Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/eetoOfsHWTjLMfZd4vxj2wOaMbY.roa
File:                     eetoOfsHWTjLMfZd4vxj2wOaMbY.roa (raw, json)
Hash identifier:          5nUue4a1MqJN5QwbPYCQhcOixJJ8u3fjYV7s8ou0jm4=
Subject key identifier:   79:EB:68:39:FB:07:59:38:CB:31:F6:5D:E2:FC:63:DB:03:9A:31:B6
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019A50840F121D855B72B898087E1DB6D894
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/eetoOfsHWTjLMfZd4vxj2wOaMbY.roa
Signing time:             Tue 04 Nov 2025 20:17:03 +0000
ROA not before:           Tue 04 Nov 2025 20:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        109.72.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:84:0f:12:1d:85:5b:72:b8:98:08:7e:1d:b6:d8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Nov  4 20:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79eb6839fb075938cb31f65de2fc63db039a31b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:b7:74:42:e7:82:76:91:e3:04:8d:3d:52:
                    7f:5e:12:54:bd:6e:d1:49:8b:ee:58:af:b2:f7:75:
                    05:5b:f6:9a:a3:33:be:f2:08:5e:bb:f6:12:a5:c4:
                    a1:7e:9a:87:cd:1c:ff:ee:60:ef:c7:d3:5c:8b:b9:
                    2e:ec:d2:a8:2b:c1:85:7f:91:d9:10:80:b3:28:8e:
                    11:6a:89:65:29:cb:8d:1f:cf:5d:78:cc:03:e7:41:
                    8b:b4:4c:ed:d7:5a:76:1d:58:8b:59:9e:5b:d2:4c:
                    cc:5e:e2:74:0b:fa:ee:71:95:48:5b:6c:c2:f9:13:
                    ec:04:13:98:ed:b6:f4:4f:dc:32:d5:22:f0:2a:32:
                    cb:95:9a:15:ac:6b:81:01:83:cf:12:b3:d6:05:12:
                    dc:64:98:09:d6:23:ec:27:51:c9:54:74:c5:b0:de:
                    e2:54:9a:bd:90:09:bc:0e:f0:11:46:c9:75:da:a5:
                    b3:ee:14:9a:3c:50:3a:d4:42:8b:a0:86:e4:3b:d3:
                    f0:50:d5:3f:c6:6d:89:cd:5a:47:78:10:bb:2e:bb:
                    a9:d8:36:5a:47:c1:2c:b1:27:1b:b5:23:7b:3d:ca:
                    1a:db:62:03:56:4a:9d:b2:30:13:60:d3:4f:d7:50:
                    8a:a2:62:33:c6:eb:2a:db:ba:dd:d1:48:05:f6:33:
                    98:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:EB:68:39:FB:07:59:38:CB:31:F6:5D:E2:FC:63:DB:03:9A:31:B6
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/eetoOfsHWTjLMfZd4vxj2wOaMbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:cd:37:0b:76:1f:c4:d3:cb:5c:49:27:0e:3f:ec:40:5c:13:
         47:58:e1:5f:76:ad:9d:c6:b3:e4:aa:1b:7b:70:92:d4:0b:5e:
         91:6c:15:91:43:f9:2b:41:7e:9d:8c:75:2d:10:21:63:e7:23:
         c8:b8:be:6a:69:fe:81:62:56:9a:97:bf:0f:9b:95:df:9e:f5:
         14:4b:64:db:21:1b:0d:cd:d7:fd:66:3c:6c:fa:9a:59:6e:79:
         ba:89:30:e2:a2:91:ca:e4:61:d9:9a:6a:36:93:30:12:07:db:
         63:5b:cf:f5:a6:22:8b:71:e5:95:4a:0b:2e:32:6f:15:98:00:
         26:bb:40:42:60:98:8f:54:7f:48:3a:3d:14:eb:82:bd:d8:94:
         af:09:d9:84:55:38:32:90:de:01:11:90:1d:72:a4:9c:37:ec:
         bc:a8:22:2d:00:d0:97:35:f7:77:b3:6f:92:20:50:53:49:d1:
         be:91:18:38:3b:ec:fb:1b:1c:3d:bc:37:2b:98:5c:6d:49:df:
         70:5d:57:a6:0d:ee:62:af:07:04:42:35:9c:19:45:7d:6e:ac:
         24:fa:ae:22:47:67:12:65:c5:ce:9d:95:41:cd:1a:10:0a:6a:
         e7:0a:16:3d:ed:81:3c:ed:7c:89:77:da:29:0f:37:47:61:c0:
         68:a1:8c:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpQhA8SHYVbcriYCH4dttiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUxMTA0MjAxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWViNjgzOWZiMDc1OTM4Y2IzMWY2NWRlMmZjNjNkYjAzOWEzMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjS3dELngnaR4wSNPVJ/XhJUvW7R
SYvuWK+y93UFW/aaozO+8gheu/YSpcShfpqHzRz/7mDvx9Nci7ku7NKoK8GFf5HZ
EICzKI4RaollKcuNH89deMwD50GLtEzt11p2HViLWZ5b0kzMXuJ0C/rucZVIW2zC
+RPsBBOY7bb0T9wy1SLwKjLLlZoVrGuBAYPPErPWBRLcZJgJ1iPsJ1HJVHTFsN7i
VJq9kAm8DvARRsl12qWz7hSaPFA61EKLoIbkO9PwUNU/xm2JzVpHeBC7Lrup2DZa
R8EssScbtSN7Pcoa22IDVkqdsjATYNNP11CKomIzxusq27rd0UgF9jOYCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHnraDn7B1k4yzH2XeL8Y9sDmjG2MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvZWV0b09mc0hXVGpMTWZaZDR2eGoyd09hTWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUhwMA0G
CSqGSIb3DQEBCwUAA4IBAQBbzTcLdh/E08tcSScOP+xAXBNHWOFfdq2dxrPkqht7
cJLUC16RbBWRQ/krQX6djHUtECFj5yPIuL5qaf6BYlaal78Pm5XfnvUUS2TbIRsN
zdf9Zjxs+ppZbnm6iTDiopHK5GHZmmo2kzASB9tjW8/1piKLceWVSgsuMm8VmAAm
u0BCYJiPVH9IOj0U64K92JSvCdmEVTgykN4BEZAdcqScN+y8qCItANCXNfd3s2+S
IFBTSdG+kRg4O+z7Gxw9vDcrmFxtSd9wXVemDe5irwcEQjWcGUV9bqwk+q4iR2cS
ZcXOnZVBzRoQCmrnChY97YE87XyJd9opDzdHYcBooYzy
-----END CERTIFICATE-----