Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cKI8wKj093M1Z73Zn0J9RYvwuFk.roa
File:                     cKI8wKj093M1Z73Zn0J9RYvwuFk.roa (raw, json)
Hash identifier:          Ksl+xdBnsGWsaYO1e+WhA8udL5yPofheI6FABOUD94Y=
Subject key identifier:   70:A2:3C:C0:A8:F4:F7:73:35:67:BD:D9:9F:42:7D:45:8B:F0:B8:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196D344E9101FA7A26504EE7A7EDB18DFE2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cKI8wKj093M1Z73Zn0J9RYvwuFk.roa
Signing time:             Thu 15 May 2025 09:27:10 +0000
ROA not before:           Thu 15 May 2025 09:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        81.168.83.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          217.145.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:44:e9:10:1f:a7:a2:65:04:ee:7a:7e:db:18:df:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 15 09:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70a23cc0a8f4f7733567bdd99f427d458bf0b859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:51:d0:a3:7c:5b:7a:df:fa:69:f1:7d:f3:35:
                    e2:34:ac:a3:a9:e8:ea:09:62:2a:5a:ba:96:94:8c:
                    72:66:b6:2e:fd:2a:54:11:89:84:b4:a5:b2:e8:8e:
                    7f:d1:53:63:74:85:b4:cf:09:28:f1:15:76:5a:bb:
                    67:0c:d1:57:7b:cb:29:1f:4f:b3:27:ac:db:6e:d8:
                    1d:4c:45:1e:07:df:52:7a:78:c8:2b:a8:ff:a6:ee:
                    a4:bd:b7:da:f2:42:ae:56:1f:5d:48:f1:0a:0c:c9:
                    77:7b:4a:cd:e6:a4:0c:ab:46:f7:44:4a:b0:86:9d:
                    d0:d2:fb:21:f7:b9:b9:51:27:8d:ed:a5:3c:9b:d3:
                    aa:01:ed:73:6f:00:96:ea:7d:02:65:66:61:94:c9:
                    f9:28:97:03:f9:64:d2:1f:7d:e1:5c:42:c5:94:34:
                    1a:3e:a6:57:34:29:b9:39:28:20:53:c3:07:43:87:
                    57:f3:4c:9a:d7:f8:f8:85:eb:28:b1:ce:ad:ab:a5:
                    64:58:71:92:6e:c4:c1:4c:43:ab:7c:5e:91:42:d3:
                    08:91:ce:14:be:72:61:4a:3c:14:ba:48:71:a7:37:
                    4c:c8:c2:3f:ce:44:a2:1f:80:af:39:3b:a2:05:c9:
                    1b:4c:bd:b2:2d:ac:f4:69:9a:8d:bf:94:14:36:cb:
                    6b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A2:3C:C0:A8:F4:F7:73:35:67:BD:D9:9F:42:7D:45:8B:F0:B8:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cKI8wKj093M1Z73Zn0J9RYvwuFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  81.168.119.0/24
                  217.145.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:a8:17:ca:3b:7c:36:93:49:9c:a2:89:e0:c6:3a:0b:42:18:
         49:56:06:7f:d1:8d:36:48:b0:1c:6b:0a:93:02:c2:78:71:20:
         12:ea:93:43:56:ee:4f:93:29:08:19:cb:40:e0:cd:93:31:a5:
         e1:6a:c1:d4:2f:3c:72:3f:25:24:a7:5b:e6:b2:a9:c9:78:14:
         dc:a4:58:b3:42:24:48:54:50:d7:fd:5f:e8:12:99:35:7c:da:
         5a:17:ab:a8:73:61:d4:a9:5c:db:dd:45:b5:e5:a6:c5:f0:1a:
         9d:4e:19:e3:e9:61:96:62:a1:5d:41:dc:25:b2:84:c6:d3:3c:
         f5:b8:a1:8c:b7:39:6b:ca:46:22:87:3d:61:dc:3d:37:d9:e4:
         c5:d6:50:70:b6:4c:ec:1a:71:b9:f9:b2:da:a2:39:f0:5d:6d:
         60:37:b9:12:ce:a2:d2:bd:9b:e6:07:eb:4e:27:5d:dd:14:a2:
         3d:97:da:ab:44:a4:9f:54:da:95:04:03:2e:67:d9:59:f6:b1:
         04:b0:ad:72:d2:d6:9b:a9:55:bf:fa:b0:e6:4a:b4:cd:4b:4c:
         da:3d:19:df:a0:4a:62:5c:c5:53:43:08:af:45:12:33:48:31:
         01:53:f2:6a:5c:74:5e:12:91:88:2f:0d:94:a8:55:a9:b0:f4:
         cd:1f:c2:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbTROkQH6eiZQTuen7bGN/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTE1MDkyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGEyM2NjMGE4ZjRmNzczMzU2N2JkZDk5ZjQyN2Q0NThiZjBiODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlHQo3xbet/6afF98zXiNKyjqejq
CWIqWrqWlIxyZrYu/SpUEYmEtKWy6I5/0VNjdIW0zwko8RV2WrtnDNFXe8spH0+z
J6zbbtgdTEUeB99SenjIK6j/pu6kvbfa8kKuVh9dSPEKDMl3e0rN5qQMq0b3REqw
hp3Q0vsh97m5USeN7aU8m9OqAe1zbwCW6n0CZWZhlMn5KJcD+WTSH33hXELFlDQa
PqZXNCm5OSggU8MHQ4dX80ya1/j4hesosc6tq6VkWHGSbsTBTEOrfF6RQtMIkc4U
vnJhSjwUukhxpzdMyMI/zkSiH4CvOTuiBckbTL2yLaz0aZqNv5QUNstrGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHCiPMCo9PdzNWe92Z9CfUWL8LhZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0tJOHdLajA5M00xWjczWm4wSjlSWXZ3dUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUahTAwQA
Uah3AwQA2ZFJMA0GCSqGSIb3DQEBCwUAA4IBAQCqqBfKO3w2k0mcoongxjoLQhhJ
VgZ/0Y02SLAcawqTAsJ4cSAS6pNDVu5PkykIGctA4M2TMaXhasHULzxyPyUkp1vm
sqnJeBTcpFizQiRIVFDX/V/oEpk1fNpaF6uoc2HUqVzb3UW15abF8BqdThnj6WGW
YqFdQdwlsoTG0zz1uKGMtzlrykYihz1h3D032eTF1lBwtkzsGnG5+bLaojnwXW1g
N7kSzqLSvZvmB+tOJ13dFKI9l9qrRKSfVNqVBAMuZ9lZ9rEEsK1y0tabqVW/+rDm
SrTNS0zaPRnfoEpiXMVTQwivRRIzSDEBU/JqXHReEpGILw2UqFWpsPTNH8J9
-----END CERTIFICATE-----