Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/4DbDI_EnOkcmLXrBG5jeHwTwt2c.roa
File:                     4DbDI_EnOkcmLXrBG5jeHwTwt2c.roa (raw, json)
Hash identifier:          mJ/2UVoGEpFQIaST8cEuCkebUiYaaorOEoL9AoSGYIQ=
Subject key identifier:   E0:36:C3:23:F1:27:3A:47:26:2D:7A:C1:1B:98:DE:1F:04:F0:B7:67
Certificate issuer:       /CN=5403e5f8405d6085b8df4bfce1dd9bb3e78c2199
Certificate serial:       019A071D30C93D828FC133D5BB5B4A39C238
Authority key identifier: 54:03:E5:F8:40:5D:60:85:B8:DF:4B:FC:E1:DD:9B:B3:E7:8C:21:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/4DbDI_EnOkcmLXrBG5jeHwTwt2c.roa
Signing time:             Tue 21 Oct 2025 14:12:24 +0000
ROA not before:           Tue 21 Oct 2025 14:12:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215747
IP address blocks:        185.189.181.0/24 maxlen: 24
                          2a0b:f380:3e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:1d:30:c9:3d:82:8f:c1:33:d5:bb:5b:4a:39:c2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5403e5f8405d6085b8df4bfce1dd9bb3e78c2199
        Validity
            Not Before: Oct 21 14:12:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e036c323f1273a47262d7ac11b98de1f04f0b767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4c:ff:5e:f3:b3:97:e4:27:22:93:2d:71:79:
                    ee:ca:d7:a3:48:59:40:b4:a1:84:58:fb:ae:16:49:
                    39:f4:b9:63:48:ab:96:dc:85:1b:51:20:d3:fb:b7:
                    2c:18:17:65:82:30:ff:4f:51:50:ea:2b:92:cc:d9:
                    22:d5:e4:11:52:63:6e:68:24:03:c7:14:5c:ca:58:
                    c7:e9:26:ec:9b:7b:5f:ca:58:5b:eb:ba:e4:23:0d:
                    6e:62:9c:b1:5b:6e:c2:11:2f:e3:48:dc:8a:07:d9:
                    30:f6:10:9a:dd:ac:52:5b:4b:0e:ac:1c:4f:f8:f4:
                    e0:80:29:a2:a8:eb:8f:16:c7:e8:da:1b:bd:63:ff:
                    4e:5e:ab:ac:b7:13:33:98:2a:1f:cb:8f:86:5f:68:
                    d6:7d:8b:a0:c2:3c:c9:f4:8a:4f:c9:1f:91:25:7e:
                    39:46:bd:24:d6:a6:ec:08:00:33:1b:0d:51:65:61:
                    45:68:20:0f:2b:4d:79:35:65:65:e3:33:c3:54:bc:
                    d7:44:08:6c:6a:3a:a7:de:6b:27:57:d5:47:9d:df:
                    c6:14:52:9a:1f:a6:cc:4b:17:5b:09:90:da:bf:75:
                    63:69:de:92:59:1d:04:e7:5c:8a:f2:62:05:f8:5f:
                    8e:3f:79:ca:94:72:c3:e8:e6:93:09:6d:a2:20:a0:
                    82:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:36:C3:23:F1:27:3A:47:26:2D:7A:C1:1B:98:DE:1F:04:F0:B7:67
            X509v3 Authority Key Identifier:
                keyid:54:03:E5:F8:40:5D:60:85:B8:DF:4B:FC:E1:DD:9B:B3:E7:8C:21:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/4DbDI_EnOkcmLXrBG5jeHwTwt2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.181.0/24
                IPv6:
                  2a0b:f380:3e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:bf:cd:40:e4:27:07:46:e0:8d:ee:60:21:f3:bd:be:0b:5a:
         25:fe:5d:7d:4e:4c:fe:3e:ed:13:87:f9:e5:09:33:1a:ef:3c:
         51:82:44:2f:8d:b0:58:fc:89:68:09:ca:d0:3d:8f:e4:23:ad:
         78:97:da:a6:15:d8:7c:eb:a4:6c:e5:ca:5f:3b:43:7a:43:ef:
         be:6f:1a:59:98:8f:56:97:fb:d9:d9:f2:c4:5a:fb:5f:ad:8e:
         65:85:04:34:66:36:7d:46:bc:33:38:19:ca:65:a5:2f:cf:5a:
         a7:5f:86:b3:35:8b:c4:2b:5a:9b:bd:9c:d9:e0:2f:c7:8f:da:
         e2:7b:72:43:0f:23:fc:c0:70:26:30:8c:3f:be:88:09:50:52:
         30:19:b4:b9:38:df:9f:d4:56:55:b9:88:33:3d:bc:c1:5e:3a:
         bb:f1:47:b0:aa:83:01:7c:8d:5c:49:0f:ba:b1:cf:30:32:3f:
         e6:40:6e:f3:9c:88:88:2d:12:ab:0b:93:e7:ff:5c:84:ab:42:
         03:88:3e:0d:d0:6f:cc:69:f4:67:92:a1:2e:a2:72:d2:46:40:
         54:9e:d4:25:8c:bb:e1:5c:0b:39:2a:c6:a5:b4:5f:5d:be:8e:
         72:33:fd:c8:db:f6:7c:00:fe:19:f9:62:86:49:4a:5c:c3:5a:
         a4:fa:db:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZoHHTDJPYKPwTPVu1tKOcI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MDNlNWY4NDA1ZDYwODViOGRmNGJmY2UxZGQ5YmIzZTc4
YzIxOTkwHhcNMjUxMDIxMTQxMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM2YzMyM2YxMjczYTQ3MjYyZDdhYzExYjk4ZGUxZjA0ZjBiNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEz/XvOzl+QnIpMtcXnuytejSFlA
tKGEWPuuFkk59LljSKuW3IUbUSDT+7csGBdlgjD/T1FQ6iuSzNki1eQRUmNuaCQD
xxRcyljH6Sbsm3tfylhb67rkIw1uYpyxW27CES/jSNyKB9kw9hCa3axSW0sOrBxP
+PTggCmiqOuPFsfo2hu9Y/9OXqustxMzmCofy4+GX2jWfYugwjzJ9IpPyR+RJX45
Rr0k1qbsCAAzGw1RZWFFaCAPK015NWVl4zPDVLzXRAhsajqn3msnV9VHnd/GFFKa
H6bMSxdbCZDav3Vjad6SWR0E51yK8mIF+F+OP3nKlHLD6OaTCW2iIKCCnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOA2wyPxJzpHJi16wRuY3h8E8LdnMB8GA1UdIwQY
MBaAFFQD5fhAXWCFuN9L/OHdm7PnjCGZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkFQbC1FQmRZSVc0MzB2ODRkMmJzLWVNSVprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hZWU4ZDktMjFlZC00ZGI3LWJkNzAt
MTVhNDJhYzllZmE4LzEvNERiRElfRW5Pa2NtTFhyQkc1amVId1R3dDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hZWU4ZDktMjFlZC00ZGI3LWJkNzAtMTVhNDJhYzllZmE4
LzEvVkFQbC1FQmRZSVc0MzB2ODRkMmJzLWVNSVprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAub21MA8E
AgACMAkDBwAqC/OAA+gwDQYJKoZIhvcNAQELBQADggEBAHm/zUDkJwdG4I3uYCHz
vb4LWiX+XX1OTP4+7ROH+eUJMxrvPFGCRC+NsFj8iWgJytA9j+QjrXiX2qYV2Hzr
pGzlyl87Q3pD775vGlmYj1aX+9nZ8sRa+1+tjmWFBDRmNn1GvDM4GcplpS/PWqdf
hrM1i8QrWpu9nNngL8eP2uJ7ckMPI/zAcCYwjD++iAlQUjAZtLk435/UVlW5iDM9
vMFeOrvxR7CqgwF8jVxJD7qxzzAyP+ZAbvOciIgtEqsLk+f/XISrQgOIPg3Qb8xp
9GeSoS6ictJGQFSe1CWMu+FcCzkqxqW0X12+jnIz/cjb9nwA/hn5YoZJSlzDWqT6
24g=
-----END CERTIFICATE-----