Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/LqaoGkejuF6PP4p803TgoZ2vleQ.roa
File:                     LqaoGkejuF6PP4p803TgoZ2vleQ.roa (raw, json)
Hash identifier:          4nksdv33ECXILVNsJ65fLMcUcq6KPy37nnRWTtPMxDM=
Subject key identifier:   2E:A6:A8:1A:47:A3:B8:5E:8F:3F:8A:7C:D3:74:E0:A1:9D:AF:95:E4
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       019948DAB369C998A817C242E7435099146A
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/LqaoGkejuF6PP4p803TgoZ2vleQ.roa
Signing time:             Sun 14 Sep 2025 15:31:56 +0000
ROA not before:           Sun 14 Sep 2025 15:31:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        147.185.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:48:da:b3:69:c9:98:a8:17:c2:42:e7:43:50:99:14:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Sep 14 15:31:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ea6a81a47a3b85e8f3f8a7cd374e0a19daf95e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:70:62:50:d1:81:17:4d:d9:b9:45:04:f2:6a:
                    0e:ec:46:7f:07:dd:65:65:46:5d:91:6b:91:6f:f4:
                    fd:47:f4:89:54:5c:a8:d8:cb:52:dd:25:d7:a6:1b:
                    67:ae:e7:d2:25:1c:a4:9b:c6:05:b8:6c:bd:25:c7:
                    7b:33:b0:06:e3:e5:fc:07:b1:d5:c9:ee:af:b9:e6:
                    51:d3:f5:f7:d9:f3:e9:97:9f:3c:65:8b:23:4d:12:
                    3a:6c:68:21:dd:07:20:01:be:97:a5:81:92:77:5b:
                    fd:ad:23:2c:8a:64:f2:31:54:70:6c:24:e9:8a:71:
                    2e:35:c8:32:f4:8f:d4:0c:4b:04:c4:62:7f:92:f8:
                    64:03:4c:fd:11:6e:16:3a:7c:c8:c9:75:a2:47:df:
                    97:5d:8a:62:5d:40:1d:11:13:b9:a7:d4:e3:9e:b2:
                    b3:da:22:d9:b7:04:3a:e4:eb:e8:f1:e3:21:3c:6e:
                    7d:46:0d:5f:e5:f0:41:83:df:b2:c3:45:54:4c:22:
                    e2:9a:f2:35:04:11:2e:f6:27:13:6c:cc:61:d7:5a:
                    c2:c2:a0:c8:9c:5a:40:98:6c:2f:04:4b:ef:8f:3e:
                    e4:6d:81:7c:a3:7b:32:49:35:0b:dc:a1:60:08:f4:
                    25:0d:38:0f:d4:d2:96:19:36:aa:9e:ff:08:a7:98:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A6:A8:1A:47:A3:B8:5E:8F:3F:8A:7C:D3:74:E0:A1:9D:AF:95:E4
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/LqaoGkejuF6PP4p803TgoZ2vleQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:70:46:35:ae:eb:91:dd:4b:3c:73:b5:d2:57:30:78:4c:74:
         81:16:76:ac:e1:6c:7e:f2:b1:93:ac:97:2e:a6:cc:c8:53:48:
         a1:5a:09:2b:f3:8d:b5:ff:f6:0b:f9:e5:72:fe:79:36:d4:0c:
         f7:ae:c5:6d:fb:c9:18:80:97:ac:42:91:83:56:18:7e:f7:f4:
         61:b1:31:d5:05:36:85:01:b2:31:fe:0c:26:a2:97:c2:55:8a:
         af:cd:26:4d:44:db:eb:80:05:6f:de:d0:39:da:0c:04:1d:c8:
         f2:23:d7:b5:f6:69:23:9d:48:b3:e0:ba:c4:95:e0:bd:df:e6:
         af:59:55:fc:75:87:ca:ed:49:c9:cd:8b:26:73:08:a8:36:0a:
         aa:f9:82:cb:46:d0:55:b1:43:92:33:14:ea:86:55:5c:4a:e8:
         a7:49:ba:69:30:6b:26:13:4d:8e:c3:ae:ee:8e:38:37:dd:3b:
         66:49:52:e7:d7:30:96:dc:0d:30:d4:af:69:aa:37:fd:c1:ce:
         b5:e6:8a:1f:f0:a5:3f:1e:6b:c0:06:cf:45:c4:d9:6a:22:e4:
         07:d0:c0:66:9a:a4:75:a5:51:ea:6a:42:66:0f:d1:bd:98:02:
         b8:75:87:26:71:0d:59:f1:11:d7:af:87:de:1d:95:e3:7c:7a:
         a7:34:b6:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlI2rNpyZioF8JC50NQmRRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjUwOTE0MTUzMTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE2YTgxYTQ3YTNiODVlOGYzZjhhN2NkMzc0ZTBhMTlkYWY5NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXBiUNGBF03ZuUUE8moO7EZ/B91l
ZUZdkWuRb/T9R/SJVFyo2MtS3SXXphtnrufSJRykm8YFuGy9Jcd7M7AG4+X8B7HV
ye6vueZR0/X32fPpl588ZYsjTRI6bGgh3QcgAb6XpYGSd1v9rSMsimTyMVRwbCTp
inEuNcgy9I/UDEsExGJ/kvhkA0z9EW4WOnzIyXWiR9+XXYpiXUAdERO5p9TjnrKz
2iLZtwQ65Ovo8eMhPG59Rg1f5fBBg9+yw0VUTCLimvI1BBEu9icTbMxh11rCwqDI
nFpAmGwvBEvvjz7kbYF8o3sySTUL3KFgCPQlDTgP1NKWGTaqnv8Ip5j7XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6mqBpHo7hejz+KfNN04KGdr5XkMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvTHFhb0drZWp1RjZQUDRwODAzVGdvWjJ2bGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7lrMA0G
CSqGSIb3DQEBCwUAA4IBAQAZcEY1ruuR3Us8c7XSVzB4THSBFnas4Wx+8rGTrJcu
pszIU0ihWgkr8421//YL+eVy/nk21Az3rsVt+8kYgJesQpGDVhh+9/RhsTHVBTaF
AbIx/gwmopfCVYqvzSZNRNvrgAVv3tA52gwEHcjyI9e19mkjnUiz4LrEleC93+av
WVX8dYfK7UnJzYsmcwioNgqq+YLLRtBVsUOSMxTqhlVcSuinSbppMGsmE02Ow67u
jjg33TtmSVLn1zCW3A0w1K9pqjf9wc615oof8KU/HmvABs9FxNlqIuQH0MBmmqR1
pVHqakJmD9G9mAK4dYcmcQ1Z8RHXr4feHZXjfHqnNLau
-----END CERTIFICATE-----