Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lgQwxQZOcgquqRNg71NYi3Sijm4.roa
File:                     lgQwxQZOcgquqRNg71NYi3Sijm4.roa (raw, json)
Hash identifier:          HfRED13m8sJv9xs4k1jbI69mVzH++GNvPU2qgq/nABk=
Subject key identifier:   96:04:30:C5:06:4E:72:0A:AE:A9:13:60:EF:53:58:8B:74:A2:8E:6E
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0199292AA392CDAA57CB408AE700775843BE
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lgQwxQZOcgquqRNg71NYi3Sijm4.roa
Signing time:             Mon 08 Sep 2025 11:51:24 +0000
ROA not before:           Mon 08 Sep 2025 11:51:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.137.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:2a:a3:92:cd:aa:57:cb:40:8a:e7:00:77:58:43:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Sep  8 11:51:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=960430c5064e720aaea91360ef53588b74a28e6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:97:8c:f6:e9:a0:09:a9:68:bb:e4:47:29:70:
                    2c:01:42:47:36:0f:20:3a:ba:48:81:ec:a2:1b:4a:
                    50:6d:bb:3b:eb:c6:a2:15:2e:2b:97:c2:bd:56:97:
                    05:ce:96:ba:4e:53:2a:7c:dd:08:2e:59:93:da:4b:
                    35:c3:70:28:08:bb:35:e4:c4:5d:23:f4:60:d7:60:
                    d9:09:62:60:98:21:31:ce:32:78:73:eb:01:df:4b:
                    d9:07:04:c0:68:13:26:94:d9:19:a6:03:5a:c3:14:
                    0f:90:cb:30:22:95:e0:db:ca:dd:f1:64:0b:ba:6a:
                    ae:65:81:d3:c1:1c:f4:de:23:74:60:e3:72:c0:64:
                    69:d4:f1:f5:e9:9d:71:34:ae:aa:e8:ed:2b:8e:44:
                    8e:c3:22:e8:52:9c:e9:6b:24:53:95:13:2a:ff:83:
                    eb:44:0c:ba:db:84:1d:a7:d7:92:1a:69:ef:48:7e:
                    e7:8e:3f:87:76:53:2d:ad:79:14:2a:61:a2:96:23:
                    60:79:42:6b:03:51:4b:ec:19:50:71:64:89:dc:da:
                    26:a2:4e:3e:90:7e:19:83:f8:0b:2b:15:cc:7c:c7:
                    88:08:02:c2:fe:81:67:b9:cf:e5:9a:74:4a:69:93:
                    e5:f2:7c:04:6e:33:47:2d:79:c5:32:e3:20:13:f3:
                    48:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:04:30:C5:06:4E:72:0A:AE:A9:13:60:EF:53:58:8B:74:A2:8E:6E
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lgQwxQZOcgquqRNg71NYi3Sijm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:35:30:20:61:30:9e:d8:e2:8f:93:01:f6:bc:20:8c:ed:ef:
         74:dd:e5:1f:49:ba:2d:a4:93:21:ca:c2:9b:71:9d:93:69:e3:
         1b:64:23:2d:56:8a:e4:10:1b:4f:8c:5d:58:38:7d:79:5f:11:
         f5:dc:fb:b7:83:ae:22:a3:84:d4:fd:de:8b:95:eb:7e:65:94:
         d1:ff:d1:af:e2:e7:fd:19:65:89:cf:a6:5b:bb:04:fa:fb:f5:
         ff:35:5a:eb:6e:40:10:dd:d0:a0:1d:f8:31:65:15:b2:c8:49:
         08:fe:c9:ed:04:bb:5c:59:4b:a9:05:f8:fe:c6:ee:1c:65:fb:
         7d:c5:ea:27:4f:8f:51:30:92:04:1c:94:4c:97:52:51:fd:a2:
         44:76:b8:cb:c3:db:1d:c1:be:5a:3a:e6:50:90:c1:c3:73:b0:
         0c:ad:cf:43:96:50:75:50:2a:37:fb:73:76:01:58:50:fb:2d:
         b5:25:82:4f:24:8d:64:79:25:95:bd:ca:d2:2e:bf:07:bb:fc:
         e7:9b:0d:9d:70:a1:a0:b8:e3:49:75:92:bc:89:7b:d2:58:0e:
         d5:af:35:b6:06:4e:71:de:72:6c:b3:1e:a0:7e:4b:57:86:17:
         54:1b:3f:5f:35:2c:8c:30:d7:b7:8f:87:7c:be:e5:b4:0e:80:
         88:d2:cb:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkpKqOSzapXy0CK5wB3WEO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwOTA4MTE1MTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjA0MzBjNTA2NGU3MjBhYWVhOTEzNjBlZjUzNTg4Yjc0YTI4ZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZeM9umgCalou+RHKXAsAUJHNg8g
OrpIgeyiG0pQbbs768aiFS4rl8K9VpcFzpa6TlMqfN0ILlmT2ks1w3AoCLs15MRd
I/Rg12DZCWJgmCExzjJ4c+sB30vZBwTAaBMmlNkZpgNawxQPkMswIpXg28rd8WQL
umquZYHTwRz03iN0YONywGRp1PH16Z1xNK6q6O0rjkSOwyLoUpzpayRTlRMq/4Pr
RAy624Qdp9eSGmnvSH7njj+HdlMtrXkUKmGiliNgeUJrA1FL7BlQcWSJ3Nomok4+
kH4Zg/gLKxXMfMeICALC/oFnuc/lmnRKaZPl8nwEbjNHLXnFMuMgE/NI7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYEMMUGTnIKrqkTYO9TWIt0oo5uMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvbGdRd3hRWk9jZ3F1cVJOZzcxTllpM1Npam00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlqMA0G
CSqGSIb3DQEBCwUAA4IBAQBMNTAgYTCe2OKPkwH2vCCM7e903eUfSbotpJMhysKb
cZ2TaeMbZCMtVorkEBtPjF1YOH15XxH13Pu3g64io4TU/d6Llet+ZZTR/9Gv4uf9
GWWJz6ZbuwT6+/X/NVrrbkAQ3dCgHfgxZRWyyEkI/sntBLtcWUupBfj+xu4cZft9
xeonT49RMJIEHJRMl1JR/aJEdrjLw9sdwb5aOuZQkMHDc7AMrc9DllB1UCo3+3N2
AVhQ+y21JYJPJI1keSWVvcrSLr8Hu/znmw2dcKGguONJdZK8iXvSWA7VrzW2Bk5x
3nJssx6gfktXhhdUGz9fNSyMMNe3j4d8vuW0DoCI0svN
-----END CERTIFICATE-----