Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/LEZ2eernw3AVIu_DBAVXUMvBBUI.roa
File:                     LEZ2eernw3AVIu_DBAVXUMvBBUI.roa (raw, json)
Hash identifier:          mWWMsuTtrCWfoaF45z7yHf2yqMTPnwnlxC/hcOPnnAg=
Subject key identifier:   2C:46:76:79:EA:E7:C3:70:15:22:EF:C3:04:05:57:50:CB:C1:05:42
Certificate issuer:       /CN=ce22dd19725b6a59e79f0ff39789a5658e4a5fdd
Certificate serial:       019B7CEDD925F0B5BE36E1315B4E071937DD
Authority key identifier: CE:22:DD:19:72:5B:6A:59:E7:9F:0F:F3:97:89:A5:65:8E:4A:5F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ziLdGXJbalnnnw_zl4mlZY5KX90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/LEZ2eernw3AVIu_DBAVXUMvBBUI.roa
Signing time:             Fri 02 Jan 2026 04:18:41 +0000
ROA not before:           Fri 02 Jan 2026 04:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56395
IP address blocks:        185.215.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/ziLdGXJbalnnnw_zl4mlZY5KX90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/ziLdGXJbalnnnw_zl4mlZY5KX90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ziLdGXJbalnnnw_zl4mlZY5KX90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:d9:25:f0:b5:be:36:e1:31:5b:4e:07:19:37:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce22dd19725b6a59e79f0ff39789a5658e4a5fdd
        Validity
            Not Before: Jan  2 04:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c467679eae7c3701522efc304055750cbc10542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:75:64:17:7f:14:01:db:86:ae:ae:64:70:0f:
                    66:4e:a4:2f:2e:7b:be:41:1e:81:f4:90:09:2d:8d:
                    0c:87:d6:dc:ea:b4:39:02:ea:4f:1b:05:79:95:be:
                    26:fb:a8:ae:f0:7a:99:4c:63:c5:95:e0:b6:b9:61:
                    1a:d4:8c:41:71:1c:e8:bc:11:5a:a4:59:1d:ab:c1:
                    46:c7:5a:49:60:f6:ed:e7:4f:88:c8:40:18:64:fc:
                    d5:61:53:f9:f0:9d:84:1a:bf:6d:39:79:cb:3d:a0:
                    34:8f:03:a2:8d:27:53:8a:85:a8:61:19:ae:f5:3a:
                    83:cf:f4:b6:b2:e1:82:fe:09:6a:62:02:e0:a0:12:
                    ca:e6:b2:ba:0c:89:a9:50:2d:de:66:9f:cd:7d:46:
                    54:3d:72:c0:85:d8:9f:90:c6:4d:06:5b:cc:ba:08:
                    69:3b:9c:8a:76:64:43:cf:43:fd:b5:75:82:e8:bc:
                    31:8e:1e:da:61:14:f3:f9:79:c7:71:7b:34:4f:48:
                    e5:5e:23:6e:4b:6c:5b:61:d5:9e:61:df:1d:0a:b3:
                    09:d4:49:ca:1b:5b:2c:b3:70:f9:c2:51:fe:ee:f5:
                    0f:7b:6a:12:c6:18:b2:69:97:07:0c:f6:f4:80:f2:
                    c9:8d:53:8a:a3:97:04:0e:1d:38:cd:ce:b4:8a:5b:
                    26:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:46:76:79:EA:E7:C3:70:15:22:EF:C3:04:05:57:50:CB:C1:05:42
            X509v3 Authority Key Identifier:
                keyid:CE:22:DD:19:72:5B:6A:59:E7:9F:0F:F3:97:89:A5:65:8E:4A:5F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ziLdGXJbalnnnw_zl4mlZY5KX90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/LEZ2eernw3AVIu_DBAVXUMvBBUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/c75f12-97a4-4d9e-9978-b1822755f712/1/ziLdGXJbalnnnw_zl4mlZY5KX90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:f8:cc:29:c2:50:80:67:a7:d0:50:06:27:73:ba:7e:5a:f6:
         3e:96:db:08:00:29:3a:82:ba:24:d1:32:d8:d9:79:95:d5:3a:
         a5:ca:7a:86:13:6b:a3:1a:28:a4:ae:92:aa:28:00:7e:a4:f8:
         04:28:69:93:ef:2b:81:b6:7a:50:ae:e0:27:4d:9d:bb:e3:20:
         bf:29:ec:a8:38:91:61:fb:a9:6e:30:bf:33:90:90:e4:d3:38:
         93:64:75:26:b2:ca:22:35:c0:a0:a1:e7:29:25:6f:c8:da:5e:
         82:7e:a7:f2:71:e2:7d:c6:89:b7:6b:c7:20:bd:5b:ac:c7:a7:
         f2:b4:04:b7:1d:2c:df:cb:f1:df:09:c4:af:dd:7f:5b:79:de:
         e4:1d:f9:26:3b:35:bf:10:74:7b:45:fd:fb:01:d9:70:a3:60:
         0b:8c:f6:ed:80:af:4e:2a:fe:4a:d5:19:63:b6:8f:ef:79:27:
         cf:af:b1:61:8e:6d:e8:3c:35:5f:53:0f:b2:1b:98:0f:80:f3:
         4c:7c:52:98:58:ea:04:f5:f7:3e:97:c8:12:1e:03:51:69:d2:
         a7:a1:d4:2c:c5:8f:86:7d:8a:36:d8:b8:dc:25:78:36:ca:17:
         7e:48:53:11:46:61:4f:57:25:ff:6c:d7:fa:5c:7f:cd:e8:32:
         6a:d9:b1:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87dkl8LW+NuExW04HGTfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMjJkZDE5NzI1YjZhNTllNzlmMGZmMzk3ODlhNTY1OGU0
YTVmZGQwHhcNMjYwMTAyMDQxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzQ2NzY3OWVhZTdjMzcwMTUyMmVmYzMwNDA1NTc1MGNiYzEwNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XVkF38UAduGrq5kcA9mTqQvLnu+
QR6B9JAJLY0Mh9bc6rQ5AupPGwV5lb4m+6iu8HqZTGPFleC2uWEa1IxBcRzovBFa
pFkdq8FGx1pJYPbt50+IyEAYZPzVYVP58J2EGr9tOXnLPaA0jwOijSdTioWoYRmu
9TqDz/S2suGC/glqYgLgoBLK5rK6DImpUC3eZp/NfUZUPXLAhdifkMZNBlvMughp
O5yKdmRDz0P9tXWC6Lwxjh7aYRTz+XnHcXs0T0jlXiNuS2xbYdWeYd8dCrMJ1EnK
G1sss3D5wlH+7vUPe2oSxhiyaZcHDPb0gPLJjVOKo5cEDh04zc60ilsm4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxGdnnq58NwFSLvwwQFV1DLwQVCMB8GA1UdIwQY
MBaAFM4i3RlyW2pZ558P85eJpWWOSl/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemlMZEdYSmJhbG5ubndfemw0bWxaWTVLWDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jNzVmMTItOTdhNC00ZDllLTk5Nzgt
YjE4MjI3NTVmNzEyLzEvTEVaMmVlcm53M0FWSXVfREJBVlhVTXZCQlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jNzVmMTItOTdhNC00ZDllLTk5NzgtYjE4MjI3NTVmNzEy
LzEvemlMZEdYSmJhbG5ubndfemw0bWxaWTVLWDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudd4MA0G
CSqGSIb3DQEBCwUAA4IBAQB/+MwpwlCAZ6fQUAYnc7p+WvY+ltsIACk6grok0TLY
2XmV1TqlynqGE2ujGiikrpKqKAB+pPgEKGmT7yuBtnpQruAnTZ274yC/KeyoOJFh
+6luML8zkJDk0ziTZHUmssoiNcCgoecpJW/I2l6CfqfyceJ9xom3a8cgvVusx6fy
tAS3HSzfy/HfCcSv3X9bed7kHfkmOzW/EHR7Rf37Adlwo2ALjPbtgK9OKv5K1Rlj
to/veSfPr7Fhjm3oPDVfUw+yG5gPgPNMfFKYWOoE9fc+l8gSHgNRadKnodQsxY+G
fYo22LjcJXg2yhd+SFMRRmFPVyX/bNf6XH/N6DJq2bH7
-----END CERTIFICATE-----