Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/lqkoAhBHnz4PnaeZdfQuwjH84dI.roa
File:                     lqkoAhBHnz4PnaeZdfQuwjH84dI.roa (raw, json)
Hash identifier:          2HvqZsQNc03tvWHYsADUafvvFzDg/zqZnTmsgSmZAX8=
Subject key identifier:   96:A9:28:02:10:47:9F:3E:0F:9D:A7:99:75:F4:2E:C2:31:FC:E1:D2
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019A5E0EC9C434FDC4726728F68F2B975132
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/lqkoAhBHnz4PnaeZdfQuwjH84dI.roa
Signing time:             Fri 07 Nov 2025 11:23:38 +0000
ROA not before:           Fri 07 Nov 2025 11:23:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201839
IP address blocks:        45.67.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:0e:c9:c4:34:fd:c4:72:67:28:f6:8f:2b:97:51:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Nov  7 11:23:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96a9280210479f3e0f9da79975f42ec231fce1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:6b:55:e2:d1:3d:62:7e:ba:ed:9a:4a:a2:a2:
                    89:55:ee:c7:57:ec:66:e9:3a:0c:be:de:b3:f6:21:
                    37:f4:36:91:e0:40:1e:af:87:0f:3b:51:88:60:93:
                    93:da:61:cf:a7:59:98:5d:14:3d:50:7a:26:44:6d:
                    71:0b:55:60:8a:cb:33:53:5d:d6:80:9c:d5:97:9f:
                    19:1f:18:1b:9e:d0:f3:5e:41:2e:ab:aa:88:91:b6:
                    2b:e8:9e:a6:f7:fe:33:85:56:f4:1c:74:f6:e3:5a:
                    ed:a4:9e:12:e4:0e:39:60:d1:af:77:9b:e1:0a:4b:
                    29:5f:54:ee:8f:f8:07:3d:a0:f8:08:28:ce:07:fe:
                    e2:d5:52:37:b5:4f:62:b3:50:37:62:65:32:61:3b:
                    ae:6e:ac:91:00:57:cb:6c:c7:8b:66:ab:fe:84:e4:
                    b9:e8:48:b9:5b:e7:a3:4c:05:23:58:33:50:70:fd:
                    a8:6d:25:6c:04:bc:9e:ec:24:1e:c8:d2:5f:81:36:
                    dc:1c:ab:5d:60:c8:3c:e1:52:a1:01:70:1f:84:d6:
                    62:9f:6e:f9:24:71:64:d8:48:1e:2b:f7:78:1a:1e:
                    ba:06:7e:5b:ea:c3:e3:ae:a1:42:0c:cf:58:f6:d4:
                    7b:5f:78:c0:21:67:aa:84:59:c5:0e:6b:17:e5:93:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A9:28:02:10:47:9F:3E:0F:9D:A7:99:75:F4:2E:C2:31:FC:E1:D2
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/lqkoAhBHnz4PnaeZdfQuwjH84dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:58:4e:ae:98:84:80:ec:9c:eb:4c:a7:0d:9b:a3:39:9b:8d:
         44:d1:79:a3:84:3c:01:2d:38:9c:c0:d8:5c:7e:7e:32:1a:14:
         2c:6e:bc:dd:0d:fc:8d:b4:93:0b:2d:03:80:74:7e:49:ce:58:
         37:7c:48:93:c5:0f:df:ab:8f:17:84:ef:2f:6a:ea:b5:1c:a0:
         43:d6:5d:14:d3:73:98:c3:2c:95:db:8e:13:7a:13:c6:17:b7:
         0c:48:c5:91:8f:a2:46:af:6a:7c:ce:96:ba:5e:5b:ad:68:45:
         4e:06:b2:aa:38:ba:5d:50:93:d4:c2:d6:67:80:2c:8e:f7:71:
         65:71:52:93:e5:2b:5c:5c:31:da:2a:f7:93:43:a6:cb:65:bd:
         c0:25:3c:7d:02:21:6c:4c:38:7f:20:bc:1d:8b:e9:cc:e1:d7:
         35:48:1e:e9:73:3b:6b:a4:4b:29:2f:e4:4f:3f:37:2f:3e:69:
         c3:16:ad:93:c2:74:e2:fb:f7:49:c7:bb:77:08:2f:a1:11:71:
         b1:42:23:37:2f:72:c5:13:ac:6e:6b:06:0c:2c:49:19:06:5c:
         bf:71:af:89:0d:65:38:54:40:74:e0:5d:13:03:fd:b9:76:9f:
         ed:af:55:ce:1a:b2:07:93:25:ae:a9:46:ba:d5:41:c3:d7:9f:
         44:d0:ca:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpeDsnENP3Ecmco9o8rl1EyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjUxMTA3MTEyMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmE5MjgwMjEwNDc5ZjNlMGY5ZGE3OTk3NWY0MmVjMjMxZmNlMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mtV4tE9Yn667ZpKoqKJVe7HV+xm
6ToMvt6z9iE39DaR4EAer4cPO1GIYJOT2mHPp1mYXRQ9UHomRG1xC1VgisszU13W
gJzVl58ZHxgbntDzXkEuq6qIkbYr6J6m9/4zhVb0HHT241rtpJ4S5A45YNGvd5vh
CkspX1Tuj/gHPaD4CCjOB/7i1VI3tU9is1A3YmUyYTuubqyRAFfLbMeLZqv+hOS5
6Ei5W+ejTAUjWDNQcP2obSVsBLye7CQeyNJfgTbcHKtdYMg84VKhAXAfhNZin275
JHFk2EgeK/d4Gh66Bn5b6sPjrqFCDM9Y9tR7X3jAIWeqhFnFDmsX5ZPYVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJapKAIQR58+D52nmXX0LsIx/OHSMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvbHFrb0FoQkhuejRQbmFlWmRmUXV3akg4NGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUPXMA0G
CSqGSIb3DQEBCwUAA4IBAQAMWE6umISA7JzrTKcNm6M5m41E0XmjhDwBLTicwNhc
fn4yGhQsbrzdDfyNtJMLLQOAdH5Jzlg3fEiTxQ/fq48XhO8vauq1HKBD1l0U03OY
wyyV244TehPGF7cMSMWRj6JGr2p8zpa6XlutaEVOBrKqOLpdUJPUwtZngCyO93Fl
cVKT5StcXDHaKveTQ6bLZb3AJTx9AiFsTDh/ILwdi+nM4dc1SB7pcztrpEspL+RP
PzcvPmnDFq2TwnTi+/dJx7t3CC+hEXGxQiM3L3LFE6xuawYMLEkZBly/ca+JDWU4
VEB04F0TA/25dp/tr1XOGrIHkyWuqUa61UHD159E0MpT
-----END CERTIFICATE-----