Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HJ8-v-0-8OAj98tuYldW1YVDNco.roa
File:                     HJ8-v-0-8OAj98tuYldW1YVDNco.roa (raw, json)
Hash identifier:          yYqIp6j6Z82qnzRnCrJeNemu3kz//LPNV1Iq5sq9oKg=
Subject key identifier:   1C:9F:3E:BF:ED:3E:F0:E0:23:F7:CB:6E:62:57:56:D5:85:43:35:CA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019885356411C45E24D132666DBA851C1341
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HJ8-v-0-8OAj98tuYldW1YVDNco.roa
Signing time:             Thu 07 Aug 2025 15:45:25 +0000
ROA not before:           Thu 07 Aug 2025 15:45:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215703
IP address blocks:        89.213.44.0/24 maxlen: 24
                          109.176.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:35:64:11:c4:5e:24:d1:32:66:6d:ba:85:1c:13:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  7 15:45:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c9f3ebfed3ef0e023f7cb6e625756d5854335ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:86:c5:76:db:cb:38:3e:62:2e:64:f9:0d:d0:
                    20:9d:c3:b2:1c:36:44:fc:bb:9d:19:19:ee:5c:d0:
                    71:2c:50:30:d7:a5:54:c5:1f:7e:53:2c:0c:57:38:
                    e1:08:23:13:cb:48:99:b2:82:ae:25:2c:eb:62:f2:
                    3b:5e:9d:2d:ce:78:33:24:06:42:be:dd:d9:ed:56:
                    21:d0:d1:c3:c0:89:7c:45:dd:4c:5c:93:3a:6d:28:
                    8e:98:3c:8e:e9:29:f6:b5:51:d4:52:20:01:39:2d:
                    81:76:f8:49:53:76:1b:f0:79:21:35:8c:62:05:88:
                    4e:d1:32:53:27:d3:c4:05:a4:c3:b8:67:5b:1c:33:
                    d7:03:89:1a:23:ec:b0:38:1b:4f:28:21:99:16:80:
                    bd:d8:b8:ca:c1:07:f0:1c:73:4c:d7:fd:72:2a:e4:
                    80:9c:d0:2c:6b:92:bf:b4:41:5c:d9:9f:26:96:3d:
                    fb:cc:ab:8d:31:50:64:f4:1c:e4:27:c5:22:9c:e5:
                    45:78:e2:d1:33:b7:8a:61:b6:8d:1c:e2:ae:83:8c:
                    c1:37:99:1e:5e:2d:f8:a2:8c:f8:97:1a:7d:6e:b0:
                    a7:41:7f:85:fc:a7:f8:04:e4:c2:38:3c:e5:a0:d1:
                    4c:b6:1b:43:1f:79:a5:84:1d:a0:7e:84:9d:ac:72:
                    4f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9F:3E:BF:ED:3E:F0:E0:23:F7:CB:6E:62:57:56:D5:85:43:35:CA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HJ8-v-0-8OAj98tuYldW1YVDNco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.44.0/24
                  109.176.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:2b:a4:65:4d:4c:e5:03:c1:aa:f1:04:07:c6:8c:b1:ca:5a:
         b2:d1:bf:8e:f1:04:49:ca:8b:87:60:e5:b9:ba:45:8e:c2:b4:
         b6:1a:fe:34:ea:d9:09:b7:5e:17:5a:14:52:13:15:9e:7d:e0:
         68:b2:c9:1d:f3:5f:07:33:d2:dd:57:95:d7:7e:95:05:86:c7:
         76:bf:a7:21:21:7e:6d:8a:dd:ea:c4:16:dd:58:8c:d0:3d:4d:
         55:8b:0c:ab:a5:01:3c:25:9b:54:85:79:99:26:9f:b5:5c:36:
         7f:f4:02:d1:f9:49:db:a3:45:ab:88:ef:88:2e:1d:c7:ac:eb:
         a7:62:93:3f:3d:eb:43:96:92:0c:07:10:fc:0f:d3:31:16:3e:
         9f:da:28:c9:27:ba:e3:e0:86:56:d3:96:ec:31:02:8c:d0:ef:
         df:e6:cb:40:c5:12:cb:26:a3:af:2b:21:ca:a7:01:e6:18:7a:
         28:45:7a:9f:7d:e7:90:c1:6f:7a:c6:ea:9b:70:80:dd:59:69:
         ff:da:25:9a:1a:7c:c4:78:4d:66:b9:ea:25:4d:aa:f5:41:86:
         71:71:1b:fe:97:42:f2:87:f8:1e:6a:6b:bb:7f:33:4f:ca:a3:
         2f:6e:b7:3e:40:82:f6:41:f8:fb:a4:51:94:99:9e:da:7d:d1:
         d5:ac:25:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiFNWQRxF4k0TJmbbqFHBNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODA3MTU0NTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzlmM2ViZmVkM2VmMGUwMjNmN2NiNmU2MjU3NTZkNTg1NDMzNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IbFdtvLOD5iLmT5DdAgncOyHDZE
/LudGRnuXNBxLFAw16VUxR9+UywMVzjhCCMTy0iZsoKuJSzrYvI7Xp0tzngzJAZC
vt3Z7VYh0NHDwIl8Rd1MXJM6bSiOmDyO6Sn2tVHUUiABOS2BdvhJU3Yb8HkhNYxi
BYhO0TJTJ9PEBaTDuGdbHDPXA4kaI+ywOBtPKCGZFoC92LjKwQfwHHNM1/1yKuSA
nNAsa5K/tEFc2Z8mlj37zKuNMVBk9BzkJ8UinOVFeOLRM7eKYbaNHOKug4zBN5ke
Xi34ooz4lxp9brCnQX+F/Kf4BOTCODzloNFMthtDH3mlhB2gfoSdrHJPCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFByfPr/tPvDgI/fLbmJXVtWFQzXKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSEo4LXYtMC04T0FqOTh0dVlsZFcxWVZETmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdUsAwQA
bbDlMA0GCSqGSIb3DQEBCwUAA4IBAQAHK6RlTUzlA8Gq8QQHxoyxylqy0b+O8QRJ
youHYOW5ukWOwrS2Gv406tkJt14XWhRSExWefeBosskd818HM9LdV5XXfpUFhsd2
v6chIX5tit3qxBbdWIzQPU1ViwyrpQE8JZtUhXmZJp+1XDZ/9ALR+Unbo0WriO+I
Lh3HrOunYpM/PetDlpIMBxD8D9MxFj6f2ijJJ7rj4IZW05bsMQKM0O/f5stAxRLL
JqOvKyHKpwHmGHooRXqffeeQwW96xuqbcIDdWWn/2iWaGnzEeE1mueolTar1QYZx
cRv+l0Lyh/geamu7fzNPyqMvbrc+QIL2Qfj7pFGUmZ7afdHVrCUp
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:02:22 2025 by rpki-client