Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/LH9HIt3rzScDBJcnzv2LUAuErHQ.roa
File:                     LH9HIt3rzScDBJcnzv2LUAuErHQ.roa (raw, json)
Hash identifier:          ShiZMaJnKY30bao0rh1lY7Hq4t7NAasDASRPNZwG/00=
Subject key identifier:   2C:7F:47:22:DD:EB:CD:27:03:04:97:27:CE:FD:8B:50:0B:84:AC:74
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B27D7F1BFB5741EEC93039EB6A5D7C
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/LH9HIt3rzScDBJcnzv2LUAuErHQ.roa
Signing time:             Mon 14 Jul 2025 16:09:09 +0000
ROA not before:           Mon 14 Jul 2025 16:09:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14576
IP address blocks:        193.0.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b2:7d:7f:1b:fb:57:41:ee:c9:30:39:eb:6a:5d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:09:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c7f4722ddebcd2703049727cefd8b500b84ac74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e2:25:0e:a0:4a:dd:c3:79:42:dd:e3:0a:6d:
                    8c:7e:8c:1f:b1:d8:e4:f7:f1:25:a8:68:75:02:b8:
                    70:1e:02:85:5f:39:9e:a3:67:f2:8f:33:36:d1:c3:
                    39:08:e5:3c:c1:86:0b:a1:1a:78:d3:30:cc:c4:da:
                    f5:ec:3e:36:82:b8:07:c3:78:60:16:95:1f:22:38:
                    8e:46:94:0d:90:62:e4:54:5f:7b:f1:ff:c0:f8:93:
                    aa:31:7f:6f:39:81:f9:03:32:e0:6a:3f:06:66:48:
                    84:fe:21:de:41:76:ca:7a:6e:5d:6b:43:46:2d:fb:
                    4e:2c:c8:23:c6:f2:10:af:4e:d5:d2:87:10:29:6a:
                    82:88:b8:6d:a7:4f:bb:ef:36:ab:67:54:19:99:cf:
                    7c:a4:e4:c4:bc:db:e2:d0:68:0f:10:5c:91:90:4d:
                    37:39:68:ef:26:d8:79:31:74:0c:71:1c:f1:04:65:
                    86:5c:d1:53:e6:81:58:00:75:cd:db:13:6f:6c:3b:
                    a1:92:83:1e:15:b7:03:8d:9c:57:e0:3e:20:7b:46:
                    78:98:8a:98:e7:db:79:5c:da:6a:a5:95:7f:e7:e3:
                    f0:1c:40:c9:cb:e0:59:4e:cd:05:41:7d:da:6d:2d:
                    0a:51:87:b7:43:7f:85:1d:a7:ad:aa:db:1e:8a:20:
                    1b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:7F:47:22:DD:EB:CD:27:03:04:97:27:CE:FD:8B:50:0B:84:AC:74
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/LH9HIt3rzScDBJcnzv2LUAuErHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:85:64:23:44:f0:5c:1e:52:63:15:72:21:14:2d:d9:43:e7:
         8d:82:a1:73:b9:14:d7:99:2e:89:4a:1a:38:d8:07:51:c5:7a:
         03:28:28:40:63:7d:de:bc:3f:5e:f6:f8:b4:0b:4a:fb:f1:06:
         92:e0:57:69:2d:9b:22:86:a1:27:28:93:62:43:fb:2b:77:44:
         cf:1a:81:f6:43:6a:cf:f5:9e:2c:44:06:0e:f2:76:38:9d:fb:
         f0:ec:73:3a:9e:7e:c6:1d:b1:3b:13:53:38:d9:41:50:5c:20:
         e5:17:dd:64:c8:31:e9:8b:b5:b0:da:a5:f9:00:b6:a0:12:f9:
         b6:dd:66:96:3c:9e:1a:1b:28:81:11:ee:f9:37:2d:66:4c:7d:
         51:51:69:48:58:8f:64:16:93:a1:2c:a5:48:d2:0f:2a:b8:73:
         12:b9:b8:f2:ce:a8:12:8c:12:6a:ba:41:cd:5e:ba:f2:36:f3:
         ef:0e:7f:e5:5a:82:40:b7:21:e1:e2:44:80:33:be:06:06:35:
         54:33:d4:3f:89:db:2d:99:a7:c9:ed:fc:f5:51:5c:8b:e1:e0:
         7b:b8:86:7c:cf:22:a1:af:14:52:4a:fe:01:80:54:ab:91:b3:
         60:d3:61:a5:ef:f5:ff:6a:04:7e:40:ae:94:f8:f1:d9:e5:bd:
         76:35:65:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJsn1/G/tXQe7JMDnral18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYwOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzdmNDcyMmRkZWJjZDI3MDMwNDk3MjdjZWZkOGI1MDBiODRhYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9OIlDqBK3cN5Qt3jCm2Mfowfsdjk
9/ElqGh1ArhwHgKFXzmeo2fyjzM20cM5COU8wYYLoRp40zDMxNr17D42grgHw3hg
FpUfIjiORpQNkGLkVF978f/A+JOqMX9vOYH5AzLgaj8GZkiE/iHeQXbKem5da0NG
LftOLMgjxvIQr07V0ocQKWqCiLhtp0+77zarZ1QZmc98pOTEvNvi0GgPEFyRkE03
OWjvJth5MXQMcRzxBGWGXNFT5oFYAHXN2xNvbDuhkoMeFbcDjZxX4D4ge0Z4mIqY
59t5XNpqpZV/5+PwHEDJy+BZTs0FQX3abS0KUYe3Q3+FHaetqtseiiAb0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCx/RyLd680nAwSXJ879i1ALhKx0MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvTEg5SEl0M3J6U2NEQkpjbnp2MkxVQXVFckhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDJMA0G
CSqGSIb3DQEBCwUAA4IBAQBJhWQjRPBcHlJjFXIhFC3ZQ+eNgqFzuRTXmS6JSho4
2AdRxXoDKChAY33evD9e9vi0C0r78QaS4FdpLZsihqEnKJNiQ/srd0TPGoH2Q2rP
9Z4sRAYO8nY4nfvw7HM6nn7GHbE7E1M42UFQXCDlF91kyDHpi7Ww2qX5ALagEvm2
3WaWPJ4aGyiBEe75Ny1mTH1RUWlIWI9kFpOhLKVI0g8quHMSubjyzqgSjBJqukHN
XrryNvPvDn/lWoJAtyHh4kSAM74GBjVUM9Q/idstmafJ7fz1UVyL4eB7uIZ8zyKh
rxRSSv4BgFSrkbNg02Gl7/X/agR+QK6U+PHZ5b12NWWS
-----END CERTIFICATE-----