Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/eGD2qM9gyPlyNsWFm0ZA5Omy1IE.roa
File:                     eGD2qM9gyPlyNsWFm0ZA5Omy1IE.roa (raw, json)
Hash identifier:          y0pG7C3wx0x5ZaENQv/xppcabkujI4sYVnGq/OBgcB8=
Subject key identifier:   78:60:F6:A8:CF:60:C8:F9:72:36:C5:85:9B:46:40:E4:E9:B2:D4:81
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       01990BDED3EBCB01FE529FFD3089ED1FB332
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/eGD2qM9gyPlyNsWFm0ZA5Omy1IE.roa
Signing time:             Tue 02 Sep 2025 19:19:36 +0000
ROA not before:           Tue 02 Sep 2025 19:19:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        209.131.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 09:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:de:d3:eb:cb:01:fe:52:9f:fd:30:89:ed:1f:b3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Sep  2 19:19:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7860f6a8cf60c8f97236c5859b4640e4e9b2d481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:35:c0:f6:ff:40:2d:6b:94:1a:1e:c1:82:b8:
                    58:55:71:a6:0b:e5:e5:7f:65:1e:7b:82:71:11:ff:
                    0c:ba:d7:20:ff:31:ee:ba:5c:6e:c1:40:64:3e:4a:
                    39:7e:7a:b6:a7:55:c7:23:d7:ca:ea:fb:d7:6c:d1:
                    f8:c3:e6:a2:ed:3b:35:3a:58:7e:6d:a1:20:84:9f:
                    c0:bd:a7:3b:9a:69:d2:8a:67:b8:24:9c:24:f0:1b:
                    e9:46:e9:a5:49:67:9d:fc:b6:f7:69:cf:41:8b:d8:
                    57:6a:d8:5a:c9:ed:70:85:f3:3a:4c:fb:1b:b4:1b:
                    18:03:51:39:da:58:04:a8:45:70:96:ad:44:0c:ae:
                    74:fa:a7:5f:a1:f3:b3:41:b3:21:32:06:d6:af:2c:
                    0c:40:be:d0:c3:71:f1:a9:be:94:ae:ee:53:55:88:
                    67:f8:1c:4f:ea:bb:9d:4a:11:fa:fa:dc:87:92:6a:
                    c2:a4:7d:3e:06:12:16:e6:81:20:db:ca:27:7a:94:
                    67:9d:16:a2:13:f7:e3:2c:ea:2e:d2:45:38:bf:d4:
                    4d:09:e3:3c:fc:f8:39:ee:a3:91:0a:d1:59:54:e1:
                    7b:cb:cf:77:2c:0e:9c:74:b0:b2:28:f2:b4:96:48:
                    37:b2:26:94:4a:e4:a8:c9:a3:f5:3e:1a:c3:a8:c8:
                    f6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:60:F6:A8:CF:60:C8:F9:72:36:C5:85:9B:46:40:E4:E9:B2:D4:81
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/eGD2qM9gyPlyNsWFm0ZA5Omy1IE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:05:0e:47:5b:e3:13:c3:20:71:36:d0:f6:18:ef:62:10:89:
         af:2e:e8:a5:9d:f3:04:30:bb:95:33:0d:d3:fc:09:ef:b9:81:
         d2:4c:a6:8a:5b:36:c7:3a:61:f6:e1:eb:6d:85:65:64:41:ce:
         a5:46:b3:07:b1:54:1e:2a:4c:17:85:34:7c:0e:72:76:e7:e6:
         4a:04:35:ad:36:94:0c:ce:1d:1a:49:d8:ca:2f:f3:74:83:4a:
         e7:af:11:8b:41:df:e7:00:72:4d:6f:ae:a6:37:1d:f4:f8:bc:
         5c:82:c6:ac:9c:cd:f1:b7:ce:ef:6c:ba:2c:e0:ed:25:ed:73:
         e5:31:de:2d:8a:04:cd:21:23:3b:30:f6:a8:93:08:3b:24:85:
         d8:20:fb:f8:25:63:23:91:5d:ca:37:d8:eb:ad:cb:e6:8e:41:
         42:b4:91:45:31:4b:5d:39:8d:1e:19:5d:ca:59:d4:fd:71:aa:
         35:e0:68:2d:22:04:4b:3a:f4:08:a6:48:b4:22:a3:ec:7f:3a:
         4c:5e:4b:fd:ac:98:ef:53:7d:2c:ef:bd:58:8c:a2:e4:01:e9:
         b3:57:55:0a:8f:67:8c:1b:9b:75:2a:e6:e2:9d:86:6b:75:3a:
         f9:38:b6:bd:23:05:f9:4a:46:d0:c0:aa:d8:83:0f:3f:89:87:
         3c:16:08:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkL3tPrywH+Up/9MIntH7MyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUwOTAyMTkxOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODYwZjZhOGNmNjBjOGY5NzIzNmM1ODU5YjQ2NDBlNGU5YjJkNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTXA9v9ALWuUGh7BgrhYVXGmC+Xl
f2Uee4JxEf8Mutcg/zHuulxuwUBkPko5fnq2p1XHI9fK6vvXbNH4w+ai7Ts1Olh+
baEghJ/Avac7mmnSime4JJwk8BvpRumlSWed/Lb3ac9Bi9hXathaye1whfM6TPsb
tBsYA1E52lgEqEVwlq1EDK50+qdfofOzQbMhMgbWrywMQL7Qw3Hxqb6Uru5TVYhn
+BxP6rudShH6+tyHkmrCpH0+BhIW5oEg28onepRnnRaiE/fjLOou0kU4v9RNCeM8
/Pg57qORCtFZVOF7y893LA6cdLCyKPK0lkg3siaUSuSoyaP1PhrDqMj2rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhg9qjPYMj5cjbFhZtGQOTpstSBMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvZUdEMnFNOWd5UGx5TnNXRm0wWkE1T215MUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNHMA0G
CSqGSIb3DQEBCwUAA4IBAQBLBQ5HW+MTwyBxNtD2GO9iEImvLuilnfMEMLuVMw3T
/AnvuYHSTKaKWzbHOmH24etthWVkQc6lRrMHsVQeKkwXhTR8DnJ25+ZKBDWtNpQM
zh0aSdjKL/N0g0rnrxGLQd/nAHJNb66mNx30+LxcgsasnM3xt87vbLos4O0l7XPl
Md4tigTNISM7MPaokwg7JIXYIPv4JWMjkV3KN9jrrcvmjkFCtJFFMUtdOY0eGV3K
WdT9cao14GgtIgRLOvQIpki0IqPsfzpMXkv9rJjvU30s771YjKLkAemzV1UKj2eM
G5t1KubinYZrdTr5OLa9IwX5SkbQwKrYgw8/iYc8Fgh3
-----END CERTIFICATE-----