Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/pLJn8ch1sdceplvxfB3SvidV52s.roa
File:                     pLJn8ch1sdceplvxfB3SvidV52s.roa (raw, json)
Hash identifier:          1/08/pgTDqiDdwG1f9AWMAp71LaFapRsFQMjVUsPvUA=
Subject key identifier:   A4:B2:67:F1:C8:75:B1:D7:1E:A6:5B:F1:7C:1D:D2:BE:27:55:E7:6B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019952107BD7AED17665CF643107C0E22436
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/pLJn8ch1sdceplvxfB3SvidV52s.roa
Signing time:             Tue 16 Sep 2025 10:27:15 +0000
ROA not before:           Tue 16 Sep 2025 10:27:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48225
IP address blocks:        5.189.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:10:7b:d7:ae:d1:76:65:cf:64:31:07:c0:e2:24:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep 16 10:27:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4b267f1c875b1d71ea65bf17c1dd2be2755e76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fa:38:cb:c6:30:d0:1b:a3:61:c5:4c:f9:fe:
                    8d:0b:6e:e5:37:3a:5d:de:04:51:6b:93:32:a1:29:
                    10:73:72:fd:86:c0:2e:b5:27:82:0e:64:44:1c:b1:
                    3b:ef:03:84:cd:c9:a7:a5:10:58:9c:12:7e:bc:f8:
                    2a:73:04:dc:c6:f0:2c:f3:0a:b0:ae:91:e1:0e:60:
                    a9:8e:67:93:4a:d3:a7:be:31:6d:2a:b9:dd:77:58:
                    20:7d:8c:2c:cc:09:0d:ac:d3:5a:a2:fd:ad:4f:92:
                    13:48:83:5b:66:c8:0a:8a:26:8b:69:0d:ce:c7:ae:
                    c6:53:ef:c0:05:de:78:5a:ac:c2:f9:59:40:9b:18:
                    e9:86:bd:52:b4:6a:b0:55:4b:65:44:7a:92:cc:b4:
                    16:23:ba:6d:26:e8:96:39:b2:d0:ac:3b:36:08:bc:
                    ec:a8:49:f0:26:26:21:1f:7e:1c:7d:e4:46:92:13:
                    cb:b8:79:15:ad:68:70:cb:6f:1b:fa:18:42:3d:40:
                    55:f7:bd:fe:d5:5f:e0:48:f1:9c:1d:c2:7b:3c:d3:
                    36:66:6e:19:cc:ef:2f:68:a2:4b:cc:df:2e:db:9d:
                    04:69:89:64:57:16:22:99:e7:53:a9:df:af:e4:76:
                    47:82:93:7d:5c:2d:10:4c:e5:95:ae:2c:62:52:03:
                    75:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B2:67:F1:C8:75:B1:D7:1E:A6:5B:F1:7C:1D:D2:BE:27:55:E7:6B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/pLJn8ch1sdceplvxfB3SvidV52s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.189.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:b0:5b:70:ef:a8:60:6f:47:32:3f:28:71:d5:06:b1:ca:6e:
         df:27:83:dd:bf:f3:e4:53:a0:2a:54:c6:62:74:d8:12:84:fa:
         e5:22:cf:21:bc:f6:47:4f:91:23:8b:07:1e:6b:6a:c5:17:38:
         ca:4a:6b:bb:db:d7:a9:d6:83:ae:cd:c1:b4:b8:b1:87:88:19:
         5d:e9:18:e2:63:05:71:e6:87:89:f8:75:74:d5:b9:02:e7:c7:
         06:76:9e:f8:ea:17:a8:bc:92:5e:5b:7d:9f:4b:ce:cf:1e:b2:
         57:53:3f:0c:6d:4d:a0:58:48:9f:96:fd:c8:f3:d9:2c:c9:9d:
         a4:59:b4:47:c7:3f:16:40:c2:14:25:71:4b:0f:17:f4:0b:6b:
         7e:c7:73:58:fb:24:60:03:e4:ed:e2:1d:c5:a7:4e:e9:4f:f3:
         18:8a:ed:f3:f3:ca:37:ce:9e:7d:d0:80:6c:46:2a:ff:ba:a7:
         ce:6d:86:31:28:b8:7e:b9:11:63:73:04:e1:80:61:a1:62:f3:
         d6:2b:26:bb:5e:8d:57:f1:80:27:5c:15:78:fa:33:c6:82:d1:
         19:46:31:3c:c1:23:ae:e6:47:e1:2c:b1:8f:93:39:29:22:63:
         71:23:c8:0c:26:1e:ec:5e:3f:66:41:05:5d:3b:b3:10:f6:36:
         10:fe:30:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlSEHvXrtF2Zc9kMQfA4iQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwOTE2MTAyNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGIyNjdmMWM4NzViMWQ3MWVhNjViZjE3YzFkZDJiZTI3NTVlNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvo4y8Yw0BujYcVM+f6NC27lNzpd
3gRRa5MyoSkQc3L9hsAutSeCDmREHLE77wOEzcmnpRBYnBJ+vPgqcwTcxvAs8wqw
rpHhDmCpjmeTStOnvjFtKrndd1ggfYwszAkNrNNaov2tT5ITSINbZsgKiiaLaQ3O
x67GU+/ABd54WqzC+VlAmxjphr1StGqwVUtlRHqSzLQWI7ptJuiWObLQrDs2CLzs
qEnwJiYhH34cfeRGkhPLuHkVrWhwy28b+hhCPUBV973+1V/gSPGcHcJ7PNM2Zm4Z
zO8vaKJLzN8u250EaYlkVxYimedTqd+v5HZHgpN9XC0QTOWVrixiUgN1EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSyZ/HIdbHXHqZb8Xwd0r4nVedrMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcExKbjhjaDFzZGNlcGx2eGZCM1N2aWRWNTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABb3bMA0G
CSqGSIb3DQEBCwUAA4IBAQCUsFtw76hgb0cyPyhx1Qaxym7fJ4Pdv/PkU6AqVMZi
dNgShPrlIs8hvPZHT5Ejiwcea2rFFzjKSmu729ep1oOuzcG0uLGHiBld6RjiYwVx
5oeJ+HV01bkC58cGdp746heovJJeW32fS87PHrJXUz8MbU2gWEiflv3I89ksyZ2k
WbRHxz8WQMIUJXFLDxf0C2t+x3NY+yRgA+Tt4h3Fp07pT/MYiu3z88o3zp590IBs
Rir/uqfObYYxKLh+uRFjcwThgGGhYvPWKya7Xo1X8YAnXBV4+jPGgtEZRjE8wSOu
5kfhLLGPkzkpImNxI8gMJh7sXj9mQQVdO7MQ9jYQ/jBg
-----END CERTIFICATE-----