Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hWl0eFuNqh1hbtDNxCXOhCfCsHs.roa
File:                     hWl0eFuNqh1hbtDNxCXOhCfCsHs.roa (raw, json)
Hash identifier:          8i9uDlMsDt0bc0PyREaldbSofP+vWKw1q0RefU/OC0M=
Subject key identifier:   85:69:74:78:5B:8D:AA:1D:61:6E:D0:CD:C4:25:CE:84:27:C2:B0:7B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199CE2338F64F31779603CBE5CA35CAD120
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hWl0eFuNqh1hbtDNxCXOhCfCsHs.roa
Signing time:             Fri 10 Oct 2025 12:40:38 +0000
ROA not before:           Fri 10 Oct 2025 12:40:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        77.93.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:23:38:f6:4f:31:77:96:03:cb:e5:ca:35:ca:d1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 10 12:40:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=856974785b8daa1d616ed0cdc425ce8427c2b07b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:55:a3:b7:47:68:6f:14:92:fd:e4:64:be:29:
                    57:b6:f3:18:3a:90:50:cb:c7:a9:ab:7d:9e:a6:76:
                    9a:3a:35:e1:57:63:68:e5:ca:a0:11:59:1d:be:7f:
                    ef:4f:f2:43:08:9f:ae:a6:54:4e:c7:76:34:86:e7:
                    a4:7d:c2:e9:2c:96:0f:85:d9:cf:8d:22:70:79:07:
                    20:8d:3e:f1:d1:02:1a:58:19:c3:3e:6a:61:ba:ea:
                    8e:a1:8f:63:03:80:db:c8:7c:16:c7:b4:8d:36:27:
                    62:97:b4:36:59:5d:3b:7f:e9:17:f3:cb:a6:97:6f:
                    91:58:27:9c:5f:77:f6:88:7f:59:07:64:68:d1:1c:
                    1e:8c:60:52:df:d3:71:fe:af:1e:0f:e4:a5:db:9f:
                    9b:54:6e:28:ac:a7:a6:ed:c3:01:df:3a:6a:84:e3:
                    06:fe:56:3c:0e:e5:c3:85:70:2b:13:5a:bd:7b:7f:
                    7e:17:4a:2c:89:24:85:33:75:10:a7:2a:19:3e:c3:
                    09:9b:cb:b2:11:ca:c3:00:7d:e1:c1:b7:7b:52:4a:
                    62:b7:60:81:0f:3e:73:9c:32:3c:fa:ac:5b:fb:17:
                    9a:5f:ff:ff:f3:b1:a4:f9:7f:f0:7e:f6:85:ef:cb:
                    91:d0:f2:73:1e:6b:d2:32:22:f3:a3:31:28:a6:81:
                    98:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:69:74:78:5B:8D:AA:1D:61:6E:D0:CD:C4:25:CE:84:27:C2:B0:7B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hWl0eFuNqh1hbtDNxCXOhCfCsHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:dd:c7:0c:44:89:4e:5d:a3:e3:fe:7c:b6:31:57:c6:c0:62:
         4f:35:b8:b8:55:1c:ba:80:2c:6f:da:de:08:e5:72:89:79:e4:
         11:95:59:dc:13:b6:81:22:1a:55:b1:de:3d:8b:d8:08:89:e9:
         cb:22:41:c0:49:13:d9:b9:c0:8f:3b:58:82:a1:78:b7:01:f3:
         f3:a3:82:1c:4e:6d:19:01:c2:50:9a:20:50:8d:a9:18:2f:b2:
         42:b8:b0:cd:a2:6b:7b:ac:37:55:fc:15:75:9e:bd:76:db:1f:
         7c:d9:63:c8:59:e4:a6:80:b6:9e:8f:55:14:83:7b:1c:cd:46:
         1e:e0:93:ff:b5:fa:f0:de:36:42:75:3e:29:13:66:44:ef:fa:
         d7:59:4e:fd:9e:3b:1b:a6:ef:eb:45:cd:39:fa:58:36:e6:0f:
         e0:5e:21:c1:e5:7c:96:03:dc:50:40:d4:1d:a2:68:5c:e5:10:
         8d:db:42:2b:8e:77:ef:ee:a9:a2:05:cb:22:3c:c2:3d:f3:05:
         a2:88:69:b1:7a:7d:e7:34:81:bc:8e:3f:60:24:1e:c6:0d:14:
         c3:3b:35:63:cc:bc:7e:16:ad:f6:af:e5:c5:0a:ca:25:9c:38:
         1c:43:73:71:ff:cf:a9:41:1e:a9:37:dd:c6:dd:c7:c0:5d:19:
         03:d1:5d:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOIzj2TzF3lgPL5co1ytEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDEwMTI0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTY5NzQ3ODViOGRhYTFkNjE2ZWQwY2RjNDI1Y2U4NDI3YzJiMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFWjt0dobxSS/eRkvilXtvMYOpBQ
y8epq32epnaaOjXhV2No5cqgEVkdvn/vT/JDCJ+uplROx3Y0huekfcLpLJYPhdnP
jSJweQcgjT7x0QIaWBnDPmphuuqOoY9jA4DbyHwWx7SNNidil7Q2WV07f+kX88um
l2+RWCecX3f2iH9ZB2Ro0RwejGBS39Nx/q8eD+Sl25+bVG4orKem7cMB3zpqhOMG
/lY8DuXDhXArE1q9e39+F0osiSSFM3UQpyoZPsMJm8uyEcrDAH3hwbd7Ukpit2CB
Dz5znDI8+qxb+xeaX///87Gk+X/wfvaF78uR0PJzHmvSMiLzozEopoGYFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVpdHhbjaodYW7QzcQlzoQnwrB7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaFdsMGVGdU5xaDFoYnRETnhDWE9oQ2ZDc0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2OMA0G
CSqGSIb3DQEBCwUAA4IBAQCk3ccMRIlOXaPj/ny2MVfGwGJPNbi4VRy6gCxv2t4I
5XKJeeQRlVncE7aBIhpVsd49i9gIienLIkHASRPZucCPO1iCoXi3AfPzo4IcTm0Z
AcJQmiBQjakYL7JCuLDNomt7rDdV/BV1nr122x982WPIWeSmgLaej1UUg3sczUYe
4JP/tfrw3jZCdT4pE2ZE7/rXWU79njsbpu/rRc05+lg25g/gXiHB5XyWA9xQQNQd
omhc5RCN20Irjnfv7qmiBcsiPMI98wWiiGmxen3nNIG8jj9gJB7GDRTDOzVjzLx+
Fq32r+XFCsolnDgcQ3Nx/8+pQR6pN93G3cfAXRkD0V2l
-----END CERTIFICATE-----