Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LMdQpYE9dBNTzanGIqV59og3G5Y.roa
File:                     LMdQpYE9dBNTzanGIqV59og3G5Y.roa (raw, json)
Hash identifier:          O9iBbYU6FJx61oOEQm4eZUxrBSFdJBoBF1RZ/jgTxRE=
Subject key identifier:   2C:C7:50:A5:81:3D:74:13:53:CD:A9:C6:22:A5:79:F6:88:37:1B:96
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019A0C11C79FDE7198076AC244DA28C88BE4
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LMdQpYE9dBNTzanGIqV59og3G5Y.roa
Signing time:             Wed 22 Oct 2025 13:18:03 +0000
ROA not before:           Wed 22 Oct 2025 13:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50104
IP address blocks:        185.65.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 13:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:11:c7:9f:de:71:98:07:6a:c2:44:da:28:c8:8b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Oct 22 13:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cc750a5813d741353cda9c622a579f688371b96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:61:d5:fd:36:d0:ab:a8:b9:ec:26:05:5f:47:
                    b0:90:f5:c8:d5:3b:6a:a5:44:83:d4:ce:56:a5:8c:
                    c2:ee:31:74:62:20:95:71:c7:cf:57:1e:b5:a2:4c:
                    e8:f8:29:e1:d4:f0:0b:80:84:ff:69:87:84:15:55:
                    9b:6d:f7:ce:04:94:03:b8:ce:15:58:b7:83:c7:ec:
                    45:a2:94:d5:c5:4d:38:10:65:6f:f4:f8:a0:6b:3e:
                    61:e6:72:bf:d2:a2:d0:85:c6:60:f4:1b:b9:92:52:
                    fa:23:63:12:12:9f:b1:d1:1b:78:a9:1a:b4:81:0c:
                    8b:be:9d:ad:53:66:4b:bd:e4:fe:5c:8d:b2:af:85:
                    0e:4a:5b:7d:ad:23:1e:ab:47:ea:0a:a6:07:5f:2e:
                    43:9a:63:dc:b5:c8:e0:93:5c:84:e3:56:40:91:23:
                    96:2e:6f:7f:a8:11:11:91:89:74:89:59:06:28:2d:
                    52:ae:b9:f0:f7:04:87:5a:b2:7b:58:09:83:68:0f:
                    19:ae:2e:11:dc:0a:0b:cb:29:78:9c:df:63:74:5a:
                    40:8f:08:3f:74:8a:58:b6:d0:a5:c8:bb:4f:67:6a:
                    d5:cb:ab:04:9b:e6:48:3c:3d:72:0c:8e:41:1b:2f:
                    0f:00:88:64:aa:61:98:5a:6c:14:44:45:4a:b8:f9:
                    68:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C7:50:A5:81:3D:74:13:53:CD:A9:C6:22:A5:79:F6:88:37:1B:96
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LMdQpYE9dBNTzanGIqV59og3G5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:5a:7c:17:55:35:a1:02:47:b6:b4:22:ad:ca:94:93:6f:74:
         c1:f5:70:c4:ea:a5:7d:6a:ae:72:ad:58:21:43:cd:2f:37:da:
         0e:c1:f9:79:96:01:e9:f7:36:e4:d9:2a:8b:c3:d3:28:84:6d:
         c3:a4:7f:1d:05:d6:1e:88:8d:63:c4:d4:c9:2e:c6:47:f0:23:
         db:3c:40:08:f7:5e:8a:17:2c:89:65:fb:6b:ae:57:f8:bb:27:
         3c:65:72:1f:f2:63:07:30:ea:53:d5:ec:83:8e:e4:98:a3:42:
         de:94:d5:16:14:68:33:12:20:c9:43:3f:56:62:f0:f8:9a:79:
         13:af:7b:82:4f:59:06:f5:50:ae:2d:63:11:93:4b:c4:c6:f1:
         da:53:fb:b9:46:af:2e:74:48:dc:1f:4b:88:f5:86:da:6c:d6:
         07:ce:6c:31:c4:6d:3c:4c:07:1d:a5:bf:d4:b3:e1:9f:82:27:
         ba:59:d7:44:e6:5a:01:cd:74:81:6c:48:e2:27:30:b2:ac:95:
         12:d5:db:a3:d3:82:d7:ab:e0:ed:a9:41:1c:39:24:4d:14:b9:
         e3:f3:6c:e5:54:d6:a2:0d:40:12:c9:7f:b3:fe:d9:d1:21:be:
         ab:96:ad:5a:16:6d:22:e3:de:9f:7b:c3:21:98:02:db:ea:98:
         cc:55:e8:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoMEcef3nGYB2rCRNooyIvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUxMDIyMTMxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M3NTBhNTgxM2Q3NDEzNTNjZGE5YzYyMmE1NzlmNjg4MzcxYjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2HV/TbQq6i57CYFX0ewkPXI1Ttq
pUSD1M5WpYzC7jF0YiCVccfPVx61okzo+Cnh1PALgIT/aYeEFVWbbffOBJQDuM4V
WLeDx+xFopTVxU04EGVv9Pigaz5h5nK/0qLQhcZg9Bu5klL6I2MSEp+x0Rt4qRq0
gQyLvp2tU2ZLveT+XI2yr4UOSlt9rSMeq0fqCqYHXy5DmmPctcjgk1yE41ZAkSOW
Lm9/qBERkYl0iVkGKC1Srrnw9wSHWrJ7WAmDaA8Zri4R3AoLyyl4nN9jdFpAjwg/
dIpYttClyLtPZ2rVy6sEm+ZIPD1yDI5BGy8PAIhkqmGYWmwUREVKuPloIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzHUKWBPXQTU82pxiKlefaINxuWMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvTE1kUXBZRTlkQk5UemFuR0lxVjU5b2czRzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUHLMA0G
CSqGSIb3DQEBCwUAA4IBAQC/WnwXVTWhAke2tCKtypSTb3TB9XDE6qV9aq5yrVgh
Q80vN9oOwfl5lgHp9zbk2SqLw9MohG3DpH8dBdYeiI1jxNTJLsZH8CPbPEAI916K
FyyJZftrrlf4uyc8ZXIf8mMHMOpT1eyDjuSYo0LelNUWFGgzEiDJQz9WYvD4mnkT
r3uCT1kG9VCuLWMRk0vExvHaU/u5Rq8udEjcH0uI9YbabNYHzmwxxG08TAcdpb/U
s+Gfgie6WddE5loBzXSBbEjiJzCyrJUS1duj04LXq+DtqUEcOSRNFLnj82zlVNai
DUASyX+z/tnRIb6rlq1aFm0i496fe8MhmALb6pjMVeh1
-----END CERTIFICATE-----