Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/2l62dAKm04WNCR-je-bPkSJnLtk.roa
File:                     2l62dAKm04WNCR-je-bPkSJnLtk.roa (raw, json)
Hash identifier:          nr1ofanqNDye36o5ymwo4drebXuJubRmduTbD4ErXCA=
Subject key identifier:   DA:5E:B6:74:02:A6:D3:85:8D:09:1F:A3:7B:E6:CF:91:22:67:2E:D9
Certificate issuer:       /CN=e03f5500aefe6ab4dbde124073a37bc0dc331e80
Certificate serial:       0198EAB1E698A1624A3C32E151ABDF39A57B
Authority key identifier: E0:3F:55:00:AE:FE:6A:B4:DB:DE:12:40:73:A3:7B:C0:DC:33:1E:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4D9VAK7-arTb3hJAc6N7wNwzHoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/2l62dAKm04WNCR-je-bPkSJnLtk.roa
Signing time:             Wed 27 Aug 2025 08:43:04 +0000
ROA not before:           Wed 27 Aug 2025 08:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        145.77.128.0/19 maxlen: 24
                          145.77.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/4D9VAK7-arTb3hJAc6N7wNwzHoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/4D9VAK7-arTb3hJAc6N7wNwzHoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4D9VAK7-arTb3hJAc6N7wNwzHoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:b1:e6:98:a1:62:4a:3c:32:e1:51:ab:df:39:a5:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e03f5500aefe6ab4dbde124073a37bc0dc331e80
        Validity
            Not Before: Aug 27 08:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da5eb67402a6d3858d091fa37be6cf9122672ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:65:dd:6b:65:b7:b3:f7:c6:f7:eb:96:98:57:
                    59:bb:80:6c:1c:54:ea:2e:e2:7d:08:7b:d8:77:33:
                    0d:af:aa:24:e1:2f:25:70:2f:18:90:c3:34:9a:32:
                    e5:b2:b8:94:55:6e:3c:42:a5:2b:8b:0c:97:0b:11:
                    36:87:09:95:e3:a0:2f:f6:8b:17:57:5d:35:40:0e:
                    8a:b6:16:30:7f:6c:0f:4a:d0:e2:37:1a:25:f8:fa:
                    be:ba:15:f5:a5:2a:2a:1a:7f:a5:c5:9d:59:c5:b8:
                    05:74:56:03:10:43:5c:a7:49:6e:5e:67:3d:ae:bd:
                    ff:11:22:cf:b0:56:5e:fd:25:12:48:76:91:3f:b8:
                    96:2d:3e:84:e5:33:5a:d4:a6:71:29:57:16:d2:6c:
                    57:c8:f8:e2:fb:8b:b2:6d:26:e1:e6:14:6e:bb:24:
                    a4:d7:e7:b3:f8:ec:92:eb:b7:ec:52:5d:83:97:9b:
                    be:7c:61:fc:06:b8:86:ac:47:19:30:6d:e8:ef:13:
                    c9:7b:eb:a3:c6:a1:d9:26:9f:6a:34:b0:6c:2f:3d:
                    82:70:ef:8d:44:bd:13:3f:66:92:a8:f2:9c:3a:82:
                    b3:06:7d:1e:a0:53:a2:4c:5e:65:e7:2b:ad:08:eb:
                    9e:98:4c:c5:34:93:ce:99:df:20:84:54:0f:8c:29:
                    e4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:5E:B6:74:02:A6:D3:85:8D:09:1F:A3:7B:E6:CF:91:22:67:2E:D9
            X509v3 Authority Key Identifier:
                keyid:E0:3F:55:00:AE:FE:6A:B4:DB:DE:12:40:73:A3:7B:C0:DC:33:1E:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4D9VAK7-arTb3hJAc6N7wNwzHoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/2l62dAKm04WNCR-je-bPkSJnLtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27db7b-c0a2-4892-9047-3ac565dcdf73/1/4D9VAK7-arTb3hJAc6N7wNwzHoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.77.128.0/19
                  145.77.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         19:f7:46:36:73:03:e9:80:19:d7:c1:f4:53:c5:78:82:61:e1:
         c9:d8:50:64:9a:98:5d:35:ba:6f:d7:ba:8d:e8:52:b3:2f:2e:
         24:ad:84:c3:e0:89:35:9c:73:ec:1f:dd:73:69:7c:1a:09:50:
         4d:8b:df:2a:50:21:db:2b:cc:b2:89:ae:2a:f4:05:dd:35:e7:
         b8:95:f5:d3:6e:bb:0c:64:04:1f:05:7c:3c:e8:8d:65:65:a7:
         f4:8b:c1:d2:7e:49:78:18:3f:d3:d7:9c:de:ac:59:77:86:c1:
         e8:fb:97:ca:3d:ab:a8:70:d7:02:af:69:f9:a0:ed:58:76:a9:
         5d:89:94:e9:2c:82:3c:b8:36:7c:eb:a3:f4:98:5a:e7:fc:15:
         61:0c:17:40:ba:9a:5d:b2:07:2a:4d:e2:e0:36:6a:bf:a4:b7:
         b0:f5:9b:e4:5a:ce:d3:e5:04:51:5c:ff:fe:84:c1:5d:ba:b8:
         01:9f:8a:c2:2c:48:c7:40:e7:de:42:92:80:5a:57:04:25:a6:
         48:68:d9:21:94:1a:bd:82:ce:96:91:32:85:bf:ee:67:55:0c:
         c8:83:e5:f4:c6:45:77:2d:a4:63:f9:d2:4e:04:fd:ed:a6:39:
         a8:c7:3c:22:21:ac:53:09:17:5c:0d:9a:41:12:5a:cc:b1:2d:
         5d:70:de:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjqseaYoWJKPDLhUavfOaV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwM2Y1NTAwYWVmZTZhYjRkYmRlMTI0MDczYTM3YmMwZGMz
MzFlODAwHhcNMjUwODI3MDg0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTVlYjY3NDAyYTZkMzg1OGQwOTFmYTM3YmU2Y2Y5MTIyNjcyZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGXda2W3s/fG9+uWmFdZu4BsHFTq
LuJ9CHvYdzMNr6ok4S8lcC8YkMM0mjLlsriUVW48QqUriwyXCxE2hwmV46Av9osX
V101QA6KthYwf2wPStDiNxol+Pq+uhX1pSoqGn+lxZ1ZxbgFdFYDEENcp0luXmc9
rr3/ESLPsFZe/SUSSHaRP7iWLT6E5TNa1KZxKVcW0mxXyPji+4uybSbh5hRuuySk
1+ez+OyS67fsUl2Dl5u+fGH8BriGrEcZMG3o7xPJe+ujxqHZJp9qNLBsLz2CcO+N
RL0TP2aSqPKcOoKzBn0eoFOiTF5l5yutCOuemEzFNJPOmd8ghFQPjCnktQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNpetnQCptOFjQkfo3vmz5EiZy7ZMB8GA1UdIwQY
MBaAFOA/VQCu/mq0294SQHOje8DcMx6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEQ5VkFLNy1hclRiM2hKQWM2Tjd3Tnd6SG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yN2RiN2ItYzBhMi00ODkyLTkwNDct
M2FjNTY1ZGNkZjczLzEvMmw2MmRBS20wNFdOQ1ItamUtYlBrU0puTHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yN2RiN2ItYzBhMi00ODkyLTkwNDctM2FjNTY1ZGNkZjcz
LzEvNEQ5VkFLNy1hclRiM2hKQWM2Tjd3Tnd6SG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFkU2AAwQE
kU3wMA0GCSqGSIb3DQEBCwUAA4IBAQAZ90Y2cwPpgBnXwfRTxXiCYeHJ2FBkmphd
Nbpv17qN6FKzLy4krYTD4Ik1nHPsH91zaXwaCVBNi98qUCHbK8yyia4q9AXdNee4
lfXTbrsMZAQfBXw86I1lZaf0i8HSfkl4GD/T15zerFl3hsHo+5fKPauocNcCr2n5
oO1YdqldiZTpLII8uDZ866P0mFrn/BVhDBdAuppdsgcqTeLgNmq/pLew9ZvkWs7T
5QRRXP/+hMFdurgBn4rCLEjHQOfeQpKAWlcEJaZIaNkhlBq9gs6WkTKFv+5nVQzI
g+X0xkV3LaRj+dJOBP3tpjmoxzwiIaxTCRdcDZpBElrMsS1dcN7I
-----END CERTIFICATE-----