Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/lTbT7fcRBqHJbpQXZ7bYwj4cd6s.roa
File:                     lTbT7fcRBqHJbpQXZ7bYwj4cd6s.roa (raw, json)
Hash identifier:          hkud32qK9D0HFgsdXTxJib1cRauOPJylZFOBTpuqyuE=
Subject key identifier:   95:36:D3:ED:F7:11:06:A1:C9:6E:94:17:67:B6:D8:C2:3E:1C:77:AB
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       019A0203D6E0325427970B8BAC66670E1A55
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/lTbT7fcRBqHJbpQXZ7bYwj4cd6s.roa
Signing time:             Mon 20 Oct 2025 14:26:37 +0000
ROA not before:           Mon 20 Oct 2025 14:26:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203760
IP address blocks:        92.55.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 20:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:03:d6:e0:32:54:27:97:0b:8b:ac:66:67:0e:1a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Oct 20 14:26:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9536d3edf71106a1c96e941767b6d8c23e1c77ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2e:5c:e9:b1:f2:17:f3:fe:05:62:53:e4:1a:
                    50:37:a9:28:b4:5f:d1:6c:8f:d6:ab:17:e3:9b:e5:
                    c1:7a:f4:8d:1c:f6:03:00:1c:eb:48:05:a7:7d:91:
                    3e:16:b2:07:55:ef:b2:c3:f1:4f:f9:1e:72:c2:f0:
                    77:46:55:84:80:c5:c7:be:b5:d0:c4:a3:4a:42:e3:
                    8a:1b:8b:a4:5d:34:88:f2:f1:53:99:f6:c1:3d:90:
                    23:e5:65:b8:7c:01:b0:e3:42:ff:42:f3:86:22:2b:
                    87:a6:a3:67:52:04:a0:31:76:31:e0:0d:29:88:1a:
                    63:26:5d:6f:ce:07:bc:29:34:e6:e1:99:47:86:73:
                    c0:bb:4c:c2:c2:9c:bd:75:6e:88:d5:af:7c:02:ef:
                    f0:1b:02:03:5c:cc:63:82:5b:95:47:97:bb:e7:29:
                    86:31:11:96:ad:46:cb:3f:df:28:28:7c:c2:f9:a0:
                    02:26:3d:68:f9:ec:2d:e0:12:54:38:b1:55:67:a4:
                    2b:83:3c:eb:67:73:9f:97:d4:48:69:b6:1c:bc:e9:
                    e3:7f:c4:d7:5a:c9:db:dc:4e:92:54:95:7f:1a:8a:
                    02:1b:0e:99:66:1c:d6:12:e0:18:94:83:37:eb:8a:
                    e1:39:fe:bd:50:94:bd:98:e4:d2:25:1f:23:98:a8:
                    fb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:36:D3:ED:F7:11:06:A1:C9:6E:94:17:67:B6:D8:C2:3E:1C:77:AB
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/lTbT7fcRBqHJbpQXZ7bYwj4cd6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:e5:09:b7:0f:6f:63:af:e6:86:55:7e:96:98:d4:0a:27:1d:
         d0:34:d6:18:8c:40:c6:1b:b0:5e:19:f9:3f:8c:ab:49:77:0b:
         aa:b0:fb:e7:c7:91:ae:34:5a:9c:58:40:ea:d5:19:e2:90:5e:
         22:94:25:c8:1a:ba:f5:79:b1:ee:7c:cb:79:ca:71:cd:04:c9:
         1a:8f:44:43:81:7a:58:fa:4e:c6:e8:db:fb:31:b6:ff:93:b6:
         df:29:23:d7:f7:f3:60:9b:6b:ee:fa:fe:a3:d0:6a:9e:18:67:
         23:fe:a2:ab:d2:e6:bc:48:2e:f1:7b:76:49:da:d5:16:27:7e:
         57:e8:09:b4:c1:f0:96:5d:bb:dc:78:83:71:ba:b0:10:f8:e1:
         4f:a7:0b:71:7a:7c:ff:ed:3b:48:1b:b9:30:fa:4c:d0:53:94:
         2d:d2:e9:75:d4:9f:04:07:87:68:70:d2:1a:51:44:3a:d5:d2:
         53:be:c9:6e:54:b8:81:7c:fb:de:26:42:ce:c1:88:5f:16:ca:
         58:f7:f6:09:07:e4:69:09:aa:d1:41:a1:f2:2a:a9:36:c5:3e:
         f4:09:79:9b:9f:e8:2a:a1:48:b0:df:38:7f:ed:da:a8:3b:f7:
         fa:e2:e8:44:43:49:e4:a6:b4:8b:87:19:2f:eb:2f:32:37:3c:
         84:ce:c3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoCA9bgMlQnlwuLrGZnDhpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjUxMDIwMTQyNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTM2ZDNlZGY3MTEwNmExYzk2ZTk0MTc2N2I2ZDhjMjNlMWM3N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy5c6bHyF/P+BWJT5BpQN6kotF/R
bI/Wqxfjm+XBevSNHPYDABzrSAWnfZE+FrIHVe+yw/FP+R5ywvB3RlWEgMXHvrXQ
xKNKQuOKG4ukXTSI8vFTmfbBPZAj5WW4fAGw40L/QvOGIiuHpqNnUgSgMXYx4A0p
iBpjJl1vzge8KTTm4ZlHhnPAu0zCwpy9dW6I1a98Au/wGwIDXMxjgluVR5e75ymG
MRGWrUbLP98oKHzC+aACJj1o+ewt4BJUOLFVZ6QrgzzrZ3Ofl9RIabYcvOnjf8TX
Wsnb3E6SVJV/GooCGw6ZZhzWEuAYlIM364rhOf69UJS9mOTSJR8jmKj7wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU20+33EQahyW6UF2e22MI+HHerMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvbFRiVDdmY1JCcUhKYnBRWFo3Yll3ajRjZDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDfMMA0G
CSqGSIb3DQEBCwUAA4IBAQAf5Qm3D29jr+aGVX6WmNQKJx3QNNYYjEDGG7BeGfk/
jKtJdwuqsPvnx5GuNFqcWEDq1RnikF4ilCXIGrr1ebHufMt5ynHNBMkaj0RDgXpY
+k7G6Nv7Mbb/k7bfKSPX9/Ngm2vu+v6j0GqeGGcj/qKr0ua8SC7xe3ZJ2tUWJ35X
6Am0wfCWXbvceINxurAQ+OFPpwtxenz/7TtIG7kw+kzQU5Qt0ul11J8EB4docNIa
UUQ61dJTvsluVLiBfPveJkLOwYhfFspY9/YJB+RpCarRQaHyKqk2xT70CXmbn+gq
oUiw3zh/7dqoO/f64uhEQ0nkprSLhxkv6y8yNzyEzsOb
-----END CERTIFICATE-----