Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/LP2qujWl2bPUpTZWkStoRFjDI64.roa
File:                     LP2qujWl2bPUpTZWkStoRFjDI64.roa (raw, json)
Hash identifier:          SwXSx0zDQGQ+x5pncSyU3PhQ+whIz78gAdJwM9f/C/M=
Subject key identifier:   2C:FD:AA:BA:35:A5:D9:B3:D4:A5:36:56:91:2B:68:44:58:C3:23:AE
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019A43748E8F12011306CBE3397C57393513
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/LP2qujWl2bPUpTZWkStoRFjDI64.roa
Signing time:             Sun 02 Nov 2025 07:25:03 +0000
ROA not before:           Sun 02 Nov 2025 07:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213114
IP address blocks:        193.233.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:74:8e:8f:12:01:13:06:cb:e3:39:7c:57:39:35:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov  2 07:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cfdaaba35a5d9b3d4a53656912b684458c323ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4a:d5:0c:10:2c:a8:3f:1c:5c:7a:6f:56:a2:
                    58:63:94:1d:a2:2c:43:f5:28:88:cc:7f:cd:a7:45:
                    98:6f:5c:ac:ce:bc:df:d6:0a:5f:e9:72:1a:4c:3d:
                    63:ff:d3:9c:89:9d:39:b3:0a:a6:e8:53:a9:2c:a3:
                    50:bb:a1:ef:9c:da:34:a6:40:df:af:2d:50:3b:77:
                    a7:27:88:fe:ab:79:7c:73:46:14:c3:6c:44:ff:ac:
                    40:3d:0b:b3:81:5c:54:e5:d4:f4:e4:60:25:4f:b9:
                    b8:f9:d2:25:54:02:92:cb:3a:39:f1:dd:84:e8:7e:
                    e9:92:9f:39:a6:ea:cd:e2:5f:26:98:c2:91:85:2b:
                    6e:c1:f9:7f:9b:83:e6:18:64:dd:70:89:53:b5:3d:
                    a3:67:74:a8:54:f1:e9:b6:cf:8a:e1:f4:ae:5b:02:
                    ba:31:2a:f0:38:35:2d:78:7c:64:76:bc:b4:08:0c:
                    a5:6a:64:65:ec:33:cd:88:c4:0d:b0:a2:e4:5d:94:
                    2a:1a:57:49:7e:55:70:09:9f:43:a2:db:92:60:93:
                    9f:8e:2d:d4:f9:58:8b:20:7d:94:10:8d:48:cb:15:
                    39:26:46:37:ed:7b:8b:af:38:14:eb:33:e9:d5:1c:
                    cf:86:f4:2f:61:fe:f7:fd:1f:a9:aa:3f:ae:3f:8e:
                    68:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:FD:AA:BA:35:A5:D9:B3:D4:A5:36:56:91:2B:68:44:58:C3:23:AE
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/LP2qujWl2bPUpTZWkStoRFjDI64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f7:90:fa:41:58:a1:13:be:e7:d3:b9:f6:ec:d6:5e:ce:b5:
         81:88:6d:de:ea:69:c8:cf:99:eb:70:a6:0f:cf:8f:b6:ae:65:
         75:d6:2d:98:6c:ed:47:12:a3:0e:61:20:4b:36:a4:4f:cb:4d:
         c4:26:f5:03:80:47:98:5d:a9:04:1f:a8:13:6e:76:0e:0e:cd:
         99:5c:81:47:1e:1a:88:16:78:46:df:a3:df:5e:66:e6:57:40:
         aa:43:d0:62:19:e0:da:f3:11:4c:58:82:c9:5a:b7:82:45:0a:
         ba:6e:0d:18:3c:41:0e:dc:97:51:1a:cc:a7:2f:a6:b2:3c:3f:
         c1:e1:09:08:25:e9:ea:a7:4c:c6:99:3b:a3:7b:70:77:29:cd:
         91:fe:92:df:ee:41:27:91:3e:42:98:32:83:62:79:05:f7:23:
         b6:1b:35:b7:13:27:dd:37:26:7f:d2:c2:d6:be:76:fb:77:03:
         5b:92:b3:67:9e:a6:76:dd:09:83:f6:e4:e2:aa:cb:fc:b2:2d:
         32:d5:ca:32:2d:25:5b:d7:fd:f6:d7:94:9d:ab:a2:8b:66:cf:
         ec:f2:80:6d:33:1c:c2:35:78:96:fc:c4:b7:85:ab:38:7a:1f:
         ad:ab:ae:a9:72:e3:49:6b:2a:34:96:9c:95:95:42:9f:26:7b:
         e3:0b:c3:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpDdI6PEgETBsvjOXxXOTUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMTAyMDcyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2ZkYWFiYTM1YTVkOWIzZDRhNTM2NTY5MTJiNjg0NDU4YzMyM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkrVDBAsqD8cXHpvVqJYY5QdoixD
9SiIzH/Np0WYb1yszrzf1gpf6XIaTD1j/9OciZ05swqm6FOpLKNQu6HvnNo0pkDf
ry1QO3enJ4j+q3l8c0YUw2xE/6xAPQuzgVxU5dT05GAlT7m4+dIlVAKSyzo58d2E
6H7pkp85purN4l8mmMKRhStuwfl/m4PmGGTdcIlTtT2jZ3SoVPHpts+K4fSuWwK6
MSrwODUteHxkdry0CAylamRl7DPNiMQNsKLkXZQqGldJflVwCZ9DotuSYJOfji3U
+ViLIH2UEI1IyxU5JkY37XuLrzgU6zPp1RzPhvQvYf73/R+pqj+uP45o7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCz9qro1pdmz1KU2VpEraERYwyOuMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvTFAycXVqV2wyYlBVcFRaV2tTdG9SRmpESTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenlMA0G
CSqGSIb3DQEBCwUAA4IBAQCP95D6QVihE77n07n27NZezrWBiG3e6mnIz5nrcKYP
z4+2rmV11i2YbO1HEqMOYSBLNqRPy03EJvUDgEeYXakEH6gTbnYODs2ZXIFHHhqI
FnhG36PfXmbmV0CqQ9BiGeDa8xFMWILJWreCRQq6bg0YPEEO3JdRGsynL6ayPD/B
4QkIJenqp0zGmTuje3B3Kc2R/pLf7kEnkT5CmDKDYnkF9yO2GzW3EyfdNyZ/0sLW
vnb7dwNbkrNnnqZ23QmD9uTiqsv8si0y1coyLSVb1/3215Sdq6KLZs/s8oBtMxzC
NXiW/MS3has4eh+tq66pcuNJayo0lpyVlUKfJnvjC8NH
-----END CERTIFICATE-----