Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lDv9hqtconngAMESX8Dmsc_peZ4.roa
File:                     lDv9hqtconngAMESX8Dmsc_peZ4.roa (raw, json)
Hash identifier:          WnemQqDOnNU0GxO0TBrnpS11EVFLbuzwsjwz6NSN/9k=
Subject key identifier:   94:3B:FD:86:AB:5C:A2:79:E0:00:C1:12:5F:C0:E6:B1:CF:E9:79:9E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199F1B909AF9C5FAABB65C43C29961B7679
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lDv9hqtconngAMESX8Dmsc_peZ4.roa
Signing time:             Fri 17 Oct 2025 10:30:59 +0000
ROA not before:           Fri 17 Oct 2025 10:30:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        212.38.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:b9:09:af:9c:5f:aa:bb:65:c4:3c:29:96:1b:76:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 17 10:30:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=943bfd86ab5ca279e000c1125fc0e6b1cfe9799e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:39:ea:52:12:17:5d:9e:e1:35:9d:7b:47:7c:
                    ce:6e:ff:a2:dd:b2:7c:64:8a:5f:76:c7:f9:1d:1d:
                    0f:07:8f:ec:cc:ae:d6:c8:4d:37:28:31:a9:77:9e:
                    08:6e:8a:58:c2:43:89:ee:d5:5c:d5:40:43:ae:a3:
                    33:d1:3e:b4:57:02:6e:f4:54:7f:3b:db:e1:2e:7a:
                    c4:75:4b:21:46:cc:56:49:57:b5:4e:81:cd:bc:57:
                    c9:c5:6c:b0:36:9a:c0:e9:20:e8:04:73:df:61:e2:
                    d2:10:e3:2a:eb:5b:5c:d3:69:de:24:bb:63:c3:3f:
                    91:66:cc:e0:0b:c9:ab:06:e1:ba:38:41:bc:52:05:
                    3e:ed:87:a9:ad:b6:75:ea:51:b8:d3:25:e6:88:e2:
                    af:95:97:ef:28:2a:6c:59:fb:57:c9:36:6a:fd:dc:
                    5f:91:4e:b4:c3:7b:81:2f:fb:c8:f8:89:20:ec:98:
                    ea:82:47:5b:92:b2:82:46:a8:5d:b0:f8:3c:a7:48:
                    02:d5:a1:a6:ff:44:05:45:40:6a:24:2e:86:69:5d:
                    c6:33:f8:60:a9:57:ad:fa:a6:69:f4:59:18:de:cc:
                    ce:72:f2:fc:2a:f3:b1:c0:7c:67:38:55:39:25:3e:
                    d9:ba:0d:87:79:fe:4c:b7:df:ca:0d:1a:2e:be:17:
                    d4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3B:FD:86:AB:5C:A2:79:E0:00:C1:12:5F:C0:E6:B1:CF:E9:79:9E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lDv9hqtconngAMESX8Dmsc_peZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:42:6a:c4:66:1d:46:07:8c:fa:f6:9d:09:5b:a7:88:9b:38:
         58:7b:02:39:e1:ad:4d:a9:04:52:bb:e6:78:d0:e4:b1:f3:27:
         fb:34:37:e6:f2:d0:42:1c:f4:8b:ca:7d:f5:32:90:87:28:c8:
         3e:e4:1c:47:64:87:b3:7e:45:61:aa:62:be:ed:c7:d2:46:ed:
         9f:7a:d7:e4:72:8e:17:55:7e:d1:cd:65:67:7a:30:f4:58:2f:
         21:63:3c:b8:3b:51:92:95:ed:60:98:c4:24:2d:70:25:0b:f6:
         f1:0d:05:be:15:48:b1:a3:2c:30:3e:b0:3a:e3:9c:b5:cf:32:
         c3:36:25:a8:c4:a9:a7:25:ff:c6:10:c2:5c:34:64:2c:c8:ad:
         76:ab:48:86:34:af:6c:bc:f6:00:98:72:76:97:2b:e1:07:e1:
         a6:22:54:4b:d7:ba:9d:c5:34:6c:55:3c:a4:42:f6:6b:0b:aa:
         84:f2:28:bd:71:01:fc:ea:a6:be:8d:aa:78:d0:e9:67:48:91:
         9d:ef:d9:ba:56:8b:ed:65:59:8a:46:dc:cd:d7:78:6f:51:a0:
         25:c1:30:ca:2f:64:66:9a:16:34:36:a5:bc:5e:ab:fd:18:0f:
         fd:b4:2c:56:34:ba:b3:db:70:f5:e2:86:8b:f5:b7:c2:23:4b:
         7e:26:98:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnxuQmvnF+qu2XEPCmWG3Z5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDE3MTAzMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNiZmQ4NmFiNWNhMjc5ZTAwMGMxMTI1ZmMwZTZiMWNmZTk3OTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTnqUhIXXZ7hNZ17R3zObv+i3bJ8
ZIpfdsf5HR0PB4/szK7WyE03KDGpd54IbopYwkOJ7tVc1UBDrqMz0T60VwJu9FR/
O9vhLnrEdUshRsxWSVe1ToHNvFfJxWywNprA6SDoBHPfYeLSEOMq61tc02neJLtj
wz+RZszgC8mrBuG6OEG8UgU+7YeprbZ16lG40yXmiOKvlZfvKCpsWftXyTZq/dxf
kU60w3uBL/vI+Ikg7JjqgkdbkrKCRqhdsPg8p0gC1aGm/0QFRUBqJC6GaV3GM/hg
qVet+qZp9FkY3szOcvL8KvOxwHxnOFU5JT7Zug2Hef5Mt9/KDRouvhfUzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQ7/YarXKJ54ADBEl/A5rHP6XmeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbER2OWhxdGNvbm5nQU1FU1g4RG1zY19wZVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZRMA0G
CSqGSIb3DQEBCwUAA4IBAQBSQmrEZh1GB4z69p0JW6eImzhYewI54a1NqQRSu+Z4
0OSx8yf7NDfm8tBCHPSLyn31MpCHKMg+5BxHZIezfkVhqmK+7cfSRu2fetfkco4X
VX7RzWVnejD0WC8hYzy4O1GSle1gmMQkLXAlC/bxDQW+FUixoywwPrA645y1zzLD
NiWoxKmnJf/GEMJcNGQsyK12q0iGNK9svPYAmHJ2lyvhB+GmIlRL17qdxTRsVTyk
QvZrC6qE8ii9cQH86qa+jap40OlnSJGd79m6VovtZVmKRtzN13hvUaAlwTDKL2Rm
mhY0NqW8Xqv9GA/9tCxWNLqz23D14oaL9bfCI0t+JpgE
-----END CERTIFICATE-----