Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2EPV3Ou3F5-ASvP2AuqjD-H3FpY.roa
File:                     2EPV3Ou3F5-ASvP2AuqjD-H3FpY.roa (raw, json)
Hash identifier:          dwRYPHfJ1GxAOYjmr36sgjPFgKpFgMuqJO2ugUlNDF8=
Subject key identifier:   D8:43:D5:DC:EB:B7:17:9F:80:4A:F3:F6:02:EA:A3:0F:E1:F7:16:96
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198966E915025DC67C9E572FC28B2E8495B
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2EPV3Ou3F5-ASvP2AuqjD-H3FpY.roa
Signing time:             Mon 11 Aug 2025 00:01:25 +0000
ROA not before:           Mon 11 Aug 2025 00:01:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18301
IP address blocks:        5.175.239.0/24 maxlen: 24
                          89.106.77.0/24 maxlen: 24
                          185.13.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:96:6e:91:50:25:dc:67:c9:e5:72:fc:28:b2:e8:49:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 11 00:01:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d843d5dcebb7179f804af3f602eaa30fe1f71696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:75:86:ce:1f:9c:30:80:b2:8d:1b:8f:39:79:
                    2a:28:fe:6e:f2:1e:82:22:48:a6:24:53:6e:21:de:
                    8c:0f:d9:16:da:d9:da:16:b0:02:c1:b9:04:c3:9c:
                    69:cf:c5:87:8a:e2:c5:57:3a:49:6d:62:46:e6:ee:
                    39:11:09:3c:4d:4a:37:6d:a2:6e:86:f0:42:e6:fe:
                    a9:f7:c3:40:88:a9:01:5b:a0:ce:41:5b:06:54:e9:
                    79:da:5b:a4:c8:19:79:94:ce:2b:ed:45:43:fe:c8:
                    67:3f:c2:4d:d7:91:2e:86:75:3e:c8:d5:3a:56:0e:
                    d4:96:aa:96:78:a2:df:87:70:a2:ec:01:e8:0d:bc:
                    6f:50:96:25:89:45:9a:ae:65:9c:c0:f3:25:54:67:
                    a8:72:b1:69:b2:27:56:9d:0d:45:33:fd:e2:27:76:
                    19:5f:4e:d0:a3:8d:89:3a:4e:46:3b:62:66:f8:f5:
                    ed:27:89:0d:da:1e:0c:fb:3d:bb:14:c8:1d:c8:39:
                    fd:5c:c4:70:0b:e5:b3:75:4e:d1:94:b4:67:22:e6:
                    e8:6c:cb:6c:dc:94:7f:7b:fa:63:bc:5e:ee:3a:ab:
                    c8:12:9b:f0:db:69:01:eb:d0:94:8d:69:55:fd:66:
                    36:b7:9c:65:ef:c7:c6:0b:a0:5d:d4:44:db:f1:01:
                    31:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:43:D5:DC:EB:B7:17:9F:80:4A:F3:F6:02:EA:A3:0F:E1:F7:16:96
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2EPV3Ou3F5-ASvP2AuqjD-H3FpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.239.0/24
                  89.106.77.0/24
                  185.13.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:20:a7:e4:11:93:90:c0:10:0d:5e:5d:12:e1:d0:be:2c:c1:
         59:47:06:de:05:c0:56:b4:f7:31:72:3f:fc:43:24:fe:01:68:
         d5:61:52:82:b5:dd:5e:13:2a:e6:1b:ef:c2:43:74:6f:8c:ed:
         91:92:db:9d:a3:2b:b8:e8:3f:8d:8d:cf:c0:68:2c:ba:b3:01:
         7b:fa:40:a2:4d:0f:7e:2f:ae:7a:62:ff:31:a7:a7:7b:bb:01:
         1a:e2:c5:e3:1f:a7:f6:96:05:04:0f:a1:72:e7:b2:e8:c6:38:
         f5:bc:ff:b2:23:29:b5:81:ab:5e:bc:0c:28:2d:1f:b8:0c:e7:
         d0:d6:f8:c1:21:eb:a3:1f:17:64:fd:37:71:b6:ab:a3:82:8c:
         10:00:80:a9:84:4a:eb:aa:3d:90:7b:60:ae:85:9b:f2:66:6e:
         43:7d:68:25:56:e6:91:bf:7d:39:8c:d8:f9:16:d8:57:63:86:
         47:8c:3b:5b:77:0f:d7:05:0d:dd:aa:c0:35:94:45:77:15:e9:
         e8:18:0c:82:6f:8b:fd:9f:6b:c6:e3:f0:5a:9e:f7:73:3e:0b:
         76:fd:dc:a7:8e:b8:3c:6f:0c:6f:aa:c4:82:a6:b3:b0:0e:96:
         d7:d8:46:63:7a:67:75:23:bc:d1:35:81:4f:42:01:86:4d:28:
         1c:a6:6a:b7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiWbpFQJdxnyeVy/Ciy6ElbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODExMDAwMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQzZDVkY2ViYjcxNzlmODA0YWYzZjYwMmVhYTMwZmUxZjcxNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHWGzh+cMICyjRuPOXkqKP5u8h6C
IkimJFNuId6MD9kW2tnaFrACwbkEw5xpz8WHiuLFVzpJbWJG5u45EQk8TUo3baJu
hvBC5v6p98NAiKkBW6DOQVsGVOl52lukyBl5lM4r7UVD/shnP8JN15EuhnU+yNU6
Vg7UlqqWeKLfh3Ci7AHoDbxvUJYliUWarmWcwPMlVGeocrFpsidWnQ1FM/3iJ3YZ
X07Qo42JOk5GO2Jm+PXtJ4kN2h4M+z27FMgdyDn9XMRwC+WzdU7RlLRnIubobMts
3JR/e/pjvF7uOqvIEpvw22kB69CUjWlV/WY2t5xl78fGC6Bd1ETb8QExgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNhD1dzrtxefgErz9gLqow/h9xaWMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMkVQVjNPdTNGNS1BU3ZQMkF1cWpELUgzRnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABa/vAwQA
WWpNAwQAuQ2cMA0GCSqGSIb3DQEBCwUAA4IBAQDMIKfkEZOQwBANXl0S4dC+LMFZ
RwbeBcBWtPcxcj/8QyT+AWjVYVKCtd1eEyrmG+/CQ3RvjO2Rktudoyu46D+Njc/A
aCy6swF7+kCiTQ9+L656Yv8xp6d7uwEa4sXjH6f2lgUED6Fy57Loxjj1vP+yIym1
gatevAwoLR+4DOfQ1vjBIeujHxdk/TdxtqujgowQAICphErrqj2Qe2CuhZvyZm5D
fWglVuaRv305jNj5FthXY4ZHjDtbdw/XBQ3dqsA1lEV3FenoGAyCb4v9n2vG4/Ba
nvdzPgt2/dynjrg8bwxvqsSCprOwDpbX2EZjemd1I7zRNYFPQgGGTSgcpmq3
-----END CERTIFICATE-----