Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/LKRcEUY_mkvA56OOH74rd1Cs5SQ.roa
File:                     LKRcEUY_mkvA56OOH74rd1Cs5SQ.roa (raw, json)
Hash identifier:          8IxdTM7SUkvg9nQlJ/k159ukvLl/f0FXKt0rkgzHAmI=
Subject key identifier:   2C:A4:5C:11:46:3F:9A:4B:C0:E7:A3:8E:1F:BE:2B:77:50:AC:E5:24
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019934FE282818D190E7F841B11D04EB4607
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/LKRcEUY_mkvA56OOH74rd1Cs5SQ.roa
Signing time:             Wed 10 Sep 2025 18:58:15 +0000
ROA not before:           Wed 10 Sep 2025 18:58:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        5.144.179.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          103.136.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 01:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:fe:28:28:18:d1:90:e7:f8:41:b1:1d:04:eb:46:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Sep 10 18:58:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ca45c11463f9a4bc0e7a38e1fbe2b7750ace524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a7:c3:a9:e7:ef:e5:12:c2:a0:9e:27:6a:55:
                    8f:e6:da:c5:95:0f:ed:6e:7c:99:5c:24:2d:6d:63:
                    28:3e:55:0b:7b:50:a7:41:1e:4b:71:67:98:fc:3a:
                    03:a6:d5:48:ac:58:aa:b1:11:c9:ad:83:06:5a:e4:
                    5a:26:9f:66:8d:4a:7c:df:0e:3b:d2:e2:39:b4:98:
                    7c:0b:1c:82:db:76:57:b6:1d:e4:b9:59:9e:a4:70:
                    ab:b3:38:1e:01:56:1f:2c:1c:64:88:52:6c:b3:61:
                    6b:ac:2a:59:c1:16:76:aa:f6:3d:35:57:7a:c3:0c:
                    3e:39:f7:16:b9:bf:8e:87:f8:ac:9e:4b:c4:bd:53:
                    8a:33:e1:76:c8:c7:2f:bf:4d:e7:99:27:2d:db:f3:
                    ef:f8:38:a8:cd:74:b0:84:2a:d2:fe:de:2d:f0:10:
                    0b:d8:a1:99:29:13:33:44:05:2a:a7:c2:21:b0:9c:
                    e6:32:c0:2d:1a:03:67:2d:fa:5c:f2:2b:37:c8:85:
                    27:3d:85:8e:c8:19:e9:bd:ed:b8:49:5e:03:5b:35:
                    f9:ee:ac:35:91:9b:55:d9:70:76:e7:f0:a5:9f:7f:
                    4d:b5:53:e2:29:2d:05:43:a3:5f:45:8c:4d:75:cb:
                    c6:7a:77:69:3e:02:e2:b3:fe:a2:91:17:66:ca:46:
                    fb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A4:5C:11:46:3F:9A:4B:C0:E7:A3:8E:1F:BE:2B:77:50:AC:E5:24
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/LKRcEUY_mkvA56OOH74rd1Cs5SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.179.0/24
                  5.178.96.0/24
                  103.136.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:e4:0a:38:b8:ba:2d:40:d6:20:4c:2c:31:12:be:f9:44:74:
         c2:b4:b0:7e:13:a8:f7:74:2a:e2:0b:b0:3e:03:bb:f6:57:7f:
         bb:92:d5:d0:0f:61:6d:7e:33:10:5d:80:06:f2:f6:fb:fe:85:
         71:02:b2:99:8e:b6:c0:bd:4f:5f:d3:38:4e:c4:db:9a:3d:63:
         33:b0:fa:1b:14:a5:65:c1:3b:be:6f:c3:e8:7a:65:ce:a8:46:
         1a:6e:d7:1a:d7:e5:eb:dd:7c:49:20:96:c2:78:1f:5f:1f:38:
         24:0b:34:c9:24:fe:e6:f3:46:62:81:fc:e6:52:14:91:ca:cc:
         fb:81:73:d9:4e:ac:03:19:61:75:ad:d6:98:ac:df:49:40:93:
         e0:82:e9:04:98:29:05:4d:06:2f:d1:e5:43:5d:df:71:79:20:
         19:a1:95:0e:40:a0:32:96:25:18:6d:44:b4:3b:12:25:dc:7d:
         b3:0e:d2:a7:13:c1:2a:a3:55:5d:3a:e5:9d:9d:16:ce:bc:e0:
         d1:80:81:50:46:4a:c9:f7:8d:90:02:50:62:87:5e:40:ed:80:
         1f:8d:b1:2b:f3:e6:82:57:1e:17:6b:cf:5d:67:cf:32:56:3d:
         9f:11:69:06:6a:82:ea:da:35:6e:aa:08:d3:0a:6d:f5:db:d9:
         86:21:21:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZk0/igoGNGQ5/hBsR0E60YHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwOTEwMTg1ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2E0NWMxMTQ2M2Y5YTRiYzBlN2EzOGUxZmJlMmI3NzUwYWNlNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqfDqefv5RLCoJ4nalWP5trFlQ/t
bnyZXCQtbWMoPlULe1CnQR5LcWeY/DoDptVIrFiqsRHJrYMGWuRaJp9mjUp83w47
0uI5tJh8CxyC23ZXth3kuVmepHCrszgeAVYfLBxkiFJss2FrrCpZwRZ2qvY9NVd6
www+OfcWub+Oh/isnkvEvVOKM+F2yMcvv03nmSct2/Pv+DiozXSwhCrS/t4t8BAL
2KGZKRMzRAUqp8IhsJzmMsAtGgNnLfpc8is3yIUnPYWOyBnpve24SV4DWzX57qw1
kZtV2XB25/Cln39NtVPiKS0FQ6NfRYxNdcvGendpPgLis/6ikRdmykb7vwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCykXBFGP5pLwOejjh++K3dQrOUkMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTEtSY0VVWV9ta3ZBNTZPT0g3NHJkMUNzNVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZCzAwQA
BbJgAwQAZ4hFMA0GCSqGSIb3DQEBCwUAA4IBAQDL5Ao4uLotQNYgTCwxEr75RHTC
tLB+E6j3dCriC7A+A7v2V3+7ktXQD2FtfjMQXYAG8vb7/oVxArKZjrbAvU9f0zhO
xNuaPWMzsPobFKVlwTu+b8PoemXOqEYabtca1+Xr3XxJIJbCeB9fHzgkCzTJJP7m
80ZigfzmUhSRysz7gXPZTqwDGWF1rdaYrN9JQJPggukEmCkFTQYv0eVDXd9xeSAZ
oZUOQKAyliUYbUS0OxIl3H2zDtKnE8Eqo1VdOuWdnRbOvODRgIFQRkrJ942QAlBi
h15A7YAfjbEr8+aCVx4Xa89dZ88yVj2fEWkGaoLq2jVuqgjTCm3129mGISEj
-----END CERTIFICATE-----