Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ax0mPwKIZqaqqo1Qf6w-OG2zMjs.roa
File:                     Ax0mPwKIZqaqqo1Qf6w-OG2zMjs.roa (raw, json)
Hash identifier:          TSKb+XbecKjYII8q4CS3+lJRoU6m1dOAQmL9aK7+lF0=
Subject key identifier:   03:1D:26:3F:02:88:66:A6:AA:AA:8D:50:7F:AC:3E:38:6D:B3:32:3B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0198A94FFD3B9648888E7B9E104F6E6472C4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ax0mPwKIZqaqqo1Qf6w-OG2zMjs.roa
Signing time:             Thu 14 Aug 2025 16:00:48 +0000
ROA not before:           Thu 14 Aug 2025 16:00:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        82.153.180.0/24 maxlen: 24
                          109.176.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:4f:fd:3b:96:48:88:8e:7b:9e:10:4f:6e:64:72:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 14 16:00:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=031d263f028866a6aaaa8d507fac3e386db3323b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:58:3e:8b:69:0a:f5:44:3e:78:7b:9e:4f:d9:
                    0a:31:c9:70:53:bd:0b:32:a0:e8:30:36:db:7e:1f:
                    a1:49:51:c7:78:3d:d4:fd:f8:0c:9f:e8:b5:f3:43:
                    f4:a5:b1:bf:5f:a1:9f:b4:10:5d:65:1b:04:ed:f0:
                    9d:ec:62:fd:82:0a:cc:a0:e9:13:25:80:b9:b5:06:
                    5b:50:a1:ef:d8:27:71:46:db:2a:92:27:4a:7c:3f:
                    f9:d0:d1:54:66:7d:8e:85:f4:a6:24:dc:9d:e0:a6:
                    00:25:a1:5b:ec:a5:2d:3a:09:3d:28:ba:26:ea:bb:
                    c2:00:95:fe:3e:33:90:9b:e1:bd:db:d9:7d:f5:c1:
                    33:94:81:a7:31:76:92:d2:84:16:fc:44:ef:d8:fa:
                    d6:7d:9b:6a:68:57:0a:62:65:cf:d1:b6:f9:09:e0:
                    6b:9d:15:05:bc:60:cc:cd:94:ab:7f:ff:1a:2e:54:
                    87:5b:95:b2:02:6d:2f:c6:e3:d7:7c:78:51:24:43:
                    a4:30:2b:6c:a0:23:ce:fd:f4:f9:d0:52:ba:a0:ef:
                    f9:54:a4:9c:4d:25:67:76:d1:b9:ea:e0:cf:4f:6c:
                    e7:6f:4a:11:32:4c:a1:4c:b6:40:ba:96:c0:39:87:
                    15:39:31:33:a4:11:4d:fd:5c:1a:cd:10:6c:91:5d:
                    0e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1D:26:3F:02:88:66:A6:AA:AA:8D:50:7F:AC:3E:38:6D:B3:32:3B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ax0mPwKIZqaqqo1Qf6w-OG2zMjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.180.0/24
                  109.176.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:11:b2:25:bf:aa:00:86:1e:bd:47:27:49:69:4b:66:fb:f2:
         c3:3b:ac:3e:3f:ae:24:4d:af:9c:b0:b3:65:77:35:e3:db:01:
         9d:40:c3:6c:56:b3:fa:30:26:1a:26:1b:3f:f6:5c:35:da:17:
         c5:87:91:00:29:13:4a:f7:97:94:1d:e0:0b:68:00:b8:73:71:
         80:83:5d:f9:f3:ee:d5:91:cb:ad:b2:69:e3:2e:cf:d8:91:b9:
         70:fe:c0:e3:f7:af:f6:17:61:ed:83:e7:f7:1c:0d:f8:a0:1a:
         be:99:49:dc:8c:29:2f:5f:5e:e7:c4:1b:9b:88:c7:d6:0d:14:
         3e:74:52:43:95:e3:ef:0f:7b:bd:17:40:47:49:1b:63:06:0c:
         78:73:16:96:06:6c:b5:6e:91:fe:95:c8:86:d5:af:dc:95:26:
         7e:44:11:a8:7b:a8:98:08:84:d7:87:a4:b7:f7:31:49:37:9c:
         99:54:cf:ea:e6:93:db:d7:79:a4:e5:28:1f:84:d7:cd:63:ab:
         d1:05:f6:01:38:88:b9:e3:76:07:0c:40:d9:e8:bb:64:bb:73:
         38:f6:ba:56:e5:8f:bf:5b:d9:a8:4e:37:b6:ad:c6:ba:3e:f0:
         b4:f9:8d:f7:66:91:09:e7:73:ae:69:14:db:90:02:c5:47:31:
         ba:c2:97:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZipT/07lkiIjnueEE9uZHLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE0MTYwMDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFkMjYzZjAyODg2NmE2YWFhYThkNTA3ZmFjM2UzODZkYjMzMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVg+i2kK9UQ+eHueT9kKMclwU70L
MqDoMDbbfh+hSVHHeD3U/fgMn+i180P0pbG/X6GftBBdZRsE7fCd7GL9ggrMoOkT
JYC5tQZbUKHv2CdxRtsqkidKfD/50NFUZn2OhfSmJNyd4KYAJaFb7KUtOgk9KLom
6rvCAJX+PjOQm+G929l99cEzlIGnMXaS0oQW/ETv2PrWfZtqaFcKYmXP0bb5CeBr
nRUFvGDMzZSrf/8aLlSHW5WyAm0vxuPXfHhRJEOkMCtsoCPO/fT50FK6oO/5VKSc
TSVndtG56uDPT2znb0oRMkyhTLZAupbAOYcVOTEzpBFN/VwazRBskV0OXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAMdJj8CiGamqqqNUH+sPjhtszI7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQXgwbVB3S0lacWFxcW8xUWY2dy1PRzJ6TWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpm0AwQA
bbBTMA0GCSqGSIb3DQEBCwUAA4IBAQAOEbIlv6oAhh69RydJaUtm+/LDO6w+P64k
Ta+csLNldzXj2wGdQMNsVrP6MCYaJhs/9lw12hfFh5EAKRNK95eUHeALaAC4c3GA
g1358+7VkcutsmnjLs/Ykblw/sDj96/2F2Htg+f3HA34oBq+mUncjCkvX17nxBub
iMfWDRQ+dFJDlePvD3u9F0BHSRtjBgx4cxaWBmy1bpH+lciG1a/clSZ+RBGoe6iY
CITXh6S39zFJN5yZVM/q5pPb13mk5SgfhNfNY6vRBfYBOIi543YHDEDZ6Ltku3M4
9rpW5Y+/W9moTje2rca6PvC0+Y33ZpEJ53OuaRTbkALFRzG6wpeB
-----END CERTIFICATE-----