Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/8lOaqtsjMmULUhV5yRWoYjJ1trY.roa
File:                     8lOaqtsjMmULUhV5yRWoYjJ1trY.roa (raw, json)
Hash identifier:          jysyQu1rsVLf4s/iTj5T9Bz/5UbDn6huVCMVFZ0JofQ=
Subject key identifier:   F2:53:9A:AA:DB:23:32:65:0B:52:15:79:C9:15:A8:62:32:75:B6:B6
Certificate issuer:       /CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
Certificate serial:       0199729EA52CA6A9FB638AD2755AF04956AF
Authority key identifier: A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/8lOaqtsjMmULUhV5yRWoYjJ1trY.roa
Signing time:             Mon 22 Sep 2025 18:10:23 +0000
ROA not before:           Mon 22 Sep 2025 18:10:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35511
IP address blocks:        87.248.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:9e:a5:2c:a6:a9:fb:63:8a:d2:75:5a:f0:49:56:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
        Validity
            Not Before: Sep 22 18:10:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2539aaadb2332650b521579c915a8623275b6b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:01:b5:53:8b:b1:f0:e9:64:5a:f1:56:9d:f0:
                    0c:ef:51:91:28:eb:b6:7c:15:a6:25:0d:a8:ee:00:
                    2c:a9:21:9b:8d:3b:af:1a:97:4a:e7:13:3b:68:85:
                    74:a3:96:d9:a4:67:48:1b:2a:74:19:35:95:cb:29:
                    a9:ae:16:0f:83:5e:65:4a:55:b8:43:37:30:3a:93:
                    52:16:f0:22:20:8a:94:6c:6c:1c:a2:d6:e4:5b:36:
                    79:82:b6:36:2e:08:97:03:43:cd:2e:a5:09:e1:f2:
                    e1:7f:61:82:a8:24:23:66:22:ad:5b:27:90:72:dd:
                    3a:e2:87:b5:0b:7f:01:bc:c6:d6:e9:e3:f8:01:81:
                    3a:71:b3:5e:c0:bc:88:e2:b8:81:c2:f5:60:8b:38:
                    44:75:f2:dd:4c:67:dc:d2:73:b8:4c:a1:61:74:6e:
                    aa:81:ae:7c:ab:2e:0c:db:9d:94:e6:8e:ca:ba:ce:
                    93:27:1b:2c:ca:cf:1f:9b:23:ca:17:3f:6b:83:f3:
                    ef:32:dc:aa:c5:77:e8:4f:72:c4:6c:0c:68:77:52:
                    98:99:dd:c1:62:07:72:c8:89:bc:a4:fd:92:fc:d8:
                    d9:b9:b7:a5:89:9a:e2:cc:c6:31:3b:57:9c:b6:1f:
                    7f:46:d2:86:a0:77:99:c6:4e:86:b3:3d:af:68:0b:
                    ae:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:53:9A:AA:DB:23:32:65:0B:52:15:79:C9:15:A8:62:32:75:B6:B6
            X509v3 Authority Key Identifier:
                keyid:A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/8lOaqtsjMmULUhV5yRWoYjJ1trY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         32:e2:c0:34:63:b2:b8:82:2c:4f:ce:17:bf:86:f5:cf:e3:be:
         f1:aa:52:23:51:ec:79:d7:ee:cd:2a:86:69:0d:5e:8a:d0:53:
         a6:86:bb:5a:0e:29:f1:21:4e:6e:90:98:32:be:ac:0c:a9:ca:
         cd:90:45:42:20:32:33:ef:b9:4f:ed:75:e0:da:0e:9d:57:b6:
         98:fa:85:90:25:8d:73:1d:c1:0a:a5:a2:9c:42:72:a5:f4:d5:
         78:ce:98:87:a2:fb:36:93:0c:dc:59:cb:b8:96:7f:20:ad:70:
         10:5b:8f:b7:cf:c9:09:b5:5e:20:70:be:f1:69:54:a7:34:6a:
         dc:e8:36:6b:bd:d7:20:20:fd:c1:a3:fe:e5:98:29:6c:ec:83:
         00:ad:87:06:73:d1:33:0e:aa:dd:72:7e:8f:fc:2c:87:10:d1:
         75:6c:3b:49:13:2d:95:6f:b2:23:aa:4c:5b:c5:8f:52:66:44:
         f7:dc:ee:e3:72:6a:8d:7e:6a:40:61:e9:59:1e:42:3f:7f:5d:
         8d:37:e3:ea:f8:11:e7:93:98:12:a2:1c:6b:78:17:b4:f5:fd:
         ce:5f:4d:d3:f5:29:77:db:6a:47:16:c0:0e:7f:14:eb:c6:9e:
         38:94:85:db:e7:75:5e:a2:de:c7:b1:d2:f2:63:42:7e:1e:55:
         57:d4:1b:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlynqUspqn7Y4rSdVrwSVavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc5YmY0YzYyN2Q4NWZlZTJjZTEzYTUzYzQ0ODUxYjlk
ZjA1NjMwHhcNMjUwOTIyMTgxMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjUzOWFhYWRiMjMzMjY1MGI1MjE1NzljOTE1YTg2MjMyNzViNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wG1U4ux8OlkWvFWnfAM71GRKOu2
fBWmJQ2o7gAsqSGbjTuvGpdK5xM7aIV0o5bZpGdIGyp0GTWVyymprhYPg15lSlW4
QzcwOpNSFvAiIIqUbGwcotbkWzZ5grY2LgiXA0PNLqUJ4fLhf2GCqCQjZiKtWyeQ
ct064oe1C38BvMbW6eP4AYE6cbNewLyI4riBwvVgizhEdfLdTGfc0nO4TKFhdG6q
ga58qy4M252U5o7Kus6TJxssys8fmyPKFz9rg/PvMtyqxXfoT3LEbAxod1KYmd3B
YgdyyIm8pP2S/NjZubeliZrizMYxO1ecth9/RtKGoHeZxk6Gsz2vaAuucwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJTmqrbIzJlC1IVeckVqGIydba2MB8GA1UdIwQY
MBaAFKNnm/TGJ9hf7izhOlPESFG53wVjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjct
NTU2NzI2MzRjYmMxLzEvOGxPYXF0c2pNbVVMVWhWNXlSV29ZakoxdHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjctNTU2NzI2MzRjYmMx
LzEvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFV/jgMA0G
CSqGSIb3DQEBCwUAA4IBAQAy4sA0Y7K4gixPzhe/hvXP477xqlIjUex51+7NKoZp
DV6K0FOmhrtaDinxIU5ukJgyvqwMqcrNkEVCIDIz77lP7XXg2g6dV7aY+oWQJY1z
HcEKpaKcQnKl9NV4zpiHovs2kwzcWcu4ln8grXAQW4+3z8kJtV4gcL7xaVSnNGrc
6DZrvdcgIP3Bo/7lmCls7IMArYcGc9EzDqrdcn6P/CyHENF1bDtJEy2Vb7Ijqkxb
xY9SZkT33O7jcmqNfmpAYelZHkI/f12NN+Pq+BHnk5gSohxreBe09f3OX03T9Sl3
22pHFsAOfxTrxp44lIXb53Veot7HsdLyY0J+HlVX1Bsy
-----END CERTIFICATE-----