Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/lAPGewAMTsg2zoYnnReshsfQhuc.roa
File:                     lAPGewAMTsg2zoYnnReshsfQhuc.roa (raw, json)
Hash identifier:          cQriD0k+t33lYmHxMgkTAtEHjw/RaZJ3vs4rH148M98=
Subject key identifier:   94:03:C6:7B:00:0C:4E:C8:36:CE:86:27:9D:17:AC:86:C7:D0:86:E7
Certificate issuer:       /CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
Certificate serial:       0198C2EF12011DBF94A0091BE997003589A2
Authority key identifier: E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/lAPGewAMTsg2zoYnnReshsfQhuc.roa
Signing time:             Tue 19 Aug 2025 15:25:04 +0000
ROA not before:           Tue 19 Aug 2025 15:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21077
IP address blocks:        193.24.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:ef:12:01:1d:bf:94:a0:09:1b:e9:97:00:35:89:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
        Validity
            Not Before: Aug 19 15:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9403c67b000c4ec836ce86279d17ac86c7d086e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b3:8e:ea:11:d1:44:e3:60:a9:8d:72:e9:46:
                    d5:57:37:97:54:89:c5:7d:8a:85:b0:1a:e1:a9:d1:
                    73:89:19:d7:3b:c0:4f:25:90:26:a6:cd:29:9f:36:
                    fe:f3:da:03:45:ff:3f:69:63:ed:cf:df:34:28:ea:
                    18:63:82:28:32:37:c2:b0:02:e6:3c:6e:0f:fa:88:
                    bd:13:d3:cc:d7:cc:29:ea:6e:3c:6d:d2:96:c3:97:
                    3f:41:f1:04:8e:20:34:a5:88:15:3f:b4:c1:dc:4f:
                    e5:7b:33:31:dc:20:28:92:de:23:82:ce:a2:8a:35:
                    b0:45:2f:11:d5:f5:af:64:ca:70:6a:67:70:3e:2e:
                    85:f3:56:f5:e7:71:b9:d6:6d:4c:8f:cd:05:ef:88:
                    af:34:38:06:01:54:c5:47:21:a5:09:28:93:2a:26:
                    a1:7a:5d:84:54:71:e7:9d:16:0b:a4:68:88:77:33:
                    7b:ee:47:5d:fe:81:b4:cf:a5:ed:8b:89:df:68:ca:
                    35:1f:51:0e:b1:3f:8f:2f:64:a9:e1:c8:28:8d:a8:
                    c9:4f:cc:af:b7:8d:9a:82:49:ca:61:47:96:09:17:
                    f6:ac:e6:af:3a:75:2e:6d:a8:b9:f5:fe:ac:00:52:
                    7c:24:57:b6:5e:49:79:d1:2f:57:22:3b:1f:c6:6a:
                    3f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:03:C6:7B:00:0C:4E:C8:36:CE:86:27:9D:17:AC:86:C7:D0:86:E7
            X509v3 Authority Key Identifier:
                keyid:E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/lAPGewAMTsg2zoYnnReshsfQhuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:99:63:91:04:2b:23:60:42:cd:66:7c:fb:ad:0d:49:7d:98:
         88:34:82:08:8d:2e:6b:60:95:15:8f:30:6c:53:7e:32:e1:02:
         0d:5b:fc:0a:ed:60:1a:18:a7:f0:46:1a:47:da:ba:12:d6:08:
         40:41:34:ee:63:3d:d0:ec:b9:fd:5a:b5:a2:9e:e4:6a:f8:1d:
         78:56:60:1a:ac:ab:34:dc:0f:28:cf:3e:07:4a:f1:4b:f7:5c:
         f4:c9:89:cf:9b:8d:7f:fa:a0:dd:d6:95:9f:48:12:e8:81:b8:
         09:81:a3:0d:dd:01:64:72:2e:24:c3:c6:77:9a:44:2e:07:cd:
         77:7c:22:1c:77:0d:ff:dc:ce:e4:ae:d5:3f:48:ac:f3:61:d0:
         17:8f:78:77:f7:8f:d0:7c:ea:9d:19:49:43:c3:36:2b:e3:c2:
         e2:59:52:25:59:80:a4:b8:25:ca:fb:dd:a3:e9:6d:23:f2:fa:
         7f:6f:b0:61:81:e2:d3:6e:c8:f0:a1:44:ad:46:f0:9e:10:b1:
         60:73:82:fe:41:f9:46:eb:45:74:6b:b5:c9:3d:fc:0f:af:6a:
         46:4e:af:e5:75:df:23:63:b7:02:fa:80:ef:1a:bd:a0:5f:91:
         27:15:15:fd:40:68:cf:00:f3:27:e8:37:40:00:30:1f:e7:c2:
         34:b0:54:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjC7xIBHb+UoAkb6ZcANYmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZGEyM2QzYjkzMGQ0YzFmM2FjNzMwNjVkNzFhNjA3YzM1
ZDI5MDAwHhcNMjUwODE5MTUyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDAzYzY3YjAwMGM0ZWM4MzZjZTg2Mjc5ZDE3YWM4NmM3ZDA4NmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLOO6hHRRONgqY1y6UbVVzeXVInF
fYqFsBrhqdFziRnXO8BPJZAmps0pnzb+89oDRf8/aWPtz980KOoYY4IoMjfCsALm
PG4P+oi9E9PM18wp6m48bdKWw5c/QfEEjiA0pYgVP7TB3E/lezMx3CAokt4jgs6i
ijWwRS8R1fWvZMpwamdwPi6F81b153G51m1Mj80F74ivNDgGAVTFRyGlCSiTKiah
el2EVHHnnRYLpGiIdzN77kdd/oG0z6Xti4nfaMo1H1EOsT+PL2Sp4cgojajJT8yv
t42agknKYUeWCRf2rOavOnUubai59f6sAFJ8JFe2Xkl50S9XIjsfxmo/4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQDxnsADE7INs6GJ50XrIbH0IbnMB8GA1UdIwQY
MBaAFOLaI9O5MNTB86xzBl1xpgfDXSkAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRvajA3a3cxTUh6ckhNR1hYR21COE5kS1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWViYjgtYWU4Ni00Njk0LWE5NzIt
ODI3YTBhYzA0YTlkLzEvbEFQR2V3QU1Uc2cyem9Zbm5SZXNoc2ZRaHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9kZWViYjgtYWU4Ni00Njk0LWE5NzItODI3YTBhYzA0YTlk
LzEvNHRvajA3a3cxTUh6ckhNR1hYR21COE5kS1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRgcMA0G
CSqGSIb3DQEBCwUAA4IBAQAlmWORBCsjYELNZnz7rQ1JfZiINIIIjS5rYJUVjzBs
U34y4QINW/wK7WAaGKfwRhpH2roS1ghAQTTuYz3Q7Ln9WrWinuRq+B14VmAarKs0
3A8ozz4HSvFL91z0yYnPm41/+qDd1pWfSBLogbgJgaMN3QFkci4kw8Z3mkQuB813
fCIcdw3/3M7krtU/SKzzYdAXj3h394/QfOqdGUlDwzYr48LiWVIlWYCkuCXK+92j
6W0j8vp/b7BhgeLTbsjwoUStRvCeELFgc4L+QflG60V0a7XJPfwPr2pGTq/ldd8j
Y7cC+oDvGr2gX5EnFRX9QGjPAPMn6DdAADAf58I0sFTy
-----END CERTIFICATE-----