Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/uYLrAaJA87yT4e0DquX1mDlmRQ8.roa
File:                     uYLrAaJA87yT4e0DquX1mDlmRQ8.roa (raw, json)
Hash identifier:          85O+xlHn4GYVrvRYFmOtwhkhRxSqecs6sd012ls3OuI=
Subject key identifier:   B9:82:EB:01:A2:40:F3:BC:93:E1:ED:03:AA:E5:F5:98:39:66:45:0F
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       019A264731F8A6BDDF09D42BFE16BDA05391
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/uYLrAaJA87yT4e0DquX1mDlmRQ8.roa
Signing time:             Mon 27 Oct 2025 15:26:31 +0000
ROA not before:           Mon 27 Oct 2025 15:26:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47721
IP address blocks:        167.160.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:26:47:31:f8:a6:bd:df:09:d4:2b:fe:16:bd:a0:53:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Oct 27 15:26:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b982eb01a240f3bc93e1ed03aae5f5983966450f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:83:d6:6c:0e:11:75:6d:06:93:b5:ae:27:15:
                    67:24:5c:3d:1f:74:9d:7f:f4:fe:40:2b:ef:eb:1b:
                    5c:2a:ab:1f:35:b6:d9:70:09:18:be:20:22:f2:cb:
                    0a:bc:96:b8:19:aa:1f:b2:a1:df:3c:93:98:e7:f3:
                    39:03:a2:c4:27:f9:9a:53:4e:4a:27:6f:d1:6d:98:
                    b8:fd:7c:42:44:71:df:eb:96:2b:9e:30:62:da:84:
                    11:a0:bb:c2:d7:7c:88:3e:00:65:23:32:de:11:02:
                    2f:0f:d2:17:2e:d5:35:0f:c2:65:ec:0b:21:33:69:
                    a4:d7:91:33:2a:fb:46:d1:4d:73:d9:87:cf:25:ff:
                    b4:45:56:12:d4:86:f8:19:c8:27:cc:fb:19:87:19:
                    a4:d5:61:c1:62:c9:21:1c:cd:2c:03:48:3e:84:1b:
                    dd:c3:c3:ba:7e:78:95:6a:3e:98:98:7c:ce:9e:d0:
                    08:b4:af:86:72:80:87:c1:cb:48:ea:41:6a:23:3e:
                    74:2c:dc:b8:79:a3:31:57:fa:9b:41:14:df:12:1e:
                    4c:64:b8:b6:43:54:3a:50:1a:12:d6:d0:fb:6b:51:
                    6d:78:1e:48:f5:e9:1d:b8:30:2e:a7:6b:19:52:33:
                    a9:a0:bb:c2:e7:3d:3d:05:ec:b5:4b:5e:9c:45:94:
                    e6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:82:EB:01:A2:40:F3:BC:93:E1:ED:03:AA:E5:F5:98:39:66:45:0F
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/uYLrAaJA87yT4e0DquX1mDlmRQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:81:c5:6d:1e:5d:85:fd:7d:b0:49:79:9d:6b:03:dd:48:70:
         72:43:5c:49:92:25:da:93:cd:b0:3d:41:6f:9c:ee:ee:ea:67:
         ea:f7:2f:d4:46:f8:2c:20:50:62:3d:16:a3:a7:45:93:15:1b:
         90:8a:fd:bd:05:7b:84:f4:df:92:3b:e1:11:7a:4e:f9:85:d9:
         aa:a1:2e:b3:f2:cd:ea:46:04:bd:54:0e:7a:1a:fd:8e:4b:bb:
         e1:0e:65:58:bf:69:7c:e3:7e:82:95:dc:f3:eb:aa:46:4d:81:
         06:33:c4:19:1e:f1:15:c9:ab:45:e4:81:f2:b4:ac:83:a3:5e:
         dd:3b:3d:e6:a1:6f:5c:9c:69:54:9c:ab:94:99:c1:2a:62:d1:
         27:e2:b6:cd:32:42:2d:98:34:c9:9d:6c:e7:e1:41:cb:bf:44:
         da:e1:ab:20:7e:8d:f7:7b:46:2c:29:63:50:87:c7:ce:6d:73:
         d3:68:53:3d:d9:84:3b:44:6f:e2:93:c8:13:f7:f7:0a:84:4f:
         d4:dd:98:68:dc:bf:69:48:a5:27:d9:56:0b:99:60:f2:ad:97:
         3b:b5:08:3f:e4:a8:27:26:a0:cb:4b:8d:6b:64:5e:8a:fc:d2:
         0c:72:32:9b:a4:8a:c8:31:4e:a7:88:b6:67:9b:07:bf:94:61:
         ac:51:08:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZomRzH4pr3fCdQr/ha9oFORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUxMDI3MTUyNjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTgyZWIwMWEyNDBmM2JjOTNlMWVkMDNhYWU1ZjU5ODM5NjY0NTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoPWbA4RdW0Gk7WuJxVnJFw9H3Sd
f/T+QCvv6xtcKqsfNbbZcAkYviAi8ssKvJa4GaofsqHfPJOY5/M5A6LEJ/maU05K
J2/RbZi4/XxCRHHf65YrnjBi2oQRoLvC13yIPgBlIzLeEQIvD9IXLtU1D8Jl7Ash
M2mk15EzKvtG0U1z2YfPJf+0RVYS1Ib4GcgnzPsZhxmk1WHBYskhHM0sA0g+hBvd
w8O6fniVaj6YmHzOntAItK+GcoCHwctI6kFqIz50LNy4eaMxV/qbQRTfEh5MZLi2
Q1Q6UBoS1tD7a1FteB5I9ekduDAup2sZUjOpoLvC5z09Bey1S16cRZTmLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmC6wGiQPO8k+HtA6rl9Zg5ZkUPMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvdVlMckFhSkE4N3lUNGUwRHF1WDFtRGxtUlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6AKMA0G
CSqGSIb3DQEBCwUAA4IBAQAwgcVtHl2F/X2wSXmdawPdSHByQ1xJkiXak82wPUFv
nO7u6mfq9y/URvgsIFBiPRajp0WTFRuQiv29BXuE9N+SO+ERek75hdmqoS6z8s3q
RgS9VA56Gv2OS7vhDmVYv2l8436Cldzz66pGTYEGM8QZHvEVyatF5IHytKyDo17d
Oz3moW9cnGlUnKuUmcEqYtEn4rbNMkItmDTJnWzn4UHLv0Ta4asgfo33e0YsKWNQ
h8fObXPTaFM92YQ7RG/ik8gT9/cKhE/U3Zho3L9pSKUn2VYLmWDyrZc7tQg/5Kgn
JqDLS41rZF6K/NIMcjKbpIrIMU6niLZnmwe/lGGsUQg4
-----END CERTIFICATE-----