Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UXZnB2vS5n8CteE4RlygTvY6_9I.roa
File:                     UXZnB2vS5n8CteE4RlygTvY6_9I.roa (raw, json)
Hash identifier:          BJaC8AqUx2y4WdrmDgvPewfj4zcda5C9VLtXSHx/VD4=
Subject key identifier:   51:76:67:07:6B:D2:E6:7F:02:B5:E1:38:46:5C:A0:4E:F6:3A:FF:D2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0198C15E15A437CEA25958A9FDF177AEB32B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UXZnB2vS5n8CteE4RlygTvY6_9I.roa
Signing time:             Tue 19 Aug 2025 08:07:05 +0000
ROA not before:           Tue 19 Aug 2025 08:07:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401163
IP address blocks:        82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:5e:15:a4:37:ce:a2:59:58:a9:fd:f1:77:ae:b3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 19 08:07:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=517667076bd2e67f02b5e138465ca04ef63affd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:28:f1:a0:8b:c3:13:1e:59:d8:37:ac:91:
                    d3:21:40:4f:dd:b1:74:38:3f:5f:bb:2f:a0:65:6b:
                    ad:87:9f:9d:a1:5a:34:2a:3b:16:85:06:bd:2e:a8:
                    30:28:d8:0e:2c:ab:34:76:4b:e8:a4:5b:af:f0:ba:
                    15:4d:7b:da:9c:46:3b:e9:30:26:f8:01:1d:80:cb:
                    25:e2:67:93:b2:53:d4:d8:ad:19:1d:b2:e5:65:25:
                    10:b7:4a:83:2f:5a:77:e7:4b:d0:94:d9:bf:18:8d:
                    08:b5:58:aa:a6:28:4d:0c:97:3c:cc:0a:b9:26:32:
                    9c:43:06:26:7a:6d:93:ae:1a:2b:18:ef:10:9a:7f:
                    2c:c3:01:04:48:88:07:7e:b7:d5:57:fc:d9:46:d8:
                    d8:70:d5:09:e0:57:c7:37:c3:42:78:fa:d8:97:4a:
                    d8:f9:3a:c8:68:1a:ef:42:a0:51:64:b3:30:fa:dd:
                    f0:c3:75:4d:3a:20:44:d1:75:48:d0:ee:05:1f:4f:
                    40:6c:0a:1b:58:9d:ec:aa:4f:73:dd:cc:9f:60:98:
                    f3:c1:36:83:30:e0:3a:da:07:41:7e:2b:e2:4f:a1:
                    21:be:4b:4f:de:73:88:fe:39:40:77:f9:e6:b9:16:
                    ab:9b:c8:fd:3d:a3:62:8f:bc:23:3c:cf:74:5d:5e:
                    e7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:76:67:07:6B:D2:E6:7F:02:B5:E1:38:46:5C:A0:4E:F6:3A:FF:D2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UXZnB2vS5n8CteE4RlygTvY6_9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:21:76:60:80:86:d7:19:1d:57:8b:86:e1:6a:df:77:16:da:
         10:86:11:75:2c:e8:4f:1f:94:d7:6c:0d:4e:b2:a4:ae:d9:37:
         8c:75:94:ba:5e:1a:66:28:0f:71:e0:69:2c:05:8b:fc:27:a3:
         ed:0e:b4:15:f7:e5:a4:03:c4:03:99:7d:17:07:1d:e4:c1:e5:
         f5:09:a5:39:c8:81:cf:c3:97:59:19:a0:68:25:82:5f:48:b0:
         32:a5:d0:71:e9:50:09:a1:46:6c:69:c3:c1:d8:d2:61:a2:f7:
         97:44:18:32:28:c9:1c:e8:3b:e8:a7:91:fb:de:77:bc:ed:b7:
         7a:65:fe:68:5e:f0:4a:40:f2:e6:f2:c1:73:dd:84:95:dd:19:
         de:01:73:d0:ea:47:06:1c:95:a3:17:c7:56:86:61:bd:6a:ff:
         c2:0e:44:e4:1d:11:e5:fa:b4:b9:1f:bf:c2:d0:e4:84:c8:5c:
         47:c2:25:86:75:65:8a:d8:da:45:a7:68:28:23:fe:54:ca:16:
         2f:1e:bc:ca:af:05:13:75:2b:6b:f4:2e:7e:b2:8f:e3:46:e8:
         ed:e9:e5:34:a8:2f:d4:6b:b4:94:4e:96:36:d4:fd:57:51:3f:
         9b:bc:61:90:2d:72:ba:dd:a2:99:b4:89:25:da:2f:58:e0:9e:
         9e:4f:7e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBXhWkN86iWVip/fF3rrMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE5MDgwNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTc2NjcwNzZiZDJlNjdmMDJiNWUxMzg0NjVjYTA0ZWY2M2FmZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz0o8aCLwxMeWdg3rJHTIUBP3bF0
OD9fuy+gZWuth5+doVo0KjsWhQa9LqgwKNgOLKs0dkvopFuv8LoVTXvanEY76TAm
+AEdgMsl4meTslPU2K0ZHbLlZSUQt0qDL1p350vQlNm/GI0ItViqpihNDJc8zAq5
JjKcQwYmem2TrhorGO8Qmn8swwEESIgHfrfVV/zZRtjYcNUJ4FfHN8NCePrYl0rY
+TrIaBrvQqBRZLMw+t3ww3VNOiBE0XVI0O4FH09AbAobWJ3sqk9z3cyfYJjzwTaD
MOA62gdBfiviT6EhvktP3nOI/jlAd/nmuRarm8j9PaNij7wjPM90XV7n1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFF2Zwdr0uZ/ArXhOEZcoE72Ov/SMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVVhabkIydlM1bjhDdGVFNFJseWdUdlk2XzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnzMA0G
CSqGSIb3DQEBCwUAA4IBAQCHIXZggIbXGR1Xi4bhat93FtoQhhF1LOhPH5TXbA1O
sqSu2TeMdZS6XhpmKA9x4GksBYv8J6PtDrQV9+WkA8QDmX0XBx3kweX1CaU5yIHP
w5dZGaBoJYJfSLAypdBx6VAJoUZsacPB2NJhoveXRBgyKMkc6Dvop5H73ne87bd6
Zf5oXvBKQPLm8sFz3YSV3RneAXPQ6kcGHJWjF8dWhmG9av/CDkTkHRHl+rS5H7/C
0OSEyFxHwiWGdWWK2NpFp2goI/5UyhYvHrzKrwUTdStr9C5+so/jRujt6eU0qC/U
a7SUTpY21P1XUT+bvGGQLXK63aKZtIkl2i9Y4J6eT36I
-----END CERTIFICATE-----