Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lDLi_sshU1yeeZ8S7VhgBjf-8hg.roa
File:                     lDLi_sshU1yeeZ8S7VhgBjf-8hg.roa (raw, json)
Hash identifier:          MAmtX5yRejHvc2KsKRoKAGrhUgZk5XcqMVYZ1wlfc74=
Subject key identifier:   94:32:E2:FE:CB:21:53:5C:9E:79:9F:12:ED:58:60:06:37:FE:F2:18
Certificate issuer:       /CN=1a58462feba546104b4797292dd23a46b02f7ed2
Certificate serial:       019A2F2AC479446E61894A98078E5CD3A9F6
Authority key identifier: 1A:58:46:2F:EB:A5:46:10:4B:47:97:29:2D:D2:3A:46:B0:2F:7E:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lDLi_sshU1yeeZ8S7VhgBjf-8hg.roa
Signing time:             Wed 29 Oct 2025 08:52:03 +0000
ROA not before:           Wed 29 Oct 2025 08:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215104
IP address blocks:        145.63.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:2a:c4:79:44:6e:61:89:4a:98:07:8e:5c:d3:a9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a58462feba546104b4797292dd23a46b02f7ed2
        Validity
            Not Before: Oct 29 08:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9432e2fecb21535c9e799f12ed58600637fef218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:63:ca:58:77:9f:8b:6d:b6:ad:a6:aa:47:
                    62:f4:c9:77:53:41:33:09:b9:e5:13:34:7d:65:c4:
                    c7:03:e6:2e:ff:cf:bd:c6:2d:6a:f1:6b:85:34:2e:
                    e2:82:2a:d2:2a:17:2a:fa:22:09:7e:c4:7a:81:32:
                    e1:5f:c6:2f:f2:cb:4d:d5:f7:eb:0b:41:07:4a:18:
                    91:4d:77:8d:cc:79:b4:04:2c:96:be:41:a3:4d:33:
                    96:2c:d7:19:c8:7c:80:fe:2f:e6:70:26:a0:b8:5c:
                    9b:ad:6e:66:49:64:9e:c9:fa:d0:0a:be:0f:55:9a:
                    9a:a8:ba:b2:97:a9:08:79:e6:48:a6:64:0f:64:27:
                    a6:cc:37:50:d7:39:dc:fa:0e:56:e1:2f:b1:68:c4:
                    80:0f:3f:d9:1e:e2:4d:18:3a:4d:5e:4e:dd:95:74:
                    33:1c:a1:dc:96:e2:44:2e:ee:ac:c0:a9:49:8c:a5:
                    5c:42:90:26:54:f8:df:38:fb:16:ee:6d:34:19:30:
                    e9:2f:8a:e0:6c:13:58:6f:d3:c3:4f:4a:17:45:7d:
                    1a:c8:f9:e7:50:86:be:8c:e5:7d:a6:0e:8a:1e:b5:
                    b9:7d:2e:a2:6b:f3:ff:a4:81:c4:44:75:1a:a5:d2:
                    84:9d:a9:e6:bc:1d:f7:c9:2f:bf:75:0f:82:e5:2b:
                    4a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:32:E2:FE:CB:21:53:5C:9E:79:9F:12:ED:58:60:06:37:FE:F2:18
            X509v3 Authority Key Identifier:
                keyid:1A:58:46:2F:EB:A5:46:10:4B:47:97:29:2D:D2:3A:46:B0:2F:7E:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lDLi_sshU1yeeZ8S7VhgBjf-8hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.63.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:89:99:06:1d:ce:f0:c0:a0:4f:fc:ea:64:7b:30:d1:0a:9c:
         c1:d3:0c:fc:ba:2f:f1:01:97:67:6e:e4:2e:00:03:e0:a2:02:
         46:40:89:a8:ad:00:cc:f7:39:d4:87:e7:98:84:a2:dd:22:8f:
         c2:f8:35:dc:17:dc:cf:19:13:9f:c4:c9:bb:9b:ce:78:6a:64:
         c3:46:c7:90:d3:8e:84:50:3b:8a:61:11:d2:71:ce:6c:b8:3d:
         43:9f:e8:3e:f8:51:f5:c5:6e:fa:60:21:7e:d3:50:19:dc:47:
         dc:2e:a0:b8:e3:2e:78:ef:4f:cf:dc:58:06:9b:c4:a1:7d:d0:
         30:b3:4d:38:70:be:93:01:e8:27:9f:37:2f:31:d8:17:37:88:
         be:16:a3:47:cc:ad:66:00:ea:8d:d6:cc:8a:7c:b6:71:a2:a6:
         e9:2e:3a:d7:69:3b:86:52:05:b0:8a:c8:56:39:b1:10:81:5b:
         da:7c:53:5e:9c:38:47:5c:8c:3f:5e:58:43:00:80:c7:56:b1:
         78:c8:3a:df:b1:b9:fa:8b:ee:bc:1f:7e:b7:3c:a3:9c:b6:f0:
         e2:3f:09:5a:7c:9a:aa:fb:1a:54:2f:06:e5:33:ff:8b:38:d1:
         b5:62:db:3b:07:0a:0f:9b:6d:5a:6b:b3:49:f7:c2:8a:52:98:
         0b:04:31:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZovKsR5RG5hiUqYB45c06n2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTg0NjJmZWJhNTQ2MTA0YjQ3OTcyOTJkZDIzYTQ2YjAy
ZjdlZDIwHhcNMjUxMDI5MDg1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMyZTJmZWNiMjE1MzVjOWU3OTlmMTJlZDU4NjAwNjM3ZmVmMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKljylh3n4tttq2mqkdi9Ml3U0Ez
CbnlEzR9ZcTHA+Yu/8+9xi1q8WuFNC7igirSKhcq+iIJfsR6gTLhX8Yv8stN1ffr
C0EHShiRTXeNzHm0BCyWvkGjTTOWLNcZyHyA/i/mcCaguFybrW5mSWSeyfrQCr4P
VZqaqLqyl6kIeeZIpmQPZCemzDdQ1znc+g5W4S+xaMSADz/ZHuJNGDpNXk7dlXQz
HKHcluJELu6swKlJjKVcQpAmVPjfOPsW7m00GTDpL4rgbBNYb9PDT0oXRX0ayPnn
UIa+jOV9pg6KHrW5fS6ia/P/pIHERHUapdKEnanmvB33yS+/dQ+C5StKYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQy4v7LIVNcnnmfEu1YYAY3/vIYMB8GA1UdIwQY
MBaAFBpYRi/rpUYQS0eXKS3SOkawL37SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xoR0wtdWxSaEJMUjVjcExkSTZSckF2ZnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wNmI3ZWUtNjc1Mi00NTBlLWI4NTIt
OWU5MDhkMDc3ZjRmLzEvbERMaV9zc2hVMXllZVo4UzdWaGdCamYtOGhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wNmI3ZWUtNjc1Mi00NTBlLWI4NTItOWU5MDhkMDc3ZjRm
LzEvR2xoR0wtdWxSaEJMUjVjcExkSTZSckF2ZnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkT8EMA0G
CSqGSIb3DQEBCwUAA4IBAQB9iZkGHc7wwKBP/OpkezDRCpzB0wz8ui/xAZdnbuQu
AAPgogJGQImorQDM9znUh+eYhKLdIo/C+DXcF9zPGROfxMm7m854amTDRseQ046E
UDuKYRHScc5suD1Dn+g++FH1xW76YCF+01AZ3EfcLqC44y5470/P3FgGm8ShfdAw
s004cL6TAegnnzcvMdgXN4i+FqNHzK1mAOqN1syKfLZxoqbpLjrXaTuGUgWwishW
ObEQgVvafFNenDhHXIw/XlhDAIDHVrF4yDrfsbn6i+68H363PKOctvDiPwlafJqq
+xpULwblM/+LONG1Yts7BwoPm21aa7NJ98KKUpgLBDGb
-----END CERTIFICATE-----