Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YRcZbTyRDNfV7kmAURPsL1-UpxI.roa
File:                     YRcZbTyRDNfV7kmAURPsL1-UpxI.roa (raw, json)
Hash identifier:          /Om2qACp2+PIHbsJtvDkFQnx/pMZXqECErKQzMtp0DA=
Subject key identifier:   61:17:19:6D:3C:91:0C:D7:D5:EE:49:80:51:13:EC:2F:5F:94:A7:12
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196B6D0F8CFAC778BCA7016F4693657D98C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YRcZbTyRDNfV7kmAURPsL1-UpxI.roa
Signing time:             Fri 09 May 2025 20:51:10 +0000
ROA not before:           Fri 09 May 2025 20:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9232
IP address blocks:        82.153.222.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
                          213.218.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:d0:f8:cf:ac:77:8b:ca:70:16:f4:69:36:57:d9:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  9 20:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6117196d3c910cd7d5ee49805113ec2f5f94a712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:80:be:5a:0e:36:72:7b:25:dc:8a:ea:71:09:
                    8d:cb:20:ef:20:34:6f:7a:34:16:63:93:12:7d:80:
                    0f:d5:8d:64:e2:20:5b:44:4a:7f:87:bc:0b:a7:e7:
                    c0:05:27:ed:25:e2:2c:65:9d:3b:00:19:ab:74:a2:
                    05:ef:a6:b0:96:43:4b:4e:27:94:09:86:23:d0:79:
                    cd:ee:e6:32:e2:27:d6:8b:cc:0a:7c:8c:12:0c:fa:
                    b7:d0:e5:bc:48:b9:fe:9c:16:f6:7a:48:b9:96:fc:
                    b0:1c:b1:b4:9d:3c:80:19:ed:35:91:0e:51:1f:90:
                    a4:94:56:81:1f:5b:59:d2:11:94:c0:e1:d0:f2:6a:
                    34:52:fe:ed:bc:56:ef:7a:b9:53:69:da:e0:88:e6:
                    e9:90:af:28:cc:85:0d:df:e2:02:25:16:98:c7:c3:
                    d3:75:43:9c:0f:7d:a0:4b:e4:a9:fc:2a:fb:19:9a:
                    88:85:97:e3:48:37:0d:ba:1a:2c:ee:42:08:b3:ac:
                    7b:25:28:c3:f5:67:af:cf:13:9e:f1:78:af:9f:14:
                    9d:39:8f:d3:8e:b9:2a:a4:da:83:c5:c2:85:19:80:
                    1b:6a:cb:a9:8e:07:66:22:c3:24:7b:9c:10:57:d7:
                    6c:16:48:3f:12:f5:ea:cd:9d:b8:ba:70:e3:38:69:
                    86:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:17:19:6D:3C:91:0C:D7:D5:EE:49:80:51:13:EC:2F:5F:94:A7:12
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YRcZbTyRDNfV7kmAURPsL1-UpxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.222.0/24
                  82.153.243.0/24
                  213.218.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:4d:b5:da:87:e8:b3:ef:64:70:23:b3:cb:d6:54:ff:d4:88:
         aa:9f:34:21:2c:d0:93:12:8c:40:fe:78:29:ce:a2:03:37:6b:
         41:6c:05:ec:df:e6:ca:d1:28:8c:b5:81:a0:46:62:c8:b2:a9:
         96:90:73:fb:0d:2a:4f:f5:cc:33:84:4c:21:12:04:eb:88:1e:
         ab:b0:8d:35:0b:30:28:1b:76:30:df:01:7f:92:47:aa:a1:97:
         aa:01:6f:52:70:d6:fd:b3:68:06:f6:80:cc:8b:00:8b:23:5b:
         f4:fe:42:70:22:7e:44:d2:39:27:c3:c8:30:86:88:b0:43:a2:
         ba:63:c2:aa:e8:12:09:e4:07:65:9c:39:cd:38:fb:fb:1f:15:
         b2:1b:ec:51:cf:fa:a5:68:c1:27:43:4e:25:ea:23:6c:03:8f:
         87:f0:2d:7b:28:1a:0b:6c:95:4d:12:7c:0f:4e:8f:ae:f1:4d:
         94:6b:6a:42:5f:88:28:74:eb:88:59:c5:91:96:b2:d7:d2:da:
         2f:f5:00:37:8e:27:41:aa:d2:58:c6:87:b7:7d:cd:86:7d:ea:
         34:8f:38:93:b2:1b:9b:8d:2f:30:ce:70:bb:8e:dc:36:68:16:
         c7:5a:82:5b:98:25:b2:ac:1d:bd:37:30:7d:16:15:dd:e2:66:
         7f:2c:1f:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZa20PjPrHeLynAW9Gk2V9mMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA5MjA1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTE3MTk2ZDNjOTEwY2Q3ZDVlZTQ5ODA1MTEzZWMyZjVmOTRhNzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYC+Wg42cnsl3IrqcQmNyyDvIDRv
ejQWY5MSfYAP1Y1k4iBbREp/h7wLp+fABSftJeIsZZ07ABmrdKIF76awlkNLTieU
CYYj0HnN7uYy4ifWi8wKfIwSDPq30OW8SLn+nBb2eki5lvywHLG0nTyAGe01kQ5R
H5CklFaBH1tZ0hGUwOHQ8mo0Uv7tvFbverlTadrgiObpkK8ozIUN3+ICJRaYx8PT
dUOcD32gS+Sp/Cr7GZqIhZfjSDcNuhos7kIIs6x7JSjD9WevzxOe8XivnxSdOY/T
jrkqpNqDxcKFGYAbasupjgdmIsMke5wQV9dsFkg/EvXqzZ24unDjOGmGPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGEXGW08kQzX1e5JgFET7C9flKcSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWVJjWmJUeVJETmZWN2ttQVVSUHNMMS1VcHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpneAwQA
UpnzAwQA1dr4MA0GCSqGSIb3DQEBCwUAA4IBAQBuTbXah+iz72RwI7PL1lT/1Iiq
nzQhLNCTEoxA/ngpzqIDN2tBbAXs3+bK0SiMtYGgRmLIsqmWkHP7DSpP9cwzhEwh
EgTriB6rsI01CzAoG3Yw3wF/kkeqoZeqAW9ScNb9s2gG9oDMiwCLI1v0/kJwIn5E
0jknw8gwhoiwQ6K6Y8Kq6BIJ5AdlnDnNOPv7HxWyG+xRz/qlaMEnQ04l6iNsA4+H
8C17KBoLbJVNEnwPTo+u8U2Ua2pCX4godOuIWcWRlrLX0tov9QA3jidBqtJYxoe3
fc2Gfeo0jziTshubjS8wznC7jtw2aBbHWoJbmCWyrB29NzB9FhXd4mZ/LB/l
-----END CERTIFICATE-----