme3V5Y4eSLuWIvHDI9cvXEZKZQ/4AmAP1U5YKmnBg5TiI5Wtx3XCFOtb/DEeJ
Y9u+EMtoOZ3JhakJUo0hzm44mFx2FEb0u32/EonwFc4CTCvT45+agsfb8F/wxbTG
IE4nggZXoygb5rV3e69QTQDWEGPkF9LDmDG34n8ZwgrrDKP27CwAJeo52dH9GByS
JeAykHBWPmhvKxMFyZPV8D5CS1LnsX8Nx6bz+/o2QYcxNyuz2ln1vrOrz26W6StK
XcwQQOJVAmO+K5AxPmIF4xOadUOCkUQLPEP4ShQAUxHV9NNc++NlqypqpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN6/JhI4aoVFZ8KIOVwg5PB7SZVHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM3I4bUVqaHFoVVZud29nNVhDRGs4SHRKbFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXVjJAwQA
XrF6MA0GCSqGSIb3DQEBCwUAA4IBAQCtzTzn+vR7wCjCQiNgqpTLyv3GhKkrVw2X
DOVyjB2DVUHhOgFRqr0diM0VzVPCWBTxbz9Nme5G6S2BNxwLBWlUm92/A7CEhRC6
1cO2Ud7twJ8IvfswKUQkUrrKco4JhfiOQTzn5xCM9UZ1+Rlri8sYE5m/v9L2yIiA
48IEuigMWNLIZh2UCAXrIUhJ6cBKcDkH0Ks+MgyY5087CpcUiTFngvg0B0uiaZ/w
+y0TqMrhLAy0ITd2AO0WnGgCWe58WRE+6e9qUKrYYRpFBI0LSDgFnEZDA2dbVMap
65U2/LM3KQNCadYkXH8nBj28wLsdnRBFEAENlIrbvaqRUf5/iGW5
-----END CERTIFICATE-----