Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lUE3uZJLYe9eqmUyCH05H36SEp0.roa
File:                     lUE3uZJLYe9eqmUyCH05H36SEp0.roa (raw, json)
Hash identifier:          Rvx06ICV18qyvBGjnh3E88XndXAT1M4PLYOoy7xw/Xc=
Subject key identifier:   95:41:37:B9:92:4B:61:EF:5E:AA:65:32:08:7D:39:1F:7E:92:12:9D
Certificate issuer:       /CN=1a58462feba546104b4797292dd23a46b02f7ed2
Certificate serial:       019A2F2AC40857169A334DE0D12E48EBF023
Authority key identifier: 1A:58:46:2F:EB:A5:46:10:4B:47:97:29:2D:D2:3A:46:B0:2F:7E:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lUE3uZJLYe9eqmUyCH05H36SEp0.roa
Signing time:             Wed 29 Oct 2025 08:52:03 +0000
ROA not before:           Wed 29 Oct 2025 08:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214689
IP address blocks:        145.63.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:2a:c4:08:57:16:9a:33:4d:e0:d1:2e:48:eb:f0:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a58462feba546104b4797292dd23a46b02f7ed2
        Validity
            Not Before: Oct 29 08:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=954137b9924b61ef5eaa6532087d391f7e92129d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6a:60:ce:ac:ed:a5:fb:ec:86:07:45:fe:9b:
                    be:b7:f0:6e:83:5a:7a:a1:db:27:5b:4e:ed:6a:40:
                    17:0f:67:f5:e6:90:f3:56:4e:1b:db:c3:20:aa:d1:
                    7d:c6:c5:7f:af:fc:89:60:73:63:8a:9e:71:d5:c6:
                    6c:e8:fe:b8:b6:ca:54:e9:28:0b:66:89:19:71:0b:
                    e2:e2:0d:b2:55:38:16:e3:ff:37:ff:0e:f0:0f:54:
                    18:c0:ec:03:cb:69:b7:80:e9:b9:8a:ea:98:78:b8:
                    dd:c4:6f:46:6d:9b:19:34:9c:92:95:cc:bf:32:ef:
                    45:6c:c5:b1:43:30:9c:37:11:12:1a:e6:de:17:f2:
                    ca:5b:f4:3b:0e:26:4d:3a:37:22:ef:40:12:1c:3e:
                    4c:a2:a3:19:82:50:f0:4e:5f:07:c3:29:f4:1e:66:
                    0f:07:f8:d6:6b:fd:75:a2:36:0b:10:83:d8:87:3b:
                    e3:88:2b:35:5b:8b:8f:07:99:40:84:7b:fd:c6:b7:
                    44:3f:2c:af:40:52:cd:4f:06:9d:07:01:66:1b:08:
                    80:c8:dd:d8:61:fb:6b:64:70:ab:03:44:5c:dd:64:
                    da:e5:6f:f4:49:58:48:d1:6d:cb:71:5e:94:45:53:
                    da:68:8c:83:50:52:28:d2:82:00:3d:a4:46:bf:7d:
                    f7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:41:37:B9:92:4B:61:EF:5E:AA:65:32:08:7D:39:1F:7E:92:12:9D
            X509v3 Authority Key Identifier:
                keyid:1A:58:46:2F:EB:A5:46:10:4B:47:97:29:2D:D2:3A:46:B0:2F:7E:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlhGL-ulRhBLR5cpLdI6RrAvftI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/lUE3uZJLYe9eqmUyCH05H36SEp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/06b7ee-6752-450e-b852-9e908d077f4f/1/GlhGL-ulRhBLR5cpLdI6RrAvftI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.63.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         89:4f:71:98:b2:8d:21:e2:ef:2d:84:24:e6:9b:cc:72:68:e3:
         e0:f8:55:a3:c3:ed:79:d7:70:01:70:5f:9d:3e:f3:24:09:f5:
         f9:d1:c6:3c:5a:57:ab:5b:7c:88:13:85:78:fc:b0:80:96:f6:
         f1:b3:62:4f:52:aa:51:fa:17:f0:57:33:78:ca:50:57:1e:b9:
         f1:eb:56:ef:fa:c4:35:37:f4:8b:f1:4f:d9:0c:8c:c1:d8:63:
         91:d8:42:93:43:16:85:c4:ff:d6:96:df:2e:2f:f0:3a:1f:fa:
         57:f0:12:bb:2f:24:a7:f8:96:d5:69:ae:94:99:a6:98:21:36:
         91:4d:00:8d:b2:23:e4:0d:7f:59:84:55:12:b0:53:68:be:79:
         94:5a:6c:17:e1:d1:53:18:a8:42:59:c3:23:46:e0:12:44:57:
         31:cf:b8:4f:7b:e1:69:c4:25:53:34:b8:7e:48:fe:2a:b2:18:
         8f:5d:01:ab:06:aa:06:a4:46:7b:c4:bc:27:cc:a9:91:d7:32:
         f8:13:44:ce:99:9f:ba:df:8f:93:41:1f:4d:30:d5:dc:53:80:
         43:74:c8:19:96:79:10:b1:58:4e:c7:fd:0d:a9:eb:16:4c:32:
         98:e5:fc:76:35:f9:0e:22:16:96:72:58:a2:86:9d:34:43:cd:
         7e:70:09:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZovKsQIVxaaM03g0S5I6/AjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTg0NjJmZWJhNTQ2MTA0YjQ3OTcyOTJkZDIzYTQ2YjAy
ZjdlZDIwHhcNMjUxMDI5MDg1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQxMzdiOTkyNGI2MWVmNWVhYTY1MzIwODdkMzkxZjdlOTIxMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmpgzqztpfvshgdF/pu+t/Bug1p6
odsnW07takAXD2f15pDzVk4b28MgqtF9xsV/r/yJYHNjip5x1cZs6P64tspU6SgL
ZokZcQvi4g2yVTgW4/83/w7wD1QYwOwDy2m3gOm5iuqYeLjdxG9GbZsZNJySlcy/
Mu9FbMWxQzCcNxESGubeF/LKW/Q7DiZNOjci70ASHD5MoqMZglDwTl8Hwyn0HmYP
B/jWa/11ojYLEIPYhzvjiCs1W4uPB5lAhHv9xrdEPyyvQFLNTwadBwFmGwiAyN3Y
YftrZHCrA0Rc3WTa5W/0SVhI0W3LcV6URVPaaIyDUFIo0oIAPaRGv333TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVBN7mSS2HvXqplMgh9OR9+khKdMB8GA1UdIwQY
MBaAFBpYRi/rpUYQS0eXKS3SOkawL37SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xoR0wtdWxSaEJMUjVjcExkSTZSckF2ZnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wNmI3ZWUtNjc1Mi00NTBlLWI4NTIt
OWU5MDhkMDc3ZjRmLzEvbFVFM3VaSkxZZTllcW1VeUNIMDVIMzZTRXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wNmI3ZWUtNjc1Mi00NTBlLWI4NTItOWU5MDhkMDc3ZjRm
LzEvR2xoR0wtdWxSaEJMUjVjcExkSTZSckF2ZnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkT8IMA0G
CSqGSIb3DQEBCwUAA4IBAQCJT3GYso0h4u8thCTmm8xyaOPg+FWjw+1513ABcF+d
PvMkCfX50cY8WlerW3yIE4V4/LCAlvbxs2JPUqpR+hfwVzN4ylBXHrnx61bv+sQ1
N/SL8U/ZDIzB2GOR2EKTQxaFxP/Wlt8uL/A6H/pX8BK7LySn+JbVaa6UmaaYITaR
TQCNsiPkDX9ZhFUSsFNovnmUWmwX4dFTGKhCWcMjRuASRFcxz7hPe+FpxCVTNLh+
SP4qshiPXQGrBqoGpEZ7xLwnzKmR1zL4E0TOmZ+634+TQR9NMNXcU4BDdMgZlnkQ
sVhOx/0NqesWTDKY5fx2NfkOIhaWcliihp00Q81+cAkR
-----END CERTIFICATE-----