Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/la7bz71ihLeyogVuoQIY1GT3314.roa
File:                     la7bz71ihLeyogVuoQIY1GT3314.roa (raw, json)
Hash identifier:          5hafRGGQbIP56cRQdMYLUdF59or9sDzUcmPM82jh51E=
Subject key identifier:   95:AE:DB:CF:BD:62:84:B7:B2:A2:05:6E:A1:02:18:D4:64:F7:DF:5E
Certificate issuer:       /CN=b1267a51acb66f2991bea5243fe388068971a1f1
Certificate serial:       0199803CCFBCB8BB01BB44350F4F0144F66E
Authority key identifier: B1:26:7A:51:AC:B6:6F:29:91:BE:A5:24:3F:E3:88:06:89:71:A1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/la7bz71ihLeyogVuoQIY1GT3314.roa
Signing time:             Thu 25 Sep 2025 09:38:12 +0000
ROA not before:           Thu 25 Sep 2025 09:38:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47541
IP address blocks:        91.231.132.0/24 maxlen: 24
                          185.131.68.0/23 maxlen: 23
                          217.69.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:3c:cf:bc:b8:bb:01:bb:44:35:0f:4f:01:44:f6:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1267a51acb66f2991bea5243fe388068971a1f1
        Validity
            Not Before: Sep 25 09:38:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95aedbcfbd6284b7b2a2056ea10218d464f7df5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6b:5f:e2:91:5e:4a:a4:c2:b3:2b:59:68:e4:
                    e6:34:35:a4:0d:cf:df:01:34:05:ef:83:f9:b4:f5:
                    86:84:8e:22:6d:23:24:de:57:42:5a:25:80:61:b8:
                    f8:c9:a3:32:0a:68:15:9f:d7:c1:42:97:a5:97:fe:
                    a0:9a:55:a4:7e:c4:e0:6b:25:a1:97:e7:7f:3c:87:
                    c6:1e:6f:70:1a:00:73:7f:c5:cf:40:cf:98:06:d3:
                    0b:a4:3e:25:b4:67:fc:7d:5c:8f:17:b8:f0:c3:d0:
                    88:79:72:7e:d9:7a:57:6e:32:97:eb:a8:76:ff:ff:
                    39:45:85:b9:ea:a8:21:bc:d2:ed:eb:e0:a7:2d:e2:
                    ac:78:d8:73:af:c2:05:f8:4b:78:64:8d:07:2f:00:
                    34:b9:bc:ac:8d:97:a3:5e:b1:03:f7:9e:95:0d:75:
                    f6:eb:b4:8e:54:16:5d:3e:89:9b:d1:56:a1:14:9a:
                    c8:96:74:e2:a2:42:16:e1:90:23:4e:44:11:75:66:
                    64:f5:b2:14:84:56:d9:11:b6:b1:48:cd:c7:e8:f9:
                    c2:cd:ab:a3:72:ea:5c:04:0c:21:90:d2:19:c8:7e:
                    be:dd:91:69:26:f8:6b:04:a1:f3:6a:f8:0f:da:1b:
                    e1:db:d6:f7:3d:07:09:02:64:7a:89:ce:44:9a:e4:
                    51:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:AE:DB:CF:BD:62:84:B7:B2:A2:05:6E:A1:02:18:D4:64:F7:DF:5E
            X509v3 Authority Key Identifier:
                keyid:B1:26:7A:51:AC:B6:6F:29:91:BE:A5:24:3F:E3:88:06:89:71:A1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sSZ6Uay2bymRvqUkP-OIBolxofE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/la7bz71ihLeyogVuoQIY1GT3314.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d74ca2-3de6-4b69-a000-94d1b89f8cb2/1/sSZ6Uay2bymRvqUkP-OIBolxofE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.132.0/24
                  185.131.68.0/23
                  217.69.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:6e:06:1f:0b:db:91:ec:21:50:dc:b6:4b:01:8c:1e:b8:85:
         57:35:1e:99:5f:b0:10:09:61:b1:b3:9d:08:bd:01:35:6b:97:
         38:2e:82:47:e9:c0:fc:f4:52:df:1c:80:46:c4:9c:bb:94:69:
         85:82:d7:c0:61:59:3d:09:0c:cd:0d:13:31:3a:cd:2c:1a:ea:
         5f:11:4e:d0:8d:ef:15:f2:7b:0e:f1:69:a4:f8:06:96:1d:e5:
         0c:1d:af:6e:0f:1d:87:b8:29:c2:83:92:d9:8e:59:7e:89:f2:
         1f:c9:ce:ed:d8:56:6f:9c:f9:9a:b8:38:5b:5f:19:77:c3:6f:
         14:55:34:a8:c0:0b:a0:75:c3:f9:f2:7d:6f:45:b2:db:aa:b9:
         58:06:ab:fc:57:76:7c:29:bf:d4:be:6c:6c:8b:d3:82:9f:ce:
         34:c6:09:48:7e:60:df:09:3f:63:c8:a7:d9:96:d6:d2:12:b7:
         50:82:3f:37:50:04:8d:ff:9c:28:7b:aa:6f:07:1f:86:5f:94:
         00:7e:63:98:73:b5:7b:ca:f7:eb:1b:86:50:70:a9:db:39:75:
         0b:73:43:99:52:0d:5e:bb:d8:03:b2:8e:aa:f6:c3:13:54:21:
         fa:90:76:49:bc:ed:a8:6d:74:fe:d8:0a:7b:b3:10:89:3e:87:
         2f:83:87:1e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmAPM+8uLsBu0Q1D08BRPZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMjY3YTUxYWNiNjZmMjk5MWJlYTUyNDNmZTM4ODA2ODk3
MWExZjEwHhcNMjUwOTI1MDkzODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWFlZGJjZmJkNjI4NGI3YjJhMjA1NmVhMTAyMThkNDY0ZjdkZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmtf4pFeSqTCsytZaOTmNDWkDc/f
ATQF74P5tPWGhI4ibSMk3ldCWiWAYbj4yaMyCmgVn9fBQpell/6gmlWkfsTgayWh
l+d/PIfGHm9wGgBzf8XPQM+YBtMLpD4ltGf8fVyPF7jww9CIeXJ+2XpXbjKX66h2
//85RYW56qghvNLt6+CnLeKseNhzr8IF+Et4ZI0HLwA0ubysjZejXrED956VDXX2
67SOVBZdPomb0VahFJrIlnTiokIW4ZAjTkQRdWZk9bIUhFbZEbaxSM3H6PnCzauj
cupcBAwhkNIZyH6+3ZFpJvhrBKHzavgP2hvh29b3PQcJAmR6ic5EmuRRiwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJWu28+9YoS3sqIFbqECGNRk999eMB8GA1UdIwQY
MBaAFLEmelGstm8pkb6lJD/jiAaJcaHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1NaNlVheTJieW1SdnFVa1AtT0lCb2x4b2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNzRjYTItM2RlNi00YjY5LWEwMDAt
OTRkMWI4OWY4Y2IyLzEvbGE3Yno3MWloTGV5b2dWdW9RSVkxR1QzMzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNzRjYTItM2RlNi00YjY5LWEwMDAtOTRkMWI4OWY4Y2Iy
LzEvc1NaNlVheTJieW1SdnFVa1AtT0lCb2x4b2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+eEAwQB
uYNEAwQA2UWEMA0GCSqGSIb3DQEBCwUAA4IBAQAobgYfC9uR7CFQ3LZLAYweuIVX
NR6ZX7AQCWGxs50IvQE1a5c4LoJH6cD89FLfHIBGxJy7lGmFgtfAYVk9CQzNDRMx
Os0sGupfEU7Qje8V8nsO8Wmk+AaWHeUMHa9uDx2HuCnCg5LZjll+ifIfyc7t2FZv
nPmauDhbXxl3w28UVTSowAugdcP58n1vRbLbqrlYBqv8V3Z8Kb/Uvmxsi9OCn840
xglIfmDfCT9jyKfZltbSErdQgj83UASN/5woe6pvBx+GX5QAfmOYc7V7yvfrG4ZQ
cKnbOXULc0OZUg1eu9gDso6q9sMTVCH6kHZJvO2obXT+2Ap7sxCJPocvg4ce
-----END CERTIFICATE-----