Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ear6glms6xQEx-sJzJyz2U-vwUo.roa
File:                     ear6glms6xQEx-sJzJyz2U-vwUo.roa (raw, json)
Hash identifier:          myzxilbkgn8eg20yO8piaw6MM2eVN5CUHaMGcHJd8U4=
Subject key identifier:   79:AA:FA:82:59:AC:EB:14:04:C7:EB:09:CC:9C:B3:D9:4F:AF:C1:4A
Certificate issuer:       /CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
Certificate serial:       01999A8A5C803C3A048A2393B6336455E2A9
Authority key identifier: 2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ear6glms6xQEx-sJzJyz2U-vwUo.roa
Signing time:             Tue 30 Sep 2025 12:13:02 +0000
ROA not before:           Tue 30 Sep 2025 12:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216078
IP address blocks:        193.178.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:8a:5c:80:3c:3a:04:8a:23:93:b6:33:64:55:e2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
        Validity
            Not Before: Sep 30 12:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79aafa8259aceb1404c7eb09cc9cb3d94fafc14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9f:46:1c:08:8e:69:29:10:a4:cd:ba:64:1f:
                    d5:8d:1b:55:da:e4:c2:4f:f1:17:73:a7:75:ec:c7:
                    fb:46:9b:c3:cc:57:4b:37:f2:95:94:73:09:98:27:
                    68:77:e5:cc:38:b7:09:0d:23:9a:13:87:87:a0:e4:
                    ca:e4:d2:01:06:c7:fd:f1:e9:4b:a5:54:8b:6f:7d:
                    85:a8:a6:69:c8:60:71:d9:92:52:b4:3c:23:1a:8f:
                    22:6d:9a:a8:6e:b3:33:f7:49:63:42:36:89:3b:e1:
                    a6:df:ea:cf:3b:26:1e:f9:18:e5:c6:00:ea:ce:41:
                    02:9a:ef:39:9d:25:7a:a1:4e:09:61:90:9a:eb:1a:
                    51:ba:5b:2d:37:41:f0:4a:ba:ca:a3:ab:c5:6e:8e:
                    dd:64:e3:9a:d3:ee:ba:da:fc:c5:58:37:91:7c:3e:
                    a7:ae:c2:6e:ff:0c:0c:4e:71:d4:e2:64:db:7d:a6:
                    52:87:ed:cc:db:8e:4b:66:19:54:68:d7:db:18:13:
                    63:b2:f0:21:b6:62:a1:30:7a:02:81:f7:b0:90:1f:
                    f3:26:a8:8c:c3:e8:a0:a0:42:b8:39:7d:cd:88:39:
                    64:e0:53:d6:4f:3a:ae:3f:a0:8d:f0:05:67:4b:63:
                    a3:2c:3c:25:03:0b:4c:be:db:9b:e3:d2:12:9d:17:
                    a9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AA:FA:82:59:AC:EB:14:04:C7:EB:09:CC:9C:B3:D9:4F:AF:C1:4A
            X509v3 Authority Key Identifier:
                keyid:2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ear6glms6xQEx-sJzJyz2U-vwUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:43:7a:6e:29:ed:ee:76:2d:74:9e:30:80:b2:87:fd:ab:77:
         4c:ad:85:8b:4e:2d:e0:5c:97:82:1f:2b:70:3f:2d:15:d2:d5:
         1f:9d:57:8d:bd:ab:4f:89:bc:12:71:91:7f:a0:c5:f1:01:00:
         2e:66:f4:25:17:c3:89:bc:40:73:53:08:ba:46:01:05:97:ab:
         03:62:4b:8b:94:cf:87:d9:03:c0:6d:88:89:8a:1d:fc:4f:9e:
         0b:91:6b:86:93:95:25:7d:56:6a:7b:dd:ab:3c:c9:80:0d:39:
         43:aa:37:71:99:2c:b7:ac:bd:8a:d4:39:ce:83:34:7a:df:ae:
         04:11:93:e5:83:91:83:19:a1:b7:bc:9a:0b:7e:0b:a2:84:32:
         8d:e7:3d:3f:8c:22:ef:d9:31:b7:f6:d3:ad:d1:5b:69:08:bb:
         e7:0e:73:2a:1c:da:03:cc:30:b4:3d:bd:87:c6:24:61:cc:05:
         28:a1:53:c2:a8:b6:15:e4:98:17:5d:5d:ea:a5:6a:24:2b:9a:
         b8:3b:0b:47:1f:f0:39:ab:ba:46:ab:38:a6:6f:80:a1:a0:e4:
         24:da:49:ac:34:b6:a8:d2:84:db:1f:fc:14:83:a8:24:ba:d5:
         34:00:27:55:e5:4f:97:d6:30:a1:0c:6f:d5:dd:28:fd:f5:83:
         a1:3b:58:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmailyAPDoEiiOTtjNkVeKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzQ4N2RhNjVlODVlODdiZGFjNGY1ZjY3NThkYzZjMjBl
Zjk3NjMwHhcNMjUwOTMwMTIxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFhZmE4MjU5YWNlYjE0MDRjN2ViMDljYzljYjNkOTRmYWZjMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5p9GHAiOaSkQpM26ZB/VjRtV2uTC
T/EXc6d17Mf7RpvDzFdLN/KVlHMJmCdod+XMOLcJDSOaE4eHoOTK5NIBBsf98elL
pVSLb32FqKZpyGBx2ZJStDwjGo8ibZqobrMz90ljQjaJO+Gm3+rPOyYe+RjlxgDq
zkECmu85nSV6oU4JYZCa6xpRulstN0HwSrrKo6vFbo7dZOOa0+662vzFWDeRfD6n
rsJu/wwMTnHU4mTbfaZSh+3M245LZhlUaNfbGBNjsvAhtmKhMHoCgfewkB/zJqiM
w+igoEK4OX3NiDlk4FPWTzquP6CN8AVnS2OjLDwlAwtMvtub49ISnRep2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmq+oJZrOsUBMfrCcycs9lPr8FKMB8GA1UdIwQY
MBaAFC40h9pl6F6HvaxPX2dY3Gwg75djMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAt
ZDBhZWNkNWQ3MDQyLzEvZWFyNmdsbXM2eFFFeC1zSnpKeXoyVS12d1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAtZDBhZWNkNWQ3MDQy
LzEvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbLiMA0G
CSqGSIb3DQEBCwUAA4IBAQCJQ3puKe3udi10njCAsof9q3dMrYWLTi3gXJeCHytw
Py0V0tUfnVeNvatPibwScZF/oMXxAQAuZvQlF8OJvEBzUwi6RgEFl6sDYkuLlM+H
2QPAbYiJih38T54LkWuGk5UlfVZqe92rPMmADTlDqjdxmSy3rL2K1DnOgzR6364E
EZPlg5GDGaG3vJoLfguihDKN5z0/jCLv2TG39tOt0VtpCLvnDnMqHNoDzDC0Pb2H
xiRhzAUooVPCqLYV5JgXXV3qpWokK5q4OwtHH/A5q7pGqzimb4ChoOQk2kmsNLao
0oTbH/wUg6gkutU0ACdV5U+X1jChDG/V3Sj99YOhO1i9
-----END CERTIFICATE-----