Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/lnWvinUWS5GJDEzSwSpnFLjN5SY.roa
File:                     lnWvinUWS5GJDEzSwSpnFLjN5SY.roa (raw, json)
Hash identifier:          jtKCkOjWf0Ny2MITAbfrrO67TWiVMtXecagrH1sOE/U=
Subject key identifier:   96:75:AF:8A:75:16:4B:91:89:0C:4C:D2:C1:2A:67:14:B8:CD:E5:26
Certificate issuer:       /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial:       01995CBF483FAD2170717889D9840D86D146
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/lnWvinUWS5GJDEzSwSpnFLjN5SY.roa
Signing time:             Thu 18 Sep 2025 12:14:23 +0000
ROA not before:           Thu 18 Sep 2025 12:14:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49592
IP address blocks:        83.143.119.0/24 maxlen: 24
                          2a07:cec0:4402::/48 maxlen: 48
                          2a07:cec0:4403::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:bf:48:3f:ad:21:70:71:78:89:d9:84:0d:86:d1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
        Validity
            Not Before: Sep 18 12:14:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9675af8a75164b91890c4cd2c12a6714b8cde526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:07:a6:0a:4a:5e:0f:88:b4:bf:d5:bb:de:e8:
                    34:c6:24:8a:c5:98:64:75:a4:60:e1:87:81:76:de:
                    3c:59:3c:cf:1e:f6:1b:1f:7c:66:8d:30:aa:b2:58:
                    34:cc:9f:ac:bf:d0:12:41:9a:35:04:37:30:c5:6c:
                    03:6b:db:00:db:0d:ec:2b:a0:ba:04:7b:df:cf:36:
                    92:ea:0a:93:09:8e:30:ec:43:02:b6:7a:5e:be:fa:
                    5e:ca:33:53:00:df:43:ad:65:22:c9:6b:58:fd:23:
                    06:ad:bc:7b:3e:43:0f:3d:cc:36:e6:0b:f5:d3:73:
                    8b:ab:34:a3:7c:17:d2:47:dd:f2:10:41:dc:37:0b:
                    6a:eb:0f:41:6d:51:5d:f4:ff:3a:65:21:55:5a:24:
                    79:f4:cf:0a:6a:21:b5:91:60:91:b5:1f:2e:78:d1:
                    b2:07:63:35:9c:f5:c0:ec:b3:4d:3d:88:64:ba:2a:
                    11:c4:2e:78:5c:00:3c:86:a8:2f:90:2f:e4:5c:eb:
                    26:91:b8:9d:46:1b:be:17:3c:6d:c1:52:59:f8:ab:
                    2f:75:3a:d8:b1:b1:85:12:1f:3f:17:d3:34:3a:9a:
                    90:21:0c:94:3e:82:d5:18:ee:f4:62:d6:ff:c8:4e:
                    10:c1:ea:90:5b:5a:6d:44:d2:37:31:fe:15:ed:54:
                    9a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:75:AF:8A:75:16:4B:91:89:0C:4C:D2:C1:2A:67:14:B8:CD:E5:26
            X509v3 Authority Key Identifier:
                keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/lnWvinUWS5GJDEzSwSpnFLjN5SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.119.0/24
                IPv6:
                  2a07:cec0:4402::/47

    Signature Algorithm: sha256WithRSAEncryption
         23:d1:81:ad:14:7d:2c:ad:94:27:e4:3f:f6:85:79:83:9e:9f:
         a8:b5:a4:e3:fd:45:9a:3e:5f:be:9a:84:d1:c0:42:d2:75:4d:
         38:09:08:2a:0a:7a:29:65:1f:fb:61:bb:50:e5:0b:75:20:e3:
         d0:52:4c:15:b5:c7:6b:75:10:4c:31:cf:2d:0c:9f:36:b7:bd:
         00:9d:49:3b:da:a5:6b:3d:78:1b:4f:5e:dc:1f:65:f8:3b:44:
         56:4e:1d:53:91:5c:36:a8:78:10:9d:97:e3:f1:4f:e2:98:47:
         cd:da:dd:34:f1:20:59:18:6f:b9:f5:cf:74:fa:06:fe:d2:5b:
         82:fa:7b:f3:a5:89:c0:56:af:47:7c:b0:52:05:ad:d5:a6:1f:
         37:12:19:82:3b:74:5a:c7:e1:95:9e:34:f7:ca:52:68:55:85:
         3e:ab:d9:fd:fb:f8:22:61:02:d6:cf:2d:e0:e4:82:35:b1:a1:
         a1:9b:49:4d:94:8c:99:a5:b1:70:28:1b:a5:7b:29:84:26:a5:
         cd:f3:0e:8b:f2:2a:b3:67:b7:d8:01:ba:fc:a0:9e:f5:24:6f:
         9f:b3:19:1e:f8:36:20:c2:fe:03:0f:62:a1:47:db:dd:5b:c0:
         9e:8c:d8:82:39:c7:9c:c9:e7:38:12:b9:33:8a:98:55:08:5e:
         2b:fd:2b:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlcv0g/rSFwcXiJ2YQNhtFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwOTE4MTIxNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc1YWY4YTc1MTY0YjkxODkwYzRjZDJjMTJhNjcxNGI4Y2RlNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAemCkpeD4i0v9W73ug0xiSKxZhk
daRg4YeBdt48WTzPHvYbH3xmjTCqslg0zJ+sv9ASQZo1BDcwxWwDa9sA2w3sK6C6
BHvfzzaS6gqTCY4w7EMCtnpevvpeyjNTAN9DrWUiyWtY/SMGrbx7PkMPPcw25gv1
03OLqzSjfBfSR93yEEHcNwtq6w9BbVFd9P86ZSFVWiR59M8KaiG1kWCRtR8ueNGy
B2M1nPXA7LNNPYhkuioRxC54XAA8hqgvkC/kXOsmkbidRhu+FzxtwVJZ+KsvdTrY
sbGFEh8/F9M0OpqQIQyUPoLVGO70Ytb/yE4QweqQW1ptRNI3Mf4V7VSaqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJZ1r4p1FkuRiQxM0sEqZxS4zeUmMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEvbG5XdmluVVdTNUdKREV6U3dTcG5GTGpONVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAU493MA8E
AgACMAkDBwEqB87ARAIwDQYJKoZIhvcNAQELBQADggEBACPRga0UfSytlCfkP/aF
eYOen6i1pOP9RZo+X76ahNHAQtJ1TTgJCCoKeillH/thu1DlC3Ug49BSTBW1x2t1
EEwxzy0Mnza3vQCdSTvapWs9eBtPXtwfZfg7RFZOHVORXDaoeBCdl+PxT+KYR83a
3TTxIFkYb7n1z3T6Bv7SW4L6e/OlicBWr0d8sFIFrdWmHzcSGYI7dFrH4ZWeNPfK
UmhVhT6r2f37+CJhAtbPLeDkgjWxoaGbSU2UjJmlsXAoG6V7KYQmpc3zDovyKrNn
t9gBuvygnvUkb5+zGR74NiDC/gMPYqFH291bwJ6M2II5x5zJ5zgSuTOKmFUIXiv9
K9E=
-----END CERTIFICATE-----