Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/lQVHGnH2f0hNssZzIKkiu_JR2tg.roa
File:                     lQVHGnH2f0hNssZzIKkiu_JR2tg.roa (raw, json)
Hash identifier:          Hp6I2j7udVV6xzpCwEdfm0+ifgsw+yYFCuK3YkNFaBk=
Subject key identifier:   95:05:47:1A:71:F6:7F:48:4D:B2:C6:73:20:A9:22:BB:F2:51:DA:D8
Certificate issuer:       /CN=30a34f9d1dbd20aa87fb0f62bd2b6c5e30c614a2
Certificate serial:       01990BA2670E94A49888491E331B2F5A543D
Authority key identifier: 30:A3:4F:9D:1D:BD:20:AA:87:FB:0F:62:BD:2B:6C:5E:30:C6:14:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/lQVHGnH2f0hNssZzIKkiu_JR2tg.roa
Signing time:             Tue 02 Sep 2025 18:13:36 +0000
ROA not before:           Tue 02 Sep 2025 18:13:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12849
IP address blocks:        193.110.180.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:a2:67:0e:94:a4:98:88:49:1e:33:1b:2f:5a:54:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30a34f9d1dbd20aa87fb0f62bd2b6c5e30c614a2
        Validity
            Not Before: Sep  2 18:13:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9505471a71f67f484db2c67320a922bbf251dad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:f6:73:b2:04:9e:e0:cd:ae:a8:13:de:5c:
                    58:b8:4e:a5:5d:d6:68:84:23:82:d6:91:e9:7c:ec:
                    6c:4b:8c:c9:8c:08:19:d4:42:b9:4b:66:92:54:bc:
                    4c:38:f7:a4:6f:ef:fa:d9:59:e0:70:2a:49:22:a7:
                    42:af:ef:72:e2:12:df:b0:77:7d:34:d7:27:1a:bb:
                    cd:2a:8f:6f:b9:c4:5c:0e:75:d9:f3:96:38:5e:a8:
                    9d:28:a8:53:42:f3:04:67:41:d6:d1:e4:84:fb:7c:
                    36:49:23:eb:7d:02:61:04:b8:85:12:73:e5:43:37:
                    7b:fb:01:c3:3c:14:6d:0d:fe:d3:28:0c:10:af:52:
                    c9:0d:5b:ee:da:ae:d7:8f:08:20:14:b6:b1:e6:3a:
                    c2:9b:fb:fd:92:11:35:33:f9:1c:ae:0b:44:8d:d0:
                    8f:8e:a1:af:66:6a:7a:24:2e:6b:ea:a4:dc:43:84:
                    24:3c:09:3e:a4:6b:cd:39:52:d6:c4:aa:a5:bb:6c:
                    bb:8a:61:c8:ef:d3:96:b9:eb:1e:c0:5d:bf:be:0c:
                    9f:57:aa:43:f5:97:be:9d:83:bb:1e:dc:c0:d2:e6:
                    94:9d:db:42:5e:be:37:7f:0f:3d:8c:ed:d0:c9:2a:
                    ec:24:ce:44:5b:2c:89:c9:a0:1d:5a:16:41:f0:a9:
                    40:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:05:47:1A:71:F6:7F:48:4D:B2:C6:73:20:A9:22:BB:F2:51:DA:D8
            X509v3 Authority Key Identifier:
                keyid:30:A3:4F:9D:1D:BD:20:AA:87:FB:0F:62:BD:2B:6C:5E:30:C6:14:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MKNPnR29IKqH-w9ivStsXjDGFKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/lQVHGnH2f0hNssZzIKkiu_JR2tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee4732-c3ba-4088-a5fa-eb653d3622bb/1/MKNPnR29IKqH-w9ivStsXjDGFKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:58:72:d9:c7:83:c2:92:b3:ba:8d:e0:4c:9e:06:1a:af:4e:
         5b:a3:77:8c:cb:35:61:b0:0f:e3:b3:1d:cd:62:2d:da:0b:56:
         01:d2:3e:31:8d:5f:25:ce:98:81:34:38:75:22:82:c7:78:3c:
         ac:5b:0e:0d:8c:f4:73:a1:90:58:bc:e8:7d:db:21:12:9f:89:
         b7:0e:87:6d:e7:de:2b:8c:b9:0e:ce:00:45:3b:61:44:8b:4c:
         03:3d:f1:1d:ea:ff:83:50:88:4a:f0:cc:cf:a0:50:05:d7:71:
         34:44:23:40:7a:13:71:2d:4e:dd:40:59:f1:97:9b:a4:6e:95:
         f9:f5:be:41:77:e0:fe:ad:50:ec:05:9c:66:18:75:ec:6a:94:
         cc:eb:65:b9:c9:8f:77:1f:f9:da:38:12:3c:0c:a4:ed:c9:ce:
         de:0e:3f:04:c3:40:7c:10:31:37:ee:a5:85:1c:ce:b2:ba:8f:
         16:cc:d1:35:fb:ad:ee:2b:e0:81:6c:97:e9:2a:ff:34:91:81:
         cd:2b:15:64:90:b9:e4:59:23:14:59:b2:15:6f:04:38:17:15:
         08:49:36:87:13:2f:b1:e7:c7:a1:4a:7c:f5:34:ba:44:cc:f5:
         8f:90:1d:41:92:18:72:1c:42:e3:c5:9b:46:3e:e0:b1:da:99:
         a5:fe:cf:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLomcOlKSYiEkeMxsvWlQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYTM0ZjlkMWRiZDIwYWE4N2ZiMGY2MmJkMmI2YzVlMzBj
NjE0YTIwHhcNMjUwOTAyMTgxMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA1NDcxYTcxZjY3ZjQ4NGRiMmM2NzMyMGE5MjJiYmYyNTFkYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16/2c7IEnuDNrqgT3lxYuE6lXdZo
hCOC1pHpfOxsS4zJjAgZ1EK5S2aSVLxMOPekb+/62VngcCpJIqdCr+9y4hLfsHd9
NNcnGrvNKo9vucRcDnXZ85Y4XqidKKhTQvMEZ0HW0eSE+3w2SSPrfQJhBLiFEnPl
Qzd7+wHDPBRtDf7TKAwQr1LJDVvu2q7XjwggFLax5jrCm/v9khE1M/kcrgtEjdCP
jqGvZmp6JC5r6qTcQ4QkPAk+pGvNOVLWxKqlu2y7imHI79OWuesewF2/vgyfV6pD
9Ze+nYO7HtzA0uaUndtCXr43fw89jO3QySrsJM5EWyyJyaAdWhZB8KlA5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUFRxpx9n9ITbLGcyCpIrvyUdrYMB8GA1UdIwQY
MBaAFDCjT50dvSCqh/sPYr0rbF4wxhSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtOUG5SMjlJS3FILXc5aXZTdHNYakRHRktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lZTQ3MzItYzNiYS00MDg4LWE1ZmEt
ZWI2NTNkMzYyMmJiLzEvbFFWSEduSDJmMGhOc3NaeklLa2l1X0pSMnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lZTQ3MzItYzNiYS00MDg4LWE1ZmEtZWI2NTNkMzYyMmJi
LzEvTUtOUG5SMjlJS3FILXc5aXZTdHNYakRHRktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW60MA0G
CSqGSIb3DQEBCwUAA4IBAQAlWHLZx4PCkrO6jeBMngYar05bo3eMyzVhsA/jsx3N
Yi3aC1YB0j4xjV8lzpiBNDh1IoLHeDysWw4NjPRzoZBYvOh92yESn4m3Dodt594r
jLkOzgBFO2FEi0wDPfEd6v+DUIhK8MzPoFAF13E0RCNAehNxLU7dQFnxl5ukbpX5
9b5Bd+D+rVDsBZxmGHXsapTM62W5yY93H/naOBI8DKTtyc7eDj8Ew0B8EDE37qWF
HM6yuo8WzNE1+63uK+CBbJfpKv80kYHNKxVkkLnkWSMUWbIVbwQ4FxUISTaHEy+x
58ehSnz1NLpEzPWPkB1BkhhyHELjxZtGPuCx2pml/s8k
-----END CERTIFICATE-----