Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nkAQ2hgSZ3s-177KnIqRwtVeFHM.roa
File:                     nkAQ2hgSZ3s-177KnIqRwtVeFHM.roa (raw, json)
Hash identifier:          PiTGiNyBwF04WWs997+upRfWyglcaKJUrybz95a1BIo=
Subject key identifier:   9E:40:10:DA:18:12:67:7B:3E:D7:BE:CA:9C:8A:91:C2:D5:5E:14:73
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199DC97C8572C50A827DE7B83091603B73E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nkAQ2hgSZ3s-177KnIqRwtVeFHM.roa
Signing time:             Mon 13 Oct 2025 08:02:38 +0000
ROA not before:           Mon 13 Oct 2025 08:02:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214209
IP address blocks:        82.153.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:97:c8:57:2c:50:a8:27:de:7b:83:09:16:03:b7:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 13 08:02:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e4010da1812677b3ed7beca9c8a91c2d55e1473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:67:63:6b:1d:83:e6:fa:52:5f:68:de:be:d9:
                    9b:2f:b3:9e:d7:c7:0d:61:e2:29:97:4e:0a:0f:df:
                    7e:d7:f3:e0:6b:36:3b:43:07:bb:67:fb:a7:94:41:
                    e9:58:ea:ad:2f:d4:46:8d:5c:70:49:20:f6:51:6d:
                    c7:b9:8f:20:37:65:62:5e:16:b0:c6:a2:2a:b1:57:
                    75:de:f3:6e:16:15:d7:e3:90:90:ac:0d:a7:5d:8b:
                    a4:51:4b:fb:90:e5:7e:72:e6:01:6b:b4:1e:10:84:
                    38:6e:ed:da:ac:78:53:67:80:ba:ec:b6:2b:a6:25:
                    4f:b0:db:f4:1f:70:ec:63:a4:e1:97:1a:53:1b:12:
                    94:69:3b:8f:8f:07:db:ff:a7:f6:9e:d6:06:d7:3e:
                    aa:69:26:2d:57:27:6b:8c:20:05:02:6f:cf:cc:be:
                    c0:e5:f1:dc:11:bb:83:6f:ca:2e:42:b8:bc:77:39:
                    3b:26:05:e9:b5:96:2c:ae:22:cd:03:2a:34:3d:d3:
                    13:63:d3:25:42:68:a9:84:db:84:d6:22:5f:69:5c:
                    44:a2:d0:26:d8:32:97:ab:67:45:a5:0e:6a:44:c6:
                    ac:9a:fd:8e:59:c9:d3:c1:c0:3d:ad:24:26:0b:6a:
                    04:87:f6:93:2e:0a:46:22:aa:55:4e:ea:7f:4d:78:
                    36:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:40:10:DA:18:12:67:7B:3E:D7:BE:CA:9C:8A:91:C2:D5:5E:14:73
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nkAQ2hgSZ3s-177KnIqRwtVeFHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:9a:6d:c0:64:71:9a:78:00:ce:86:9e:3e:0e:92:da:57:ba:
         eb:93:45:90:18:20:ab:8c:57:14:5a:c5:f2:86:8a:4e:0d:79:
         a9:d2:e6:7f:e2:ad:86:e0:48:c0:e7:7e:0f:5f:51:ef:e5:df:
         45:f4:0e:d9:91:ee:59:e8:ee:5a:1a:84:5f:22:39:f3:36:8d:
         42:d5:0f:3b:cb:df:3d:44:bd:01:3d:30:7e:2b:21:83:ed:81:
         85:61:72:41:51:83:7c:a7:51:75:f7:83:74:23:a3:ce:a1:0c:
         08:eb:9d:79:56:5a:98:b3:8a:9c:9a:cf:5a:d9:8a:51:d7:cf:
         3f:f9:83:5c:aa:2e:fe:a0:7d:60:8e:c3:29:d6:23:c4:ac:c3:
         f1:57:d1:a0:5e:71:11:c9:32:4b:92:1d:c2:92:45:dc:78:8b:
         98:62:55:ba:80:d6:42:fe:88:99:40:56:d1:dd:21:f6:65:50:
         e9:1a:36:fe:0c:17:5f:16:1d:41:3d:7c:fc:69:f4:8e:9b:62:
         e0:77:34:61:6e:d8:e3:ae:16:35:23:f8:70:8f:0a:b3:d6:0c:
         ee:12:e0:cb:f4:a0:df:26:51:0a:d9:0f:03:c8:76:09:6f:fd:
         9e:78:ce:8c:03:0f:d2:07:be:f5:5d:3e:b3:f4:1e:6c:75:14:
         ec:9c:20:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZncl8hXLFCoJ957gwkWA7c+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDEzMDgwMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQwMTBkYTE4MTI2NzdiM2VkN2JlY2E5YzhhOTFjMmQ1NWUxNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmdjax2D5vpSX2jevtmbL7Oe18cN
YeIpl04KD99+1/PgazY7Qwe7Z/unlEHpWOqtL9RGjVxwSSD2UW3HuY8gN2ViXhaw
xqIqsVd13vNuFhXX45CQrA2nXYukUUv7kOV+cuYBa7QeEIQ4bu3arHhTZ4C67LYr
piVPsNv0H3DsY6ThlxpTGxKUaTuPjwfb/6f2ntYG1z6qaSYtVydrjCAFAm/PzL7A
5fHcEbuDb8ouQri8dzk7JgXptZYsriLNAyo0PdMTY9MlQmiphNuE1iJfaVxEotAm
2DKXq2dFpQ5qRMasmv2OWcnTwcA9rSQmC2oEh/aTLgpGIqpVTup/TXg2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5AENoYEmd7Pte+ypyKkcLVXhRzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbmtBUTJoZ1NaM3MtMTc3S25JcVJ3dFZlRkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmKMA0G
CSqGSIb3DQEBCwUAA4IBAQCXmm3AZHGaeADOhp4+DpLaV7rrk0WQGCCrjFcUWsXy
hopODXmp0uZ/4q2G4EjA534PX1Hv5d9F9A7Zke5Z6O5aGoRfIjnzNo1C1Q87y989
RL0BPTB+KyGD7YGFYXJBUYN8p1F194N0I6POoQwI6515VlqYs4qcms9a2YpR188/
+YNcqi7+oH1gjsMp1iPErMPxV9GgXnERyTJLkh3CkkXceIuYYlW6gNZC/oiZQFbR
3SH2ZVDpGjb+DBdfFh1BPXz8afSOm2LgdzRhbtjjrhY1I/hwjwqz1gzuEuDL9KDf
JlEK2Q8DyHYJb/2eeM6MAw/SB771XT6z9B5sdRTsnCDe
-----END CERTIFICATE-----