Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KluOERwO7JD42tSY7SzaYIk0yRU.roa
File:                     KluOERwO7JD42tSY7SzaYIk0yRU.roa (raw, json)
Hash identifier:          YLxJf9E85QadUhVAMwy+yrs3X+SooJumuq1itcsYnpw=
Subject key identifier:   2A:5B:8E:11:1C:0E:EC:90:F8:DA:D4:98:ED:2C:DA:60:89:34:C9:15
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       01989AC517E2EFEA05D4635FC2082E8143BB
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KluOERwO7JD42tSY7SzaYIk0yRU.roa
Signing time:             Mon 11 Aug 2025 20:14:24 +0000
ROA not before:           Mon 11 Aug 2025 20:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207483
IP address blocks:        62.169.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9a:c5:17:e2:ef:ea:05:d4:63:5f:c2:08:2e:81:43:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Aug 11 20:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a5b8e111c0eec90f8dad498ed2cda608934c915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:80:86:ad:8f:1a:0b:a8:25:21:82:a0:9b:
                    c6:e0:75:9d:4b:59:e7:6c:b0:d8:be:22:d5:1e:fa:
                    60:cd:69:45:11:3a:e0:0c:24:e1:26:10:08:f2:fb:
                    91:b0:81:e1:3d:8d:62:9b:15:a1:56:1e:91:c9:9e:
                    2b:1c:1c:a7:49:dc:fa:45:0f:9f:da:9f:5f:22:54:
                    6a:cf:dd:b9:d9:27:78:a1:57:34:0b:38:69:ff:02:
                    1f:cf:12:89:ad:6f:aa:97:e0:c5:49:12:52:e1:e2:
                    53:10:5d:ff:d2:63:75:a7:7f:c8:6e:35:87:5a:b7:
                    41:35:ba:50:d2:fc:c5:08:4e:da:be:41:74:9a:b2:
                    94:82:f8:8a:81:0a:ae:81:d4:91:38:10:81:09:4c:
                    b0:da:80:f6:e9:24:b5:75:79:7a:8e:53:1d:90:66:
                    a4:2c:8d:83:79:ca:ee:f5:a8:0e:71:07:f2:78:d8:
                    e3:91:41:5c:a9:12:54:0c:b1:8b:b4:3c:b3:b8:b8:
                    e4:08:38:03:74:77:a0:8a:01:1b:df:62:c2:fb:8a:
                    80:51:22:c2:fe:d4:0c:7b:72:c6:d8:5c:4a:9c:d8:
                    24:27:ab:a4:33:23:ad:ab:4f:d5:cb:29:d2:ae:50:
                    8e:a9:51:8d:f6:a8:ce:c1:b5:19:c6:f7:03:c3:8c:
                    53:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5B:8E:11:1C:0E:EC:90:F8:DA:D4:98:ED:2C:DA:60:89:34:C9:15
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KluOERwO7JD42tSY7SzaYIk0yRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:41:7e:bc:c0:c6:69:80:23:64:9d:c6:12:a9:8d:c5:0c:a8:
         14:18:0b:b0:e9:18:e0:50:c2:e0:7f:11:85:f2:1c:57:78:5a:
         12:a8:73:8c:dc:06:fd:b6:d2:31:ef:8d:05:17:17:49:32:7c:
         51:9c:15:0d:3b:71:66:90:d4:3f:a0:9f:75:1e:8a:6c:a6:3d:
         75:f2:c4:ab:f5:33:c2:ba:b1:23:32:75:c4:56:e8:d1:df:d4:
         d6:70:82:6a:68:99:8d:c0:0b:42:0a:9d:95:80:e3:62:d5:c4:
         e4:1b:dd:3b:11:76:78:86:7e:b7:76:57:7d:c1:c8:8e:d9:64:
         19:77:65:54:6f:8c:e7:79:9c:ee:07:e3:27:fa:8a:d3:a9:78:
         6f:fe:1d:a4:c9:9c:10:93:cd:a4:0b:a5:e0:9b:25:53:75:db:
         de:e6:bb:4d:bc:b1:db:e5:78:74:ca:85:d7:29:00:56:04:4d:
         e0:a5:ad:77:ea:49:9d:12:aa:17:c9:92:d9:9c:ab:a9:b3:d4:
         a5:6c:64:c2:09:89:59:4d:77:a8:65:bf:a9:5d:4d:44:a6:68:
         db:ad:87:14:c3:a0:9e:00:bd:ab:a7:f5:09:e3:fb:fa:3b:e8:
         8b:de:9e:f0:58:8f:7e:fc:6f:59:58:c3:c8:9d:18:45:8c:b1:
         88:3e:8b:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiaxRfi7+oF1GNfwggugUO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwODExMjAxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTViOGUxMTFjMGVlYzkwZjhkYWQ0OThlZDJjZGE2MDg5MzRjOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHmAhq2PGguoJSGCoJvG4HWdS1nn
bLDYviLVHvpgzWlFETrgDCThJhAI8vuRsIHhPY1imxWhVh6RyZ4rHBynSdz6RQ+f
2p9fIlRqz9252Sd4oVc0Czhp/wIfzxKJrW+ql+DFSRJS4eJTEF3/0mN1p3/IbjWH
WrdBNbpQ0vzFCE7avkF0mrKUgviKgQqugdSROBCBCUyw2oD26SS1dXl6jlMdkGak
LI2Decru9agOcQfyeNjjkUFcqRJUDLGLtDyzuLjkCDgDdHegigEb32LC+4qAUSLC
/tQMe3LG2FxKnNgkJ6ukMyOtq0/VyynSrlCOqVGN9qjOwbUZxvcDw4xTxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpbjhEcDuyQ+NrUmO0s2mCJNMkVMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvS2x1T0VSd083SkQ0MnRTWTdTemFZSWsweVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqmZMA0G
CSqGSIb3DQEBCwUAA4IBAQCGQX68wMZpgCNkncYSqY3FDKgUGAuw6RjgUMLgfxGF
8hxXeFoSqHOM3Ab9ttIx740FFxdJMnxRnBUNO3FmkNQ/oJ91Hopspj118sSr9TPC
urEjMnXEVujR39TWcIJqaJmNwAtCCp2VgONi1cTkG907EXZ4hn63dld9wciO2WQZ
d2VUb4zneZzuB+Mn+orTqXhv/h2kyZwQk82kC6XgmyVTddve5rtNvLHb5Xh0yoXX
KQBWBE3gpa136kmdEqoXyZLZnKups9SlbGTCCYlZTXeoZb+pXU1EpmjbrYcUw6Ce
AL2rp/UJ4/v6O+iL3p7wWI9+/G9ZWMPInRhFjLGIPosg
-----END CERTIFICATE-----