Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_nIO_2YVxk_zeT6zwFiioDUFFc.roa
File:                     f_nIO_2YVxk_zeT6zwFiioDUFFc.roa (raw, json)
Hash identifier:          QobQoQCN9bABhRdO2WGODgXkqgZOikcxfJy5g/d8Mc0=
Subject key identifier:   7F:F9:C8:3B:FD:98:57:19:3F:CD:E4:FA:CF:01:62:8A:80:D4:14:57
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199CE23376E1B5E0828A3C85CE2DDD24282
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_nIO_2YVxk_zeT6zwFiioDUFFc.roa
Signing time:             Fri 10 Oct 2025 12:40:38 +0000
ROA not before:           Fri 10 Oct 2025 12:40:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        77.93.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:23:37:6e:1b:5e:08:28:a3:c8:5c:e2:dd:d2:42:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 10 12:40:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ff9c83bfd9857193fcde4facf01628a80d41457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a4:c9:b8:09:a1:e4:06:08:72:10:5c:a0:20:
                    dd:86:23:37:d7:06:d8:2f:2c:a9:09:82:23:03:a8:
                    9c:c7:5d:59:11:1f:07:99:ca:7a:d7:9c:a5:ba:4a:
                    8c:13:ac:fd:ff:82:9e:1b:86:74:6e:e8:00:a8:bf:
                    c2:96:1f:c7:e4:c4:fe:c1:2c:bf:29:c8:d9:de:4a:
                    46:29:16:93:d6:fc:fe:00:5f:13:8a:4b:5d:19:16:
                    94:cb:25:78:cd:f6:6a:65:72:ba:79:02:fe:76:31:
                    0f:c7:e0:66:08:11:c1:1f:a1:55:c4:c3:4d:49:4c:
                    e6:e3:4f:5a:c6:a2:6e:77:15:94:82:fd:06:c1:48:
                    d2:ce:26:10:0c:8c:4f:4b:ad:83:5d:83:a8:47:34:
                    73:05:ae:25:90:eb:d0:b2:de:b3:39:1e:6d:f9:fc:
                    dd:58:2d:56:10:db:38:9c:7a:7b:a7:a1:99:1e:06:
                    18:00:e2:13:ba:ad:a3:e1:53:45:56:74:f8:66:eb:
                    85:43:01:f7:a0:85:a0:8e:77:13:08:47:5f:98:5f:
                    82:a6:ff:ae:e9:9c:ff:fe:ec:85:03:07:de:b2:2a:
                    f7:7d:55:33:ee:64:47:2a:51:2d:0b:18:62:19:f0:
                    3e:ea:a9:75:ce:e6:8d:b3:5a:69:03:4f:f2:39:4c:
                    20:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F9:C8:3B:FD:98:57:19:3F:CD:E4:FA:CF:01:62:8A:80:D4:14:57
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_nIO_2YVxk_zeT6zwFiioDUFFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:34:b9:2b:1b:03:71:bc:45:43:06:76:2e:7d:1e:64:4e:43:
         c9:7f:e8:99:53:79:2d:c2:f6:4c:41:21:4f:49:8b:81:50:f1:
         74:a4:4d:8e:2e:c2:66:de:a1:21:31:84:61:06:f7:55:03:17:
         e4:2d:0a:30:2c:ba:2b:23:47:63:62:59:f1:06:fd:37:4e:38:
         fa:78:67:79:f1:ab:4e:27:da:ed:7b:70:29:ba:fa:47:b7:3b:
         fa:d8:c2:e8:87:65:5f:fd:99:a7:f6:a6:8d:2e:9a:b8:6e:83:
         10:1c:7d:3f:77:3d:66:b5:d8:a6:d3:e4:c7:da:b4:ee:1a:eb:
         55:d3:a0:32:e4:50:22:e1:ba:96:b4:c4:c4:54:27:ab:fc:53:
         67:bc:b2:65:47:e6:a9:52:75:1b:cc:7c:a4:ce:44:b6:aa:97:
         ba:21:63:2d:7e:3d:37:6f:10:4a:0d:86:49:be:ff:cb:e7:ac:
         d5:3b:2f:ec:5a:45:39:00:f4:ac:24:8c:25:a8:e7:c3:41:b7:
         94:13:ef:44:e6:da:99:2b:59:78:4e:b9:e2:92:54:3e:f2:17:
         5a:80:fb:a7:6d:c5:3b:3b:11:f9:db:a9:0f:fe:f3:fb:97:6a:
         93:c4:5e:11:bd:12:71:94:94:e5:01:fd:cf:4a:39:1d:c5:d1:
         c9:c8:3c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOIzduG14IKKPIXOLd0kKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDEwMTI0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY5YzgzYmZkOTg1NzE5M2ZjZGU0ZmFjZjAxNjI4YTgwZDQxNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqTJuAmh5AYIchBcoCDdhiM31wbY
LyypCYIjA6icx11ZER8Hmcp615ylukqME6z9/4KeG4Z0bugAqL/Clh/H5MT+wSy/
KcjZ3kpGKRaT1vz+AF8TiktdGRaUyyV4zfZqZXK6eQL+djEPx+BmCBHBH6FVxMNN
SUzm409axqJudxWUgv0GwUjSziYQDIxPS62DXYOoRzRzBa4lkOvQst6zOR5t+fzd
WC1WENs4nHp7p6GZHgYYAOITuq2j4VNFVnT4ZuuFQwH3oIWgjncTCEdfmF+Cpv+u
6Zz//uyFAwfesir3fVUz7mRHKlEtCxhiGfA+6ql1zuaNs1ppA0/yOUwg5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/5yDv9mFcZP83k+s8BYoqA1BRXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZl9uSU9fMllWeGtfemVUNnp3Rmlpb0RVRkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2OMA0G
CSqGSIb3DQEBCwUAA4IBAQCXNLkrGwNxvEVDBnYufR5kTkPJf+iZU3ktwvZMQSFP
SYuBUPF0pE2OLsJm3qEhMYRhBvdVAxfkLQowLLorI0djYlnxBv03Tjj6eGd58atO
J9rte3ApuvpHtzv62MLoh2Vf/Zmn9qaNLpq4boMQHH0/dz1mtdim0+TH2rTuGutV
06Ay5FAi4bqWtMTEVCer/FNnvLJlR+apUnUbzHykzkS2qpe6IWMtfj03bxBKDYZJ
vv/L56zVOy/sWkU5APSsJIwlqOfDQbeUE+9E5tqZK1l4TrniklQ+8hdagPunbcU7
OxH526kP/vP7l2qTxF4RvRJxlJTlAf3PSjkdxdHJyDx4
-----END CERTIFICATE-----