Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/LNlStrlsE14yRfjQBfv8pQze1bk.roa
File:                     LNlStrlsE14yRfjQBfv8pQze1bk.roa (raw, json)
Hash identifier:          fki9Rg0dg7D8WnpYuMELeDNz6e2xoBE+PNmZRxJsR0U=
Subject key identifier:   2C:D9:52:B6:B9:6C:13:5E:32:45:F8:D0:05:FB:FC:A5:0C:DE:D5:B9
Certificate issuer:       /CN=397245d0492eede59b045b5be1fd4eb9161bc417
Certificate serial:       0199ED7962E30BA81529D3603F62241DBC7D
Authority key identifier: 39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/LNlStrlsE14yRfjQBfv8pQze1bk.roa
Signing time:             Thu 16 Oct 2025 14:42:59 +0000
ROA not before:           Thu 16 Oct 2025 14:42:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61387
IP address blocks:        2a0e:df80:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:79:62:e3:0b:a8:15:29:d3:60:3f:62:24:1d:bc:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=397245d0492eede59b045b5be1fd4eb9161bc417
        Validity
            Not Before: Oct 16 14:42:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cd952b6b96c135e3245f8d005fbfca50cded5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ca:6a:94:35:d1:91:4a:a0:0b:62:75:15:5d:
                    6e:f6:e8:9a:ec:84:08:3b:87:21:2b:92:fd:6e:47:
                    10:7e:8d:b1:9f:85:76:36:39:7c:ae:57:da:f2:95:
                    ae:fa:b9:6c:bb:26:10:05:43:11:90:97:f3:31:cb:
                    cf:0a:6d:b5:00:ea:49:db:bf:aa:7d:57:62:7b:81:
                    b3:0d:ef:97:1c:f1:92:43:4b:20:cd:7d:62:88:9b:
                    38:1f:12:a1:c2:14:b2:01:0a:e8:70:56:e2:31:85:
                    9d:88:33:3b:bc:12:07:ac:e2:0e:b3:b4:2a:2a:3b:
                    f0:75:80:6d:54:6a:de:04:82:3f:93:7c:17:42:34:
                    75:ee:1d:07:66:2b:c1:26:55:d0:e9:c8:2d:0e:14:
                    b2:23:5d:cd:39:71:15:fd:7b:9f:c9:98:b1:d5:3d:
                    1a:21:22:1f:a2:e2:a5:74:57:76:86:47:c3:39:f7:
                    36:5a:28:d8:41:41:98:30:1a:21:1e:be:97:22:16:
                    0d:3d:09:5e:7b:72:8e:25:d3:b3:a8:02:70:e3:ab:
                    41:df:3e:58:5d:94:97:b0:b8:70:40:b9:db:92:be:
                    a1:48:9d:ee:45:84:aa:b3:62:8e:15:a8:23:85:87:
                    c7:0c:8f:59:4c:a6:ef:db:ef:63:84:cf:b8:3e:dc:
                    c2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D9:52:B6:B9:6C:13:5E:32:45:F8:D0:05:FB:FC:A5:0C:DE:D5:B9
            X509v3 Authority Key Identifier:
                keyid:39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/LNlStrlsE14yRfjQBfv8pQze1bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:df80:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:4b:da:ba:54:ac:5a:5c:29:03:08:17:b8:5c:20:71:3b:ad:
         3c:22:6c:93:32:4b:8a:ff:d6:06:15:9e:30:a4:a2:43:12:66:
         e8:96:fd:26:33:92:14:06:73:64:02:12:28:1c:e4:60:74:19:
         6b:3b:a5:8f:ed:2b:6a:2d:57:3f:0f:c0:43:95:e7:72:1e:64:
         11:12:1e:af:08:15:c0:51:af:f8:f2:53:d4:a7:c6:80:47:c8:
         d6:9a:92:db:58:5c:ba:51:83:8f:e3:f7:11:08:cd:03:e9:24:
         83:aa:45:1b:63:a3:99:7e:5c:b8:1f:71:28:7d:5b:71:96:4d:
         8b:03:64:d1:b6:92:9b:c3:2c:6e:86:d6:81:18:69:f9:0c:57:
         c0:b5:b4:da:18:29:b7:67:9f:37:2a:12:cf:53:56:ae:c2:6d:
         79:f1:04:cb:4f:bb:e4:f7:b2:0c:18:e6:67:16:8f:e2:30:29:
         48:c3:3c:ec:7d:5d:58:1e:26:05:7e:d9:0c:73:4f:01:d3:32:
         dc:9b:11:a3:6b:f9:f8:18:f9:50:da:e8:40:58:d0:27:a6:2d:
         e8:78:5e:f5:19:b4:33:82:34:ab:d5:96:1f:92:5b:03:6d:90:
         0e:d8:65:76:47:97:91:09:5f:09:64:03:e6:a2:14:31:5e:68:
         e4:b9:af:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnteWLjC6gVKdNgP2IkHbx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzI0NWQwNDkyZWVkZTU5YjA0NWI1YmUxZmQ0ZWI5MTYx
YmM0MTcwHhcNMjUxMDE2MTQ0MjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Q5NTJiNmI5NmMxMzVlMzI0NWY4ZDAwNWZiZmNhNTBjZGVkNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMpqlDXRkUqgC2J1FV1u9uia7IQI
O4chK5L9bkcQfo2xn4V2Njl8rlfa8pWu+rlsuyYQBUMRkJfzMcvPCm21AOpJ27+q
fVdie4GzDe+XHPGSQ0sgzX1iiJs4HxKhwhSyAQrocFbiMYWdiDM7vBIHrOIOs7Qq
KjvwdYBtVGreBII/k3wXQjR17h0HZivBJlXQ6cgtDhSyI13NOXEV/XufyZix1T0a
ISIfouKldFd2hkfDOfc2WijYQUGYMBohHr6XIhYNPQlee3KOJdOzqAJw46tB3z5Y
XZSXsLhwQLnbkr6hSJ3uRYSqs2KOFagjhYfHDI9ZTKbv2+9jhM+4PtzCcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCzZUra5bBNeMkX40AX7/KUM3tW5MB8GA1UdIwQY
MBaAFDlyRdBJLu3lmwRbW+H9TrkWG8QXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEt
YzQ0MmExOGYxZWZjLzEvTE5sU3RybHNFMTR5UmZqUUJmdjhwUXplMWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEtYzQ0MmExOGYxZWZj
LzEvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7fgAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAkS9q6VKxaXCkDCBe4XCBxO608ImyTMkuK/9YG
FZ4wpKJDEmbolv0mM5IUBnNkAhIoHORgdBlrO6WP7StqLVc/D8BDledyHmQREh6v
CBXAUa/48lPUp8aAR8jWmpLbWFy6UYOP4/cRCM0D6SSDqkUbY6OZfly4H3EofVtx
lk2LA2TRtpKbwyxuhtaBGGn5DFfAtbTaGCm3Z583KhLPU1auwm158QTLT7vk97IM
GOZnFo/iMClIwzzsfV1YHiYFftkMc08B0zLcmxGja/n4GPlQ2uhAWNAnpi3oeF71
GbQzgjSr1ZYfklsDbZAO2GV2R5eRCV8JZAPmohQxXmjkua+w
-----END CERTIFICATE-----