Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YgzXzlKcDoB-FqdEHCVtnTnxCHY.roa
File:                     YgzXzlKcDoB-FqdEHCVtnTnxCHY.roa (raw, json)
Hash identifier:          gCGkB/YbULTNIn7vGcUXZRbXOePK5Xh8Gi6GDoQPEuc=
Subject key identifier:   62:0C:D7:CE:52:9C:0E:80:7E:16:A7:44:1C:25:6D:9D:39:F1:08:76
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0198A7EE3E5AC74E5D1611EE3B6033EB6AD0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YgzXzlKcDoB-FqdEHCVtnTnxCHY.roa
Signing time:             Thu 14 Aug 2025 09:34:25 +0000
ROA not before:           Thu 14 Aug 2025 09:34:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199432
IP address blocks:        82.163.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:ee:3e:5a:c7:4e:5d:16:11:ee:3b:60:33:eb:6a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 14 09:34:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=620cd7ce529c0e807e16a7441c256d9d39f10876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:90:09:84:d5:ee:ab:86:e1:b0:55:40:03:58:
                    66:29:a0:ea:bd:21:89:46:d2:68:b1:ac:25:68:ef:
                    cc:4e:4f:0f:bd:d9:5b:58:5e:59:7a:0e:f8:a2:c9:
                    19:6a:e5:c0:3e:b4:75:7f:94:d9:25:3a:5c:c5:0c:
                    b2:49:61:de:65:14:70:28:38:94:6e:8d:82:81:71:
                    59:a5:49:08:33:2f:bd:48:e6:e7:36:37:b9:4f:28:
                    1f:6a:69:8a:8a:52:fd:52:9d:d7:12:e9:f5:c3:01:
                    fa:bb:ef:59:84:ac:42:ef:dd:01:cd:b0:ac:9e:b2:
                    69:e8:1d:0a:d7:f1:ba:6e:30:ae:32:fb:ad:f0:0c:
                    e8:1c:bf:9a:2a:74:71:a7:25:76:7a:d6:96:1c:cf:
                    b9:17:13:fc:9f:9f:fa:36:c5:eb:0b:aa:48:e2:69:
                    80:46:a7:f1:f3:d0:db:45:ff:0b:99:7b:f6:f7:9d:
                    c5:60:9a:0f:25:66:26:a7:63:82:ed:88:45:2e:81:
                    18:4b:ae:b0:8d:56:ed:00:8e:cd:35:8f:1f:32:a4:
                    86:28:61:ba:c9:cf:88:b5:a5:32:33:b1:ae:5e:19:
                    3c:55:d9:4d:f3:a2:af:c3:6e:6a:ae:43:0c:62:43:
                    b5:3c:e7:28:e5:6e:5b:1a:74:4b:f3:50:d3:4d:b2:
                    54:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0C:D7:CE:52:9C:0E:80:7E:16:A7:44:1C:25:6D:9D:39:F1:08:76
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YgzXzlKcDoB-FqdEHCVtnTnxCHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:dc:61:f6:06:05:44:ba:f7:fe:3a:ed:07:76:4c:62:09:76:
         67:6e:72:54:f5:00:f5:3c:54:38:8a:38:aa:0d:e6:c7:c7:e0:
         26:ff:fb:00:dc:5b:99:fe:6a:9c:e8:66:12:3c:7d:31:47:fc:
         cd:53:9b:76:78:ea:af:55:41:4f:03:b6:3d:b0:99:ad:00:08:
         a1:4a:95:2f:c1:7c:20:f4:c6:95:be:fc:d7:72:96:50:0b:de:
         4a:64:b7:eb:89:d6:31:fd:59:c4:75:7a:ac:3e:52:a9:11:5f:
         57:3d:cf:e9:f2:63:2f:84:1c:4e:4c:b4:78:97:89:22:b2:11:
         39:48:03:54:df:d1:10:c8:b1:50:4b:f9:c0:47:52:71:3b:00:
         39:bd:3c:ed:bd:d9:01:52:75:c2:56:d1:4e:1c:fb:3a:91:1f:
         97:49:df:63:52:8a:9b:3a:69:e8:9a:c0:cf:ac:85:7f:e4:0a:
         df:de:85:79:bc:ca:34:d0:70:d7:ac:ea:e5:a9:95:29:c2:a1:
         35:db:23:73:39:dc:2b:7f:b5:55:26:d8:c8:db:0b:a8:f2:20:
         40:25:69:a7:e9:22:eb:48:f8:01:1b:b1:5f:03:de:ab:87:45:
         02:b3:4c:49:1c:63:d1:20:bd:e6:52:39:c7:8c:4d:e5:18:b4:
         ca:84:ce:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZin7j5ax05dFhHuO2Az62rQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE0MDkzNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBjZDdjZTUyOWMwZTgwN2UxNmE3NDQxYzI1NmQ5ZDM5ZjEwODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JAJhNXuq4bhsFVAA1hmKaDqvSGJ
RtJosawlaO/MTk8PvdlbWF5Zeg74oskZauXAPrR1f5TZJTpcxQyySWHeZRRwKDiU
bo2CgXFZpUkIMy+9SObnNje5TygfammKilL9Up3XEun1wwH6u+9ZhKxC790BzbCs
nrJp6B0K1/G6bjCuMvut8AzoHL+aKnRxpyV2etaWHM+5FxP8n5/6NsXrC6pI4mmA
Rqfx89DbRf8LmXv2953FYJoPJWYmp2OC7YhFLoEYS66wjVbtAI7NNY8fMqSGKGG6
yc+ItaUyM7GuXhk8VdlN86Kvw25qrkMMYkO1POco5W5bGnRL81DTTbJUswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIM185SnA6AfhanRBwlbZ058Qh2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWWd6WHpsS2NEb0ItRnFkRUhDVnRuVG54Q0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUqMPMA0G
CSqGSIb3DQEBCwUAA4IBAQAR3GH2BgVEuvf+Ou0HdkxiCXZnbnJU9QD1PFQ4ijiq
DebHx+Am//sA3FuZ/mqc6GYSPH0xR/zNU5t2eOqvVUFPA7Y9sJmtAAihSpUvwXwg
9MaVvvzXcpZQC95KZLfridYx/VnEdXqsPlKpEV9XPc/p8mMvhBxOTLR4l4kishE5
SANU39EQyLFQS/nAR1JxOwA5vTztvdkBUnXCVtFOHPs6kR+XSd9jUoqbOmnomsDP
rIV/5Arf3oV5vMo00HDXrOrlqZUpwqE12yNzOdwrf7VVJtjI2wuo8iBAJWmn6SLr
SPgBG7FfA96rh0UCs0xJHGPRIL3mUjnHjE3lGLTKhM5w
-----END CERTIFICATE-----