Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1EX4kZ9vddyT4h_B81EN_YFgV7M.roa
File:                     1EX4kZ9vddyT4h_B81EN_YFgV7M.roa (raw, json)
Hash identifier:          XM8DAjgQJT+88mG4SiUCaToZg6wqMumNcSNAzJ/xTfU=
Subject key identifier:   D4:45:F8:91:9F:6F:75:DC:93:E2:1F:C1:F3:51:0D:FD:81:60:57:B3
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0197F3EAAA83DB887A61C93175ACBC467C24
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1EX4kZ9vddyT4h_B81EN_YFgV7M.roa
Signing time:             Thu 10 Jul 2025 10:38:51 +0000
ROA not before:           Thu 10 Jul 2025 10:38:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51264
IP address blocks:        94.131.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:ea:aa:83:db:88:7a:61:c9:31:75:ac:bc:46:7c:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jul 10 10:38:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d445f8919f6f75dc93e21fc1f3510dfd816057b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e3:fd:81:7e:1a:35:af:83:75:03:46:16:65:
                    16:75:f9:70:14:cd:92:32:91:a1:1e:dc:a5:52:57:
                    88:ea:f8:5a:be:99:9e:6d:d8:5a:93:a9:ad:71:54:
                    2d:97:06:24:cc:76:fa:2a:6c:5d:c6:af:8b:30:c6:
                    41:f5:8e:14:82:7d:88:b1:43:e7:b9:2a:36:4d:94:
                    60:41:5a:13:7e:cb:ce:72:de:07:c1:11:4f:f8:b1:
                    81:4f:6c:db:10:aa:f7:1d:f2:8a:9d:b1:85:37:d1:
                    7c:e7:df:d3:96:f4:f5:86:fb:33:72:c2:e3:17:b9:
                    1b:6a:05:4d:47:57:55:98:ef:dd:72:2a:f8:97:2f:
                    21:55:3b:02:6f:54:be:e3:ff:62:50:a5:6b:02:ad:
                    90:38:03:9c:cf:aa:cb:0f:8b:22:3c:5b:1a:d6:81:
                    31:7f:30:bd:4e:03:0c:22:d7:5d:e0:0e:25:0d:cf:
                    63:19:fd:76:27:ab:d5:e1:a9:5c:39:b3:ff:fe:5d:
                    6f:3f:a0:ab:4b:cb:0f:6b:8b:92:d9:dc:e6:71:42:
                    0d:49:b3:6a:cc:97:9e:05:12:78:5a:87:8b:db:0a:
                    53:96:dd:4f:8e:08:10:59:e6:9e:2c:5d:fa:f8:6c:
                    bc:bd:24:f3:7b:75:9c:89:c1:62:80:52:11:21:c1:
                    68:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:45:F8:91:9F:6F:75:DC:93:E2:1F:C1:F3:51:0D:FD:81:60:57:B3
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1EX4kZ9vddyT4h_B81EN_YFgV7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:51:02:af:f3:3f:97:09:d3:a4:eb:9e:c7:6c:86:a7:91:9b:
         cc:41:96:54:89:b1:83:89:54:24:6d:f8:0d:36:cc:0d:5b:e9:
         43:ab:a3:dd:bc:1e:18:49:2e:80:c6:83:52:38:bd:af:54:62:
         73:b9:e3:91:de:d0:66:7b:e4:23:4b:40:aa:33:1a:10:52:bf:
         d2:9f:b6:e9:2e:d7:33:72:fd:67:7d:69:5f:cc:5b:af:63:85:
         37:bd:2e:b5:84:71:f6:05:0b:7f:8d:73:24:45:1c:43:c1:21:
         a4:56:2f:bf:95:ac:61:2c:ca:39:b8:26:96:7b:d1:87:c1:26:
         63:e2:8f:d6:e1:b9:61:0c:94:ca:58:76:f6:2a:43:18:2e:b7:
         b8:3c:53:0b:38:be:b1:b5:e6:d1:42:82:79:a7:d2:df:b0:cb:
         a6:ae:01:5a:ae:c7:63:f8:79:7d:7e:d0:0d:bb:e4:9e:ea:b1:
         c0:91:68:40:45:b9:77:df:7d:d4:6d:71:3a:51:e4:fd:dd:13:
         c9:51:45:af:16:df:cb:f7:5b:ff:96:92:ea:a3:ba:eb:35:80:
         0b:e4:05:3e:02:c3:3c:ff:3d:08:d7:2f:06:d1:54:1e:07:71:
         09:1b:60:4a:7b:88:cd:d8:bc:83:c2:53:4e:19:c6:9e:90:f5:
         4e:9c:0b:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz6qqD24h6Yckxday8RnwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNzEwMTAzODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDQ1Zjg5MTlmNmY3NWRjOTNlMjFmYzFmMzUxMGRmZDgxNjA1N2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeP9gX4aNa+DdQNGFmUWdflwFM2S
MpGhHtylUleI6vhavpmebdhak6mtcVQtlwYkzHb6Kmxdxq+LMMZB9Y4Ugn2IsUPn
uSo2TZRgQVoTfsvOct4HwRFP+LGBT2zbEKr3HfKKnbGFN9F859/TlvT1hvszcsLj
F7kbagVNR1dVmO/dcir4ly8hVTsCb1S+4/9iUKVrAq2QOAOcz6rLD4siPFsa1oEx
fzC9TgMMItdd4A4lDc9jGf12J6vV4alcObP//l1vP6CrS8sPa4uS2dzmcUINSbNq
zJeeBRJ4WoeL2wpTlt1PjggQWeaeLF36+Gy8vSTze3WcicFigFIRIcFo8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRF+JGfb3Xck+IfwfNRDf2BYFezMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvMUVYNGtaOXZkZHlUNGhfQjgxRU5fWUZnVjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoN9MA0G
CSqGSIb3DQEBCwUAA4IBAQClUQKv8z+XCdOk657HbIankZvMQZZUibGDiVQkbfgN
NswNW+lDq6PdvB4YSS6AxoNSOL2vVGJzueOR3tBme+QjS0CqMxoQUr/Sn7bpLtcz
cv1nfWlfzFuvY4U3vS61hHH2BQt/jXMkRRxDwSGkVi+/laxhLMo5uCaWe9GHwSZj
4o/W4blhDJTKWHb2KkMYLre4PFMLOL6xtebRQoJ5p9LfsMumrgFarsdj+Hl9ftAN
u+Se6rHAkWhARbl3333UbXE6UeT93RPJUUWvFt/L91v/lpLqo7rrNYAL5AU+AsM8
/z0I1y8G0VQeB3EJG2BKe4jN2LyDwlNOGcaekPVOnAvC
-----END CERTIFICATE-----