Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/eAAUmN-xkynaGzw4mcWRSa6T2xo.roa
File:                     eAAUmN-xkynaGzw4mcWRSa6T2xo.roa (raw, json)
Hash identifier:          6lV4AKQAbMJeg1Ga7Qt/2OHzzoL31uqK/8JRLw/LFc8=
Subject key identifier:   78:00:14:98:DF:B1:93:29:DA:1B:3C:38:99:C5:91:49:AE:93:DB:1A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0199E278E770E129649BCD871295B9523D10
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/eAAUmN-xkynaGzw4mcWRSa6T2xo.roa
Signing time:             Tue 14 Oct 2025 11:26:38 +0000
ROA not before:           Tue 14 Oct 2025 11:26:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214033
IP address blocks:        185.13.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:78:e7:70:e1:29:64:9b:cd:87:12:95:b9:52:3d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 14 11:26:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78001498dfb19329da1b3c3899c59149ae93db1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5e:a1:34:4f:17:8e:18:ef:b9:24:1f:9a:7d:
                    ed:1b:1c:d5:71:86:40:dc:a3:16:a3:49:a4:1e:5f:
                    f1:32:81:05:d5:2f:8c:b7:84:b6:3b:4e:6f:64:32:
                    b3:9d:34:4c:7c:d6:22:27:91:27:36:0e:b4:90:a2:
                    83:16:46:23:26:de:db:02:5b:15:f9:29:4f:e3:ab:
                    be:7a:92:6f:e7:7e:18:97:53:e7:c4:76:43:43:90:
                    14:61:e8:6b:38:e7:4a:09:84:57:b5:10:23:e7:6a:
                    13:5e:47:46:7f:f4:4f:3f:30:ac:30:45:c0:9c:1b:
                    a1:92:73:92:46:58:c5:5f:96:8f:b6:82:07:79:39:
                    a9:d2:cc:e7:c2:45:93:b4:2e:17:a0:37:cd:1a:9a:
                    11:04:33:c5:c0:59:ec:27:66:72:0c:c7:55:2e:41:
                    03:26:95:f5:96:9a:aa:8c:3a:50:65:c4:51:a8:37:
                    80:58:f5:43:12:ae:5b:d6:93:b6:aa:3e:13:fd:e5:
                    4b:89:89:07:93:3a:da:40:5b:ec:7e:4e:96:6e:6f:
                    6b:03:96:0a:dd:ce:2c:7a:68:e2:ea:de:22:eb:55:
                    f4:3c:e8:c8:ec:8c:a8:3f:97:36:a4:16:d7:c9:b1:
                    d5:83:9c:b0:16:6b:d5:72:66:6f:80:16:71:b7:2e:
                    84:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:00:14:98:DF:B1:93:29:DA:1B:3C:38:99:C5:91:49:AE:93:DB:1A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/eAAUmN-xkynaGzw4mcWRSa6T2xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e9:d2:c6:97:76:12:54:01:52:0e:98:58:29:65:95:d7:08:56:
         a8:34:42:96:03:f1:c9:7b:51:10:ed:44:27:d3:0c:0e:b0:bc:
         be:20:1f:d8:34:e6:df:9b:fa:09:df:3c:88:ca:07:6a:80:0b:
         8c:af:10:8f:28:5e:a4:f8:0a:e4:47:63:ac:b7:c8:f0:d4:4f:
         2c:17:7e:29:92:4f:d2:85:55:93:89:d6:e0:ae:e3:47:03:ef:
         db:86:4c:e9:51:86:3c:4a:0a:17:c9:38:0b:08:92:c9:a2:22:
         6c:52:0b:74:aa:13:7f:eb:ad:fb:7c:81:8f:17:b1:01:c8:96:
         43:3f:73:90:28:f0:70:12:da:ed:cb:8c:99:0b:64:d1:4f:e4:
         5b:c5:b8:4b:5e:94:fa:7b:c9:3e:a0:a2:fd:08:ca:af:e4:48:
         b9:42:0e:3c:07:09:89:89:14:ee:74:c7:e1:75:90:2a:38:b2:
         15:31:2c:dc:79:6f:2c:2c:df:5f:0f:99:db:d8:7d:bd:dc:c4:
         97:7f:15:a2:8e:be:9f:ee:a9:c5:9c:d1:a0:c8:3c:b0:fb:a9:
         51:c4:23:42:60:fb:80:74:c9:e8:f0:30:eb:8a:2c:ef:0f:e3:
         24:5c:ef:d8:b8:19:1d:a4:6d:d8:ab:be:e9:14:a6:8a:3c:76:
         7a:05:c9:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnieOdw4Slkm82HEpW5Uj0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDE0MTEyNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODAwMTQ5OGRmYjE5MzI5ZGExYjNjMzg5OWM1OTE0OWFlOTNkYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol6hNE8XjhjvuSQfmn3tGxzVcYZA
3KMWo0mkHl/xMoEF1S+Mt4S2O05vZDKznTRMfNYiJ5EnNg60kKKDFkYjJt7bAlsV
+SlP46u+epJv534Yl1PnxHZDQ5AUYehrOOdKCYRXtRAj52oTXkdGf/RPPzCsMEXA
nBuhknOSRljFX5aPtoIHeTmp0sznwkWTtC4XoDfNGpoRBDPFwFnsJ2ZyDMdVLkED
JpX1lpqqjDpQZcRRqDeAWPVDEq5b1pO2qj4T/eVLiYkHkzraQFvsfk6Wbm9rA5YK
3c4semji6t4i61X0POjI7IyoP5c2pBbXybHVg5ywFmvVcmZvgBZxty6EgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgAFJjfsZMp2hs8OJnFkUmuk9saMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZUFBVW1OLXhreW5hR3p3NG1jV1JTYTZUMnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ2fMA0G
CSqGSIb3DQEBCwUAA4IBAQDp0saXdhJUAVIOmFgpZZXXCFaoNEKWA/HJe1EQ7UQn
0wwOsLy+IB/YNObfm/oJ3zyIygdqgAuMrxCPKF6k+ArkR2Ost8jw1E8sF34pkk/S
hVWTidbgruNHA+/bhkzpUYY8SgoXyTgLCJLJoiJsUgt0qhN/6637fIGPF7EByJZD
P3OQKPBwEtrty4yZC2TRT+RbxbhLXpT6e8k+oKL9CMqv5Ei5Qg48BwmJiRTudMfh
dZAqOLIVMSzceW8sLN9fD5nb2H293MSXfxWijr6f7qnFnNGgyDyw+6lRxCNCYPuA
dMno8DDriizvD+MkXO/YuBkdpG3Yq77pFKaKPHZ6Bcnj
-----END CERTIFICATE-----