Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/5lE8J4x9aB1mfye1y1Ao8-xAZPs.roa
File:                     5lE8J4x9aB1mfye1y1Ao8-xAZPs.roa (raw, json)
Hash identifier:          Iqs5oU7eeMsvFR6e9VBgcLnP6/n0RAHvMJOgpQeeQ8k=
Subject key identifier:   E6:51:3C:27:8C:7D:68:1D:66:7F:27:B5:CB:50:28:F3:EC:40:64:FB
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       019A073FA6DF88B204558784BCFEE169F69B
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/5lE8J4x9aB1mfye1y1Ao8-xAZPs.roa
Signing time:             Tue 21 Oct 2025 14:50:03 +0000
ROA not before:           Tue 21 Oct 2025 14:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207217
IP address blocks:        78.159.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 20:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:3f:a6:df:88:b2:04:55:87:84:bc:fe:e1:69:f6:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Oct 21 14:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6513c278c7d681d667f27b5cb5028f3ec4064fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:7c:9d:68:7a:84:97:8f:c3:76:85:12:de:
                    53:32:2e:61:7a:de:b4:7a:94:14:a1:c5:3f:90:90:
                    90:b1:a4:6f:ae:c0:c9:9f:a7:db:c9:20:e8:39:73:
                    2a:09:9d:f2:07:37:9b:c0:6e:fd:83:7b:99:77:d6:
                    11:4c:7b:ca:06:ba:c8:3d:cf:48:69:12:46:de:9e:
                    5c:fd:07:f3:d9:09:5c:8d:4f:2c:28:83:06:38:f4:
                    e3:c1:2e:99:be:5e:f4:21:f0:d2:78:60:1b:6e:76:
                    2c:4d:55:ae:64:1e:86:13:fa:3f:5f:17:fc:c7:5b:
                    52:07:bd:fc:d3:f2:2e:40:e5:1e:89:a5:37:c3:d4:
                    7f:47:87:05:37:3d:ff:48:41:29:bf:fe:79:46:ee:
                    55:56:c6:99:5a:30:d9:b9:16:15:ef:1e:fd:1a:d7:
                    88:15:de:e4:bb:6a:d4:73:6d:74:18:a9:5f:94:83:
                    da:1f:34:37:fe:dd:08:22:85:f9:19:3e:70:0f:2e:
                    50:9f:78:0c:8a:51:b3:26:1a:27:0f:5f:3c:3f:aa:
                    17:91:cd:a7:f0:16:28:87:47:14:c6:50:7c:b1:4b:
                    d7:05:11:bb:e2:29:44:1d:7d:6f:64:96:4c:bd:f8:
                    93:8d:1f:e7:6c:16:95:94:33:9f:83:54:ac:0e:0b:
                    6d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:51:3C:27:8C:7D:68:1D:66:7F:27:B5:CB:50:28:F3:EC:40:64:FB
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/5lE8J4x9aB1mfye1y1Ao8-xAZPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:fc:a7:71:f2:75:e2:e7:6c:f3:50:1c:4b:3a:a7:b8:a2:1e:
         7e:79:54:8e:f7:1b:b1:f0:d8:c6:cb:4f:7b:2d:5a:ef:b6:22:
         01:bf:9c:56:1d:e4:98:ca:c8:d7:f3:09:73:60:eb:a2:bc:8f:
         84:b3:24:32:74:c3:38:0d:40:e4:14:6d:e3:0d:b6:98:de:f5:
         b4:2e:08:c2:61:ee:f3:7f:4b:04:52:05:b3:83:94:1f:24:a3:
         da:4a:d0:2c:c6:92:93:a7:40:8a:e7:aa:f9:9a:2c:a9:48:1c:
         7c:64:f0:c7:9d:72:5f:b3:19:9c:b0:cc:bd:5c:1e:ce:62:d2:
         1b:0a:4f:0b:60:6c:a1:74:7d:c4:7c:ca:c9:3f:84:bf:a6:db:
         b7:df:73:91:7e:33:ec:e0:57:00:18:e8:ac:77:ea:5f:9a:0e:
         51:be:0e:a5:0b:02:25:82:76:e4:52:4e:95:a8:69:f5:de:8d:
         a8:20:fe:b8:b8:67:3b:5a:d1:1d:a4:38:86:fb:88:b5:d7:6d:
         9c:78:bb:01:d1:2e:ad:5b:4e:f1:68:e3:78:00:37:7c:7a:59:
         4b:6f:aa:3a:df:84:b8:8f:71:de:95:d6:c3:67:d2:59:59:d1:
         21:4a:f8:f1:71:47:9d:15:51:4b:33:b8:0f:85:a3:19:55:a1:
         2d:59:c4:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoHP6bfiLIEVYeEvP7hafabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjUxMDIxMTQ1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjUxM2MyNzhjN2Q2ODFkNjY3ZjI3YjVjYjUwMjhmM2VjNDA2NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrl8nWh6hJePw3aFEt5TMi5het60
epQUocU/kJCQsaRvrsDJn6fbySDoOXMqCZ3yBzebwG79g3uZd9YRTHvKBrrIPc9I
aRJG3p5c/Qfz2QlcjU8sKIMGOPTjwS6Zvl70IfDSeGAbbnYsTVWuZB6GE/o/Xxf8
x1tSB7380/IuQOUeiaU3w9R/R4cFNz3/SEEpv/55Ru5VVsaZWjDZuRYV7x79GteI
Fd7ku2rUc210GKlflIPaHzQ3/t0IIoX5GT5wDy5Qn3gMilGzJhonD188P6oXkc2n
8BYoh0cUxlB8sUvXBRG74ilEHX1vZJZMvfiTjR/nbBaVlDOfg1SsDgtt8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZRPCeMfWgdZn8ntctQKPPsQGT7MB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvNWxFOEo0eDlhQjFtZnllMXkxQW84LXhBWlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATp9dMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/Kdx8nXi52zzUBxLOqe4oh5+eVSO9xux8NjGy097
LVrvtiIBv5xWHeSYysjX8wlzYOuivI+EsyQydMM4DUDkFG3jDbaY3vW0LgjCYe7z
f0sEUgWzg5QfJKPaStAsxpKTp0CK56r5miypSBx8ZPDHnXJfsxmcsMy9XB7OYtIb
Ck8LYGyhdH3EfMrJP4S/ptu333ORfjPs4FcAGOisd+pfmg5Rvg6lCwIlgnbkUk6V
qGn13o2oIP64uGc7WtEdpDiG+4i1122ceLsB0S6tW07xaON4ADd8ellLb6o634S4
j3HeldbDZ9JZWdEhSvjxcUedFVFLM7gPhaMZVaEtWcS4
-----END CERTIFICATE-----