Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LumIDmC9KaTmO5EmvKNIDB_MJ6I.roa
File:                     LumIDmC9KaTmO5EmvKNIDB_MJ6I.roa (raw, json)
Hash identifier:          T1v6ldOgSnHm0ILMw4lezNqfO7yaUlFFJv2DMeUijuQ=
Subject key identifier:   2E:E9:88:0E:60:BD:29:A4:E6:3B:91:26:BC:A3:48:0C:1F:CC:27:A2
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       01977A7E291A8735EA8F22FFB2A8E1D296EF
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LumIDmC9KaTmO5EmvKNIDB_MJ6I.roa
Signing time:             Mon 16 Jun 2025 20:46:17 +0000
ROA not before:           Mon 16 Jun 2025 20:46:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400956
IP address blocks:        85.237.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7a:7e:29:1a:87:35:ea:8f:22:ff:b2:a8:e1:d2:96:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Jun 16 20:46:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ee9880e60bd29a4e63b9126bca3480c1fcc27a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:81:5d:de:f3:8a:d3:37:77:b0:67:c9:82:dc:
                    2f:b0:54:43:44:ec:a6:7b:94:af:71:8c:89:89:f0:
                    c6:1d:0f:7a:27:90:31:28:d8:96:88:f6:a1:ee:39:
                    a9:8c:43:d9:4c:44:e9:4d:87:a5:5f:ae:e5:6c:3f:
                    06:4d:a8:b7:ac:1d:70:24:77:e5:cb:1b:26:3d:5e:
                    eb:93:b2:e4:49:18:49:3a:10:d8:10:33:8f:47:75:
                    39:97:27:98:48:ad:51:19:be:ec:9f:db:2f:de:db:
                    54:70:9d:3d:c8:9f:1a:b2:56:14:cb:72:1e:f1:bd:
                    91:41:5b:07:7d:f0:65:ba:ae:a2:71:cd:f1:25:06:
                    bb:15:c1:58:87:12:e6:64:61:51:a4:2f:9d:70:f2:
                    51:68:c6:57:0e:fd:00:ef:47:44:db:83:99:ae:61:
                    97:e1:fa:f7:da:63:ec:ed:88:90:f2:df:ea:54:b3:
                    d3:4a:84:84:5f:a3:f3:0e:de:d0:84:c1:a4:04:3a:
                    9b:9f:c0:a7:b3:93:ae:1e:c5:67:5a:22:71:3c:3d:
                    40:ce:d1:64:40:ff:f8:95:c1:63:33:58:cc:13:c3:
                    f2:dd:2e:3c:d9:3b:1c:8f:ea:60:3f:c3:48:5b:61:
                    78:2e:8d:7c:68:31:a7:3b:e3:7d:c9:fb:b0:fb:17:
                    8a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E9:88:0E:60:BD:29:A4:E6:3B:91:26:BC:A3:48:0C:1F:CC:27:A2
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LumIDmC9KaTmO5EmvKNIDB_MJ6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:89:94:21:b3:2c:60:22:6e:81:fe:a1:f4:2e:14:be:e9:34:
         9f:49:7c:2b:ce:ab:f0:10:78:43:e9:9a:ed:15:aa:60:1c:ff:
         12:ed:f5:cb:3e:97:3b:c0:d4:ae:9b:b3:74:b2:f2:10:39:84:
         19:97:63:28:0f:33:fc:36:a4:d2:90:66:04:fa:f9:3e:90:03:
         39:f2:e0:79:da:53:f4:11:5c:fa:c5:bb:d9:f0:55:82:ab:92:
         bb:6c:2e:aa:b5:a2:42:2b:c0:ef:08:ef:6c:e5:8f:12:70:7a:
         09:85:25:80:81:d3:e6:d2:05:b8:a8:0b:3c:49:38:82:63:e3:
         ae:bb:69:95:12:2b:62:7f:a8:af:d9:1a:09:79:5a:e7:e0:7d:
         30:23:35:e9:1f:76:6e:f1:92:43:cd:7c:a6:86:0a:a7:8c:3e:
         e8:57:10:4c:ec:92:cd:56:6d:e3:ce:06:4f:89:4f:5c:84:33:
         cc:2b:a7:5b:9c:bf:f7:77:46:e6:dd:f2:e3:1f:37:bc:49:ab:
         bc:00:b8:0d:77:00:8c:08:df:07:0a:6a:87:ff:e0:e7:d9:6d:
         6d:79:d3:23:f5:57:d5:3f:45:ee:24:57:e4:9a:5e:82:ff:bd:
         60:93:75:1c:22:c2:73:5d:5b:12:40:75:ec:9c:ae:be:5e:98:
         db:70:bb:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd6fikahzXqjyL/sqjh0pbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjUwNjE2MjA0NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWU5ODgwZTYwYmQyOWE0ZTYzYjkxMjZiY2EzNDgwYzFmY2MyN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4Fd3vOK0zd3sGfJgtwvsFRDROym
e5SvcYyJifDGHQ96J5AxKNiWiPah7jmpjEPZTETpTYelX67lbD8GTai3rB1wJHfl
yxsmPV7rk7LkSRhJOhDYEDOPR3U5lyeYSK1RGb7sn9sv3ttUcJ09yJ8aslYUy3Ie
8b2RQVsHffBluq6icc3xJQa7FcFYhxLmZGFRpC+dcPJRaMZXDv0A70dE24OZrmGX
4fr32mPs7YiQ8t/qVLPTSoSEX6PzDt7QhMGkBDqbn8Cns5OuHsVnWiJxPD1AztFk
QP/4lcFjM1jME8Py3S482Tscj+pgP8NIW2F4Lo18aDGnO+N9yfuw+xeKAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7piA5gvSmk5juRJryjSAwfzCeiMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvTHVtSURtQzlLYVRtTzVFbXZLTklEQl9NSjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1cMA0G
CSqGSIb3DQEBCwUAA4IBAQBuiZQhsyxgIm6B/qH0LhS+6TSfSXwrzqvwEHhD6Zrt
FapgHP8S7fXLPpc7wNSum7N0svIQOYQZl2MoDzP8NqTSkGYE+vk+kAM58uB52lP0
EVz6xbvZ8FWCq5K7bC6qtaJCK8DvCO9s5Y8ScHoJhSWAgdPm0gW4qAs8STiCY+Ou
u2mVEitif6iv2RoJeVrn4H0wIzXpH3Zu8ZJDzXymhgqnjD7oVxBM7JLNVm3jzgZP
iU9chDPMK6dbnL/3d0bm3fLjHze8Sau8ALgNdwCMCN8HCmqH/+Dn2W1tedMj9VfV
P0XuJFfkml6C/71gk3UcIsJzXVsSQHXsnK6+XpjbcLt8
-----END CERTIFICATE-----