Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/lCQM-dF_EfVVshXvOqwqsYBxL9s.roa
File:                     lCQM-dF_EfVVshXvOqwqsYBxL9s.roa (raw, json)
Hash identifier:          Usok67enDyHQBWMZLz8dOpfnx0UzcTG68uUFl9pEmns=
Subject key identifier:   94:24:0C:F9:D1:7F:11:F5:55:B2:15:EF:3A:AC:2A:B1:80:71:2F:DB
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       01992A324E9D8D72A67B56F959B015EE44C0
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/lCQM-dF_EfVVshXvOqwqsYBxL9s.roa
Signing time:             Mon 08 Sep 2025 16:39:23 +0000
ROA not before:           Mon 08 Sep 2025 16:39:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215621
IP address blocks:        116.199.224.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2a:32:4e:9d:8d:72:a6:7b:56:f9:59:b0:15:ee:44:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Sep  8 16:39:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94240cf9d17f11f555b215ef3aac2ab180712fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:57:4a:39:68:18:dc:80:08:6e:ba:a8:72:70:
                    ca:ca:99:6c:75:c3:bc:36:ee:3c:90:b3:74:de:3d:
                    5f:8e:de:89:62:25:e4:4d:ab:63:e2:b9:3d:01:30:
                    6d:a3:81:ea:8f:6c:2a:78:e6:0f:a9:db:8a:6b:34:
                    96:e7:ad:14:02:43:b7:7b:88:b2:c1:50:4c:41:97:
                    ec:6f:e2:dc:7d:fd:bc:dc:cf:b5:c7:8a:1b:06:df:
                    65:cb:8d:0b:78:f7:e0:f5:45:e1:2c:d4:50:08:8e:
                    83:6e:16:fc:dc:85:b5:0c:a2:00:e4:80:ac:5b:84:
                    e5:7c:bb:96:ec:03:cc:01:d7:e4:9a:e4:af:8c:7c:
                    07:80:2e:85:e3:c6:ef:75:ee:d7:3d:d9:79:8e:0a:
                    2c:0c:8d:ee:6d:55:0d:44:57:5b:ca:ec:27:cd:12:
                    31:20:9b:86:d5:12:ad:c7:d1:e2:15:78:9d:a1:86:
                    30:4d:08:38:f7:5b:5f:45:75:d5:c1:1e:4e:e4:d2:
                    92:62:9d:b3:54:3e:71:00:52:8f:e4:1e:96:76:29:
                    c8:8f:34:98:ff:8d:bc:67:67:1e:47:c0:76:85:5f:
                    d6:c6:ca:24:f9:48:ab:a9:4a:4a:2a:88:a1:5a:e9:
                    31:06:e3:de:7e:32:9f:ab:55:43:c9:8d:c5:b2:7d:
                    17:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:24:0C:F9:D1:7F:11:F5:55:B2:15:EF:3A:AC:2A:B1:80:71:2F:DB
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/lCQM-dF_EfVVshXvOqwqsYBxL9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         65:5c:4a:55:56:46:22:a3:f8:22:53:90:28:f2:78:a7:59:0c:
         51:76:c7:13:d9:48:f1:c9:91:ea:1c:58:2c:0a:80:58:b5:52:
         d6:42:e9:6c:cd:ac:a8:53:8b:48:d0:b9:98:11:df:d7:44:5e:
         6d:75:b7:d2:cb:4f:29:a8:01:9a:60:bf:9a:cf:be:c1:a7:49:
         ff:ae:ff:c2:36:41:f4:d4:56:24:ae:03:ec:00:ea:15:f1:78:
         36:e2:11:db:e5:ad:ff:6b:f7:ff:60:1e:cb:16:99:f6:8d:be:
         b2:82:c8:60:45:a5:53:2a:8a:39:98:59:7b:80:ca:ef:2a:e4:
         4c:45:9b:d7:9d:1b:9a:73:a4:e0:b1:e8:00:e3:ee:cc:e9:57:
         16:a8:7a:25:56:e2:5f:b7:f5:a3:d4:0d:25:18:df:b7:28:bc:
         06:a7:8d:4f:19:cf:a9:c5:5f:76:1d:71:e9:e2:9b:52:43:bc:
         7b:5e:ae:ba:28:44:66:42:4a:e2:5e:14:e9:2f:68:e1:10:78:
         18:4b:ca:79:9d:25:a3:18:8e:fb:15:c8:25:6c:f6:77:da:b0:
         15:b7:ac:1a:57:86:85:43:56:c8:33:a1:29:b7:1c:67:95:74:
         a7:06:83:dd:39:fc:f5:21:c1:6d:8f:7c:a7:f9:30:fd:d6:20:
         53:77:a8:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkqMk6djXKme1b5WbAV7kTAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjUwOTA4MTYzOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDI0MGNmOWQxN2YxMWY1NTViMjE1ZWYzYWFjMmFiMTgwNzEyZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlldKOWgY3IAIbrqocnDKyplsdcO8
Nu48kLN03j1fjt6JYiXkTatj4rk9ATBto4Hqj2wqeOYPqduKazSW560UAkO3e4iy
wVBMQZfsb+Lcff283M+1x4obBt9ly40LePfg9UXhLNRQCI6Dbhb83IW1DKIA5ICs
W4TlfLuW7APMAdfkmuSvjHwHgC6F48bvde7XPdl5jgosDI3ubVUNRFdbyuwnzRIx
IJuG1RKtx9HiFXidoYYwTQg491tfRXXVwR5O5NKSYp2zVD5xAFKP5B6WdinIjzSY
/428Z2ceR8B2hV/Wxsok+UirqUpKKoihWukxBuPefjKfq1VDyY3Fsn0X3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQkDPnRfxH1VbIV7zqsKrGAcS/bMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvbENRTS1kRl9FZlZWc2hYdk9xd3FzWUJ4TDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEdMfgMA0G
CSqGSIb3DQEBCwUAA4IBAQBlXEpVVkYio/giU5Ao8ninWQxRdscT2UjxyZHqHFgs
CoBYtVLWQulszayoU4tI0LmYEd/XRF5tdbfSy08pqAGaYL+az77Bp0n/rv/CNkH0
1FYkrgPsAOoV8Xg24hHb5a3/a/f/YB7LFpn2jb6ygshgRaVTKoo5mFl7gMrvKuRM
RZvXnRuac6TgsegA4+7M6VcWqHolVuJft/Wj1A0lGN+3KLwGp41PGc+pxV92HXHp
4ptSQ7x7Xq66KERmQkriXhTpL2jhEHgYS8p5nSWjGI77FcglbPZ32rAVt6waV4aF
Q1bIM6EptxxnlXSnBoPdOfz1IcFtj3yn+TD91iBTd6ib
-----END CERTIFICATE-----