Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L8GInCr89qQIlsk13Guq3JAfgIY.roa
File:                     L8GInCr89qQIlsk13Guq3JAfgIY.roa (raw, json)
Hash identifier:          KwflXvfDLS30NV8vU1+O9OnSPXHPGeszdJPjRtWdPuk=
Subject key identifier:   2F:C1:88:9C:2A:FC:F6:A4:08:96:C9:35:DC:6B:AA:DC:90:1F:80:86
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01999EB51A956B0F1F719DEF9F4E211C43ED
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L8GInCr89qQIlsk13Guq3JAfgIY.roa
Signing time:             Wed 01 Oct 2025 07:38:12 +0000
ROA not before:           Wed 01 Oct 2025 07:38:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213512
IP address blocks:        5.175.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:b5:1a:95:6b:0f:1f:71:9d:ef:9f:4e:21:1c:43:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct  1 07:38:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fc1889c2afcf6a40896c935dc6baadc901f8086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2e:51:13:14:db:58:bc:28:0f:c1:36:14:cd:
                    2c:2d:d0:1c:11:17:aa:00:ae:ea:f4:31:5b:2b:94:
                    93:e1:2d:71:bf:b1:0d:f3:23:a5:bd:fa:4f:b5:e7:
                    75:d7:f9:78:62:4a:73:92:50:61:52:b8:73:2e:89:
                    a4:d5:e3:b4:8b:59:7f:3c:2c:7b:22:f2:86:3e:10:
                    d6:58:c7:41:88:41:7d:ee:b2:c0:fb:38:83:3d:c3:
                    17:a2:50:31:22:0e:7e:93:03:87:fb:01:a4:c1:78:
                    a2:18:ea:48:c0:90:0e:1a:1d:58:16:bf:61:73:67:
                    64:fe:f7:c5:56:32:60:d5:a2:8c:d5:53:65:5f:e2:
                    1c:f9:8a:b6:34:db:90:35:23:8c:9e:72:01:99:83:
                    89:3c:d6:9b:b7:92:26:79:df:f2:12:01:fd:4a:8b:
                    c7:93:cb:ca:a1:6c:31:77:ea:c4:2d:ba:77:4a:dc:
                    3d:c6:13:87:71:b0:3e:53:08:b8:a7:58:d8:9d:ef:
                    47:4c:85:97:1c:70:09:79:75:bd:4b:aa:5d:9b:b1:
                    b5:b6:e0:0c:41:21:50:b4:fa:5c:38:44:ed:55:de:
                    ae:3f:ff:82:92:5b:b9:7c:14:00:3e:c9:fa:69:e0:
                    98:fd:29:d3:03:8c:c6:2c:14:e3:48:53:c0:b3:3a:
                    89:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C1:88:9C:2A:FC:F6:A4:08:96:C9:35:DC:6B:AA:DC:90:1F:80:86
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/L8GInCr89qQIlsk13Guq3JAfgIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:e0:d2:58:17:2e:a9:5f:25:43:38:6e:f6:ba:c3:88:af:63:
         e2:ef:95:7f:ef:79:37:c8:ef:e2:d9:2d:17:94:69:4d:5b:44:
         58:64:e2:b7:cf:97:6f:f4:2f:d9:c3:cc:de:13:73:94:67:3e:
         0a:39:a6:d9:6e:ca:59:ae:8e:0a:fd:e7:89:b4:35:b1:37:fd:
         23:ee:66:a3:45:5b:79:52:d6:c7:c6:80:e7:95:dc:29:60:17:
         62:ab:04:a0:39:1f:d4:85:b2:fd:6d:de:ea:76:18:8c:0c:5f:
         98:1a:b2:78:c6:39:93:16:98:b4:a5:c2:b0:7b:0d:7e:c5:85:
         bd:4f:e6:7b:37:3e:eb:cf:e3:f5:21:78:0a:22:83:9b:97:63:
         b1:aa:4f:21:24:86:04:22:f8:8c:b1:5b:97:1c:94:3d:a4:02:
         bf:ae:0b:1d:0f:a9:73:56:ef:5e:81:d5:28:a0:dc:1e:c2:c1:
         f0:56:ec:2d:0c:73:2c:9c:1b:a7:ff:87:e7:5e:6e:eb:b5:c7:
         46:01:56:48:25:ed:58:ed:7e:47:e5:a8:ea:31:67:73:cf:33:
         0d:90:91:ba:99:c8:a5:25:dc:90:d2:8f:56:7f:5a:6e:e3:15:
         8a:a2:bb:54:19:5b:42:b4:d7:64:97:c1:63:99:80:f1:2f:8b:
         33:c5:a6:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmetRqVaw8fcZ3vn04hHEPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDAxMDczODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMxODg5YzJhZmNmNmE0MDg5NmM5MzVkYzZiYWFkYzkwMWY4MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS5RExTbWLwoD8E2FM0sLdAcEReq
AK7q9DFbK5ST4S1xv7EN8yOlvfpPted11/l4YkpzklBhUrhzLomk1eO0i1l/PCx7
IvKGPhDWWMdBiEF97rLA+ziDPcMXolAxIg5+kwOH+wGkwXiiGOpIwJAOGh1YFr9h
c2dk/vfFVjJg1aKM1VNlX+Ic+Yq2NNuQNSOMnnIBmYOJPNabt5Imed/yEgH9SovH
k8vKoWwxd+rELbp3Stw9xhOHcbA+Uwi4p1jYne9HTIWXHHAJeXW9S6pdm7G1tuAM
QSFQtPpcOETtVd6uP/+Cklu5fBQAPsn6aeCY/SnTA4zGLBTjSFPAszqJLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/BiJwq/PakCJbJNdxrqtyQH4CGMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvTDhHSW5Dcjg5cVFJbHNrMTNHdXEzSkFmZ0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+OMA0G
CSqGSIb3DQEBCwUAA4IBAQCS4NJYFy6pXyVDOG72usOIr2Pi75V/73k3yO/i2S0X
lGlNW0RYZOK3z5dv9C/Zw8zeE3OUZz4KOabZbspZro4K/eeJtDWxN/0j7majRVt5
UtbHxoDnldwpYBdiqwSgOR/UhbL9bd7qdhiMDF+YGrJ4xjmTFpi0pcKwew1+xYW9
T+Z7Nz7rz+P1IXgKIoObl2Oxqk8hJIYEIviMsVuXHJQ9pAK/rgsdD6lzVu9egdUo
oNwewsHwVuwtDHMsnBun/4fnXm7rtcdGAVZIJe1Y7X5H5ajqMWdzzzMNkJG6mcil
JdyQ0o9Wf1pu4xWKortUGVtCtNdkl8FjmYDxL4szxaaw
-----END CERTIFICATE-----