Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SH3F63VKiZh-h5fkmjlDL5MOIno.roa
File:                     SH3F63VKiZh-h5fkmjlDL5MOIno.roa (raw, json)
Hash identifier:          J2ypIipv4a/W9Ld0g75Hrvs3NhC6Q1B569KBtBYN/fQ=
Subject key identifier:   48:7D:C5:EB:75:4A:89:98:7E:87:97:E4:9A:39:43:2F:93:0E:22:7A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019793494FB198B367A215F002A04DE9EF2B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SH3F63VKiZh-h5fkmjlDL5MOIno.roa
Signing time:             Sat 21 Jun 2025 16:19:04 +0000
ROA not before:           Sat 21 Jun 2025 16:19:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        89.213.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:93:49:4f:b1:98:b3:67:a2:15:f0:02:a0:4d:e9:ef:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 21 16:19:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=487dc5eb754a89987e8797e49a39432f930e227a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:69:85:eb:93:02:72:ea:a7:55:6e:56:32:cc:
                    57:c7:f2:46:78:0f:29:89:ae:f2:46:c8:9f:a8:f7:
                    87:87:31:c8:10:d6:79:8a:bc:aa:6b:fa:e2:1d:16:
                    1c:e0:fc:a4:11:1d:93:27:9f:26:58:08:fb:3e:a0:
                    1a:fa:19:66:96:d9:a6:a7:30:cc:67:b1:dc:2b:1c:
                    6f:05:21:14:5f:fd:a8:03:3b:d3:ce:3a:0d:dc:8c:
                    58:95:81:df:68:7a:56:54:1d:e0:6a:d8:5a:df:91:
                    00:ec:be:92:6c:2d:cc:b7:5a:46:15:85:3a:17:87:
                    2b:43:5d:85:71:aa:4a:5d:02:3a:a4:6d:ed:40:4f:
                    9b:bd:16:6c:81:c6:b9:d2:5e:d7:10:75:a5:24:a5:
                    db:d0:32:7e:8d:de:53:e8:09:cc:ab:e4:0b:0b:be:
                    b4:c8:d6:b2:7e:f2:6f:f1:9c:c2:25:d7:8c:c9:cf:
                    41:13:09:52:b5:0e:89:fc:55:84:21:6d:58:d2:92:
                    ce:70:06:b7:d5:84:ad:e7:52:9d:03:bd:2c:47:79:
                    14:b5:e9:54:cc:88:44:4f:b5:a4:e2:bf:94:c6:33:
                    de:8e:25:16:25:62:84:06:f1:9a:8a:15:e3:a5:19:
                    2e:fc:ce:85:11:66:a4:5c:1d:d2:47:d5:94:f3:79:
                    f1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7D:C5:EB:75:4A:89:98:7E:87:97:E4:9A:39:43:2F:93:0E:22:7A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SH3F63VKiZh-h5fkmjlDL5MOIno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:0b:fc:a8:02:f1:2b:38:82:aa:4b:20:53:84:a8:fd:5c:f3:
         5a:fb:81:d3:fa:76:6a:c1:3f:8f:cf:3b:df:69:e9:3b:25:4d:
         5f:64:f5:24:50:42:63:d2:46:dc:b7:82:27:70:2b:9b:61:92:
         09:cd:d3:ad:e5:7f:f9:39:7f:0f:3e:68:87:b7:99:06:c4:af:
         a1:89:4a:65:4f:5b:d4:15:e2:09:53:2e:72:1e:9e:fc:ae:6f:
         44:87:89:03:ac:d9:58:d4:9d:36:c1:6a:40:c7:0c:cb:ec:93:
         f8:77:ef:f0:16:ff:cc:c8:73:f2:11:98:f0:31:3d:5c:19:21:
         94:dc:b7:db:e3:8f:c0:1b:18:86:3a:b7:05:18:a9:ea:43:32:
         7b:b2:75:64:42:01:2a:59:1d:7e:d0:00:e4:9e:d7:a1:ca:07:
         1f:d5:26:66:81:40:35:7c:e3:f5:df:3a:84:c2:ce:47:c6:8d:
         bb:49:8d:e5:4c:56:0d:66:10:b2:7e:f2:c6:2d:34:82:4b:ee:
         b9:39:09:5f:42:92:2f:ed:17:c1:e5:48:bb:11:e5:b7:65:33:
         6c:9e:00:0a:51:1e:bd:53:b4:75:2b:f9:5b:4a:c2:5e:31:9c:
         09:00:88:d3:da:31:d4:e8:b4:d7:ca:fa:f2:21:06:4b:68:d1:
         b1:2b:70:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeTSU+xmLNnohXwAqBN6e8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjIxMTYxOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdkYzVlYjc1NGE4OTk4N2U4Nzk3ZTQ5YTM5NDMyZjkzMGUyMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGmF65MCcuqnVW5WMsxXx/JGeA8p
ia7yRsifqPeHhzHIENZ5iryqa/riHRYc4PykER2TJ58mWAj7PqAa+hlmltmmpzDM
Z7HcKxxvBSEUX/2oAzvTzjoN3IxYlYHfaHpWVB3gatha35EA7L6SbC3Mt1pGFYU6
F4crQ12FcapKXQI6pG3tQE+bvRZsgca50l7XEHWlJKXb0DJ+jd5T6AnMq+QLC760
yNayfvJv8ZzCJdeMyc9BEwlStQ6J/FWEIW1Y0pLOcAa31YSt51KdA70sR3kUtelU
zIhET7Wk4r+UxjPejiUWJWKEBvGaihXjpRku/M6FEWakXB3SR9WU83nxKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh9xet1SomYfoeX5Jo5Qy+TDiJ6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU0gzRjYzVktpWmgtaDVma21qbERMNU1PSW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdW/MA0G
CSqGSIb3DQEBCwUAA4IBAQCWC/yoAvErOIKqSyBThKj9XPNa+4HT+nZqwT+Pzzvf
aek7JU1fZPUkUEJj0kbct4IncCubYZIJzdOt5X/5OX8PPmiHt5kGxK+hiUplT1vU
FeIJUy5yHp78rm9Eh4kDrNlY1J02wWpAxwzL7JP4d+/wFv/MyHPyEZjwMT1cGSGU
3Lfb44/AGxiGOrcFGKnqQzJ7snVkQgEqWR1+0ADkntehygcf1SZmgUA1fOP13zqE
ws5Hxo27SY3lTFYNZhCyfvLGLTSCS+65OQlfQpIv7RfB5Ui7EeW3ZTNsngAKUR69
U7R1K/lbSsJeMZwJAIjT2jHU6LTXyvryIQZLaNGxK3BD
-----END CERTIFICATE-----