Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/eDLnlibMvqHABUnf0cTnTXfzjsQ.roa
File:                     eDLnlibMvqHABUnf0cTnTXfzjsQ.roa (raw, json)
Hash identifier:          23lsZWpFbgTvvmDoDor5ePX92IS7k3nIwuBhFjzfmm4=
Subject key identifier:   78:32:E7:96:26:CC:BE:A1:C0:05:49:DF:D1:C4:E7:4D:77:F3:8E:C4
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       01990B7A1E076E5DA4E273DB79DB5301F0B5
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/eDLnlibMvqHABUnf0cTnTXfzjsQ.roa
Signing time:             Tue 02 Sep 2025 17:29:36 +0000
ROA not before:           Tue 02 Sep 2025 17:29:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205290
IP address blocks:        185.69.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:7a:1e:07:6e:5d:a4:e2:73:db:79:db:53:01:f0:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Sep  2 17:29:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7832e79626ccbea1c00549dfd1c4e74d77f38ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:26:01:e8:8c:64:de:0e:f6:a2:f7:fb:3c:
                    95:7b:e3:32:4c:c6:f7:2b:99:08:f7:9f:68:b4:20:
                    97:d4:73:2c:c8:8c:0b:71:c1:4b:85:e2:2d:e5:9e:
                    1f:ed:29:18:6a:4a:a8:ab:82:2e:e8:d3:de:b0:24:
                    d9:5c:01:4e:34:8a:56:cc:25:b5:c5:a4:d5:a0:89:
                    ff:b3:6d:0f:98:a8:78:cf:c2:b9:3d:26:e6:92:a7:
                    9a:4d:83:1e:4a:21:e8:09:0a:4d:e6:55:d9:8d:eb:
                    25:3a:81:c7:de:54:8b:12:51:39:8a:c1:db:4e:3a:
                    66:82:10:86:b5:1a:db:0f:df:ba:64:83:37:0b:7b:
                    e8:77:41:e8:de:25:ed:92:31:76:4d:e0:49:9a:6b:
                    44:25:54:87:09:ad:05:9b:98:f0:82:f2:00:79:73:
                    44:44:22:75:5a:ce:08:96:f7:2a:76:34:e6:76:de:
                    d8:2a:85:fd:bd:88:b6:19:b3:3a:3e:39:11:2c:ea:
                    d1:08:42:83:bc:74:b8:b2:27:f6:71:54:2f:31:b8:
                    1c:5e:48:b6:37:89:9a:d1:8a:6a:c8:f5:2f:a9:e6:
                    7b:fe:87:c4:23:48:c8:be:53:f9:ad:18:38:67:e8:
                    91:05:b1:04:2f:ed:e7:44:ef:2a:af:e8:2f:71:29:
                    05:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:32:E7:96:26:CC:BE:A1:C0:05:49:DF:D1:C4:E7:4D:77:F3:8E:C4
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/eDLnlibMvqHABUnf0cTnTXfzjsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:70:37:1a:f9:1a:4c:17:35:1a:e5:b3:56:49:6b:ae:7d:0e:
         5e:d7:85:ee:2b:a6:b7:a1:d3:b2:29:1c:4a:db:a7:74:88:40:
         a1:00:8b:5c:6d:96:0b:70:e8:ee:02:81:95:38:ce:38:a3:6d:
         ce:30:43:a8:a9:60:68:4a:25:c7:04:e9:be:63:2c:51:82:40:
         3a:8a:43:e1:d7:64:bb:fa:a0:16:d3:46:e3:7d:09:f1:9f:19:
         8a:25:8a:9a:c0:de:80:5b:bf:9f:bc:9a:4a:38:05:63:2f:33:
         53:5d:db:8b:86:d8:8a:60:cb:01:fe:e4:a3:04:00:7e:00:20:
         3a:11:ce:bd:f7:c2:03:78:0f:3f:f4:ac:12:e7:de:2c:90:58:
         11:b2:76:14:10:fc:12:87:6b:52:b3:6b:7f:0d:71:64:7c:80:
         ed:0b:f5:71:f1:d0:01:42:c2:bf:4d:5c:b1:fa:c9:e2:5f:9f:
         e6:b7:51:ee:7b:bf:6f:93:46:a3:87:f2:e1:4b:95:99:d4:6b:
         40:41:3e:03:f2:d8:fb:eb:0e:73:df:4a:a1:b5:de:3b:4a:ea:
         cc:3e:1a:10:db:47:51:9e:b8:62:9b:81:f1:64:74:68:dd:7b:
         0c:35:a5:82:a0:15:40:0d:90:ea:22:5b:3b:2c:65:34:40:8c:
         1a:c5:e2:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLeh4Hbl2k4nPbedtTAfC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwOTAyMTcyOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODMyZTc5NjI2Y2NiZWExYzAwNTQ5ZGZkMWM0ZTc0ZDc3ZjM4ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrUmAeiMZN4O9qL3+zyVe+MyTMb3
K5kI959otCCX1HMsyIwLccFLheIt5Z4f7SkYakqoq4Iu6NPesCTZXAFONIpWzCW1
xaTVoIn/s20PmKh4z8K5PSbmkqeaTYMeSiHoCQpN5lXZjeslOoHH3lSLElE5isHb
TjpmghCGtRrbD9+6ZIM3C3vod0Ho3iXtkjF2TeBJmmtEJVSHCa0Fm5jwgvIAeXNE
RCJ1Ws4IlvcqdjTmdt7YKoX9vYi2GbM6PjkRLOrRCEKDvHS4sif2cVQvMbgcXki2
N4ma0YpqyPUvqeZ7/ofEI0jIvlP5rRg4Z+iRBbEEL+3nRO8qr+gvcSkFrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgy55YmzL6hwAVJ39HE5013847EMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvZURMbmxpYk12cUhBQlVuZjBjVG5UWGZ6anNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUXcMA0G
CSqGSIb3DQEBCwUAA4IBAQCmcDca+RpMFzUa5bNWSWuufQ5e14XuK6a3odOyKRxK
26d0iEChAItcbZYLcOjuAoGVOM44o23OMEOoqWBoSiXHBOm+YyxRgkA6ikPh12S7
+qAW00bjfQnxnxmKJYqawN6AW7+fvJpKOAVjLzNTXduLhtiKYMsB/uSjBAB+ACA6
Ec6998IDeA8/9KwS594skFgRsnYUEPwSh2tSs2t/DXFkfIDtC/Vx8dABQsK/TVyx
+sniX5/mt1Hue79vk0ajh/LhS5WZ1GtAQT4D8tj76w5z30qhtd47SurMPhoQ20dR
nrhim4HxZHRo3XsMNaWCoBVADZDqIls7LGU0QIwaxeKV
-----END CERTIFICATE-----