Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/LNE0MuZMavkklT_2pqrHqhF84rY.roa
File:                     LNE0MuZMavkklT_2pqrHqhF84rY.roa (raw, json)
Hash identifier:          ZYqhRbVzdQKSF9ZEirdkyB29pkjWB2pzYX8b2N86rj0=
Subject key identifier:   2C:D1:34:32:E6:4C:6A:F9:24:95:3F:F6:A6:AA:C7:AA:11:7C:E2:B6
Certificate issuer:       /CN=9abca23d2e2bad1fb5788ddb5f5a6fc7ab62ca20
Certificate serial:       0198A7E0A6AD5ED46EE7C87354B35419B79D
Authority key identifier: 9A:BC:A2:3D:2E:2B:AD:1F:B5:78:8D:DB:5F:5A:6F:C7:AB:62:CA:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mryiPS4rrR-1eI3bX1pvx6tiyiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/LNE0MuZMavkklT_2pqrHqhF84rY.roa
Signing time:             Thu 14 Aug 2025 09:19:34 +0000
ROA not before:           Thu 14 Aug 2025 09:19:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34783
IP address blocks:        185.29.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/mryiPS4rrR-1eI3bX1pvx6tiyiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/mryiPS4rrR-1eI3bX1pvx6tiyiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mryiPS4rrR-1eI3bX1pvx6tiyiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:e0:a6:ad:5e:d4:6e:e7:c8:73:54:b3:54:19:b7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9abca23d2e2bad1fb5788ddb5f5a6fc7ab62ca20
        Validity
            Not Before: Aug 14 09:19:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cd13432e64c6af924953ff6a6aac7aa117ce2b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:78:c6:6c:aa:ae:4b:74:93:95:2d:72:27:09:
                    0d:e3:2d:99:da:66:c1:25:c5:c0:f6:41:6c:d9:9c:
                    f2:98:bb:16:7e:b0:04:ca:50:2a:c9:2a:27:d2:dd:
                    f0:d3:6a:f3:a4:57:f2:41:dd:d7:73:3e:35:5c:18:
                    7f:fc:51:db:7f:8c:17:22:b2:33:c5:41:1d:08:e3:
                    96:f1:63:fa:79:a4:91:bc:73:d8:85:a3:1e:7e:d9:
                    de:aa:80:8f:fb:49:41:8f:88:2c:eb:8a:e1:59:23:
                    d8:75:ee:a6:18:4d:e4:a8:e2:88:97:63:c6:ea:f9:
                    51:58:e6:41:fc:1d:3a:74:a7:ff:43:87:a8:73:f9:
                    95:cb:cb:cd:91:9f:ec:b0:64:c1:a1:57:b8:96:de:
                    7e:1e:b3:2b:e6:e1:7d:37:1c:c7:33:3f:db:a9:c4:
                    e3:a9:46:e9:71:81:e7:e6:7f:4b:b5:a4:13:36:48:
                    f8:c3:88:25:04:d2:bf:72:62:42:74:fe:21:36:87:
                    2e:b0:e5:d1:44:29:65:5b:86:d9:11:e2:64:d8:25:
                    ee:e9:35:87:8b:71:e1:de:5e:c5:ff:d2:d5:e0:96:
                    31:f7:d8:00:95:de:55:24:58:86:17:bd:f3:76:bc:
                    1a:12:4e:d3:df:fe:fb:a9:1b:7d:ea:40:11:70:e4:
                    59:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D1:34:32:E6:4C:6A:F9:24:95:3F:F6:A6:AA:C7:AA:11:7C:E2:B6
            X509v3 Authority Key Identifier:
                keyid:9A:BC:A2:3D:2E:2B:AD:1F:B5:78:8D:DB:5F:5A:6F:C7:AB:62:CA:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mryiPS4rrR-1eI3bX1pvx6tiyiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/LNE0MuZMavkklT_2pqrHqhF84rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f4009f-8275-4716-9971-ba39e7c2f6a1/1/mryiPS4rrR-1eI3bX1pvx6tiyiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:9c:e1:57:27:6a:54:e9:d8:33:32:5a:01:fc:c5:31:05:0a:
         ef:52:21:4d:03:35:f1:10:79:97:e1:d0:52:54:1d:13:e2:83:
         ad:da:61:13:0f:6a:31:76:3f:a1:6f:12:9a:cf:a9:6c:c1:0d:
         f0:f1:d3:2c:87:5c:14:c3:72:aa:3a:87:71:be:1f:2f:b6:f0:
         0c:db:03:50:c0:f5:24:9c:00:3f:c9:74:27:50:ab:fc:87:88:
         9c:d7:a2:58:a7:5a:28:c5:d8:cc:cf:5a:f5:78:89:72:e7:aa:
         36:19:56:85:c0:aa:0c:3c:27:0d:3c:ab:60:a5:7f:52:12:d0:
         0a:eb:fc:28:8b:47:bb:0e:36:9c:69:c9:bd:1f:f2:5c:cb:22:
         0d:fe:91:98:33:86:47:bc:d9:69:9e:e4:5c:99:02:21:81:fb:
         08:a7:db:2d:bb:a3:fe:b8:0e:d5:31:21:3e:31:1a:7d:d0:2b:
         e9:3d:b0:89:dc:13:27:b7:33:1d:7c:dc:b1:50:82:78:93:4c:
         bd:70:2a:bc:55:eb:91:72:1a:4e:48:ef:34:cf:8a:b8:04:5e:
         3b:ae:06:88:62:34:f6:16:68:f7:33:40:af:38:0a:e7:51:93:
         ed:4f:c9:b4:e5:5a:78:13:f3:56:55:32:b8:a4:71:b8:7e:8e:
         d0:8e:3d:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZin4KatXtRu58hzVLNUGbedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhYmNhMjNkMmUyYmFkMWZiNTc4OGRkYjVmNWE2ZmM3YWI2
MmNhMjAwHhcNMjUwODE0MDkxOTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2QxMzQzMmU2NGM2YWY5MjQ5NTNmZjZhNmFhYzdhYTExN2NlMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3jGbKquS3STlS1yJwkN4y2Z2mbB
JcXA9kFs2ZzymLsWfrAEylAqySon0t3w02rzpFfyQd3Xcz41XBh//FHbf4wXIrIz
xUEdCOOW8WP6eaSRvHPYhaMeftneqoCP+0lBj4gs64rhWSPYde6mGE3kqOKIl2PG
6vlRWOZB/B06dKf/Q4eoc/mVy8vNkZ/ssGTBoVe4lt5+HrMr5uF9NxzHMz/bqcTj
qUbpcYHn5n9LtaQTNkj4w4glBNK/cmJCdP4hNocusOXRRCllW4bZEeJk2CXu6TWH
i3Hh3l7F/9LV4JYx99gAld5VJFiGF73zdrwaEk7T3/77qRt96kARcORZRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzRNDLmTGr5JJU/9qaqx6oRfOK2MB8GA1UdIwQY
MBaAFJq8oj0uK60ftXiN219ab8erYsogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXJ5aVBTNHJyUi0xZUkzYlgxcHZ4NnRpeWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNDAwOWYtODI3NS00NzE2LTk5NzEt
YmEzOWU3YzJmNmExLzEvTE5FME11Wk1hdmtrbFRfMnBxckhxaEY4NHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNDAwOWYtODI3NS00NzE2LTk5NzEtYmEzOWU3YzJmNmEx
LzEvbXJ5aVBTNHJyUi0xZUkzYlgxcHZ4NnRpeWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR0kMA0G
CSqGSIb3DQEBCwUAA4IBAQAlnOFXJ2pU6dgzMloB/MUxBQrvUiFNAzXxEHmX4dBS
VB0T4oOt2mETD2oxdj+hbxKaz6lswQ3w8dMsh1wUw3KqOodxvh8vtvAM2wNQwPUk
nAA/yXQnUKv8h4ic16JYp1ooxdjMz1r1eIly56o2GVaFwKoMPCcNPKtgpX9SEtAK
6/woi0e7Djacacm9H/JcyyIN/pGYM4ZHvNlpnuRcmQIhgfsIp9stu6P+uA7VMSE+
MRp90CvpPbCJ3BMntzMdfNyxUIJ4k0y9cCq8VeuRchpOSO80z4q4BF47rgaIYjT2
Fmj3M0CvOArnUZPtT8m05Vp4E/NWVTK4pHG4fo7Qjj1k
-----END CERTIFICATE-----