Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/2cq1P4ZZ6UgiNYpOTVH-QcalGJI.roa
File:                     2cq1P4ZZ6UgiNYpOTVH-QcalGJI.roa (raw, json)
Hash identifier:          fmH1CIvCoESiHgfxGKptTnPIXfqs2dEuOrOdNgFQtUI=
Subject key identifier:   D9:CA:B5:3F:86:59:E9:48:22:35:8A:4E:4D:51:FE:41:C6:A5:18:92
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019960AD726208733F584FD4B7BA2E59F6E1
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/2cq1P4ZZ6UgiNYpOTVH-QcalGJI.roa
Signing time:             Fri 19 Sep 2025 06:33:23 +0000
ROA not before:           Fri 19 Sep 2025 06:33:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32043
IP address blocks:        144.56.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:60:ad:72:62:08:73:3f:58:4f:d4:b7:ba:2e:59:f6:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Sep 19 06:33:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9cab53f8659e94822358a4e4d51fe41c6a51892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:50:b9:61:d9:75:03:e0:bd:de:f3:6b:b3:2c:
                    59:e1:78:37:0e:d9:ae:fe:89:77:77:8c:72:3f:d9:
                    d5:30:cd:70:3b:79:f2:46:2e:3f:09:6d:1e:06:d0:
                    05:61:93:86:6b:06:e4:5b:39:16:88:91:77:24:f7:
                    6c:b5:d9:c0:3a:02:7b:b2:45:8d:b1:07:44:35:51:
                    00:d8:e1:a7:01:7b:33:50:55:a7:47:8a:b5:51:b4:
                    e6:93:84:98:65:80:1f:04:25:a6:9b:ce:4d:31:dd:
                    e2:f4:d0:12:7f:e3:88:96:2d:3a:c2:7a:66:c4:46:
                    50:d2:94:1b:52:72:e6:1c:b5:70:4c:61:c7:bc:fd:
                    b7:8d:47:ca:9a:3a:45:ae:f9:d3:9f:55:a2:05:07:
                    30:fb:57:f5:4f:ad:f0:a2:99:04:37:d6:a1:91:69:
                    72:0a:b6:fe:37:20:bb:4f:56:31:7e:dc:9e:d8:3c:
                    63:20:d2:95:06:e8:d5:64:a7:31:67:a9:13:7e:e9:
                    09:f3:32:04:5b:4f:a1:1d:00:74:94:71:46:bc:95:
                    f5:20:10:ef:84:ab:96:52:a5:7a:2c:f5:80:b1:01:
                    2e:4e:bc:4f:88:68:11:5c:bb:d7:4b:aa:6c:67:76:
                    2b:3f:52:31:fa:37:71:14:29:2f:f7:3f:6d:97:c9:
                    79:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:CA:B5:3F:86:59:E9:48:22:35:8A:4E:4D:51:FE:41:C6:A5:18:92
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/2cq1P4ZZ6UgiNYpOTVH-QcalGJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f2:87:0b:bf:84:a4:4a:89:6b:92:1c:31:c0:c0:0d:42:cc:
         74:de:0b:85:86:f6:73:1c:46:97:ce:cd:15:5b:2d:7b:61:55:
         ce:fc:85:dd:b6:7a:d4:6f:e4:4c:70:84:64:60:ec:ce:50:b8:
         3a:4f:b6:c1:1b:78:7f:f5:7d:7c:a9:b8:a5:da:92:b5:b3:36:
         e2:e4:45:c0:71:9c:f9:63:7e:f3:df:12:04:66:17:bb:27:73:
         75:e5:ed:1b:51:9e:dc:1f:71:11:ce:ca:d1:26:c0:64:3b:ed:
         b9:b7:88:2b:b3:87:03:5c:d2:da:21:21:25:97:3b:16:41:fd:
         66:79:85:79:4b:6d:b2:2f:b7:d1:af:e7:d3:69:17:5d:ee:48:
         e0:85:d4:ea:2d:d4:bc:57:21:56:74:3b:07:60:1c:06:aa:9e:
         36:6e:aa:e6:4c:76:bb:25:bb:ba:c0:eb:ab:22:34:8a:52:3d:
         82:fd:4d:72:0f:0a:37:52:5d:5d:95:45:fd:57:af:95:11:1c:
         51:83:15:89:1d:2e:9e:22:4b:9e:a7:0c:f0:d7:ab:06:d1:ca:
         aa:99:fe:1b:fb:07:fe:0b:1f:02:df:7b:c6:e7:e7:20:48:9c:
         69:2c:75:d5:6e:88:d0:29:5d:5d:56:ca:0f:c6:a2:49:4c:d6:
         c0:86:fc:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlgrXJiCHM/WE/Ut7ouWfbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwOTE5MDYzMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNhYjUzZjg2NTllOTQ4MjIzNThhNGU0ZDUxZmU0MWM2YTUxODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVC5Ydl1A+C93vNrsyxZ4Xg3Dtmu
/ol3d4xyP9nVMM1wO3nyRi4/CW0eBtAFYZOGawbkWzkWiJF3JPdstdnAOgJ7skWN
sQdENVEA2OGnAXszUFWnR4q1UbTmk4SYZYAfBCWmm85NMd3i9NASf+OIli06wnpm
xEZQ0pQbUnLmHLVwTGHHvP23jUfKmjpFrvnTn1WiBQcw+1f1T63wopkEN9ahkWly
Crb+NyC7T1Yxftye2DxjINKVBujVZKcxZ6kTfukJ8zIEW0+hHQB0lHFGvJX1IBDv
hKuWUqV6LPWAsQEuTrxPiGgRXLvXS6psZ3YrP1Ix+jdxFCkv9z9tl8l5gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnKtT+GWelIIjWKTk1R/kHGpRiSMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvMmNxMVA0Wlo2VWdpTllwT1RWSC1RY2FsR0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDhTMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ8ocLv4SkSolrkhwxwMANQsx03guFhvZzHEaXzs0V
Wy17YVXO/IXdtnrUb+RMcIRkYOzOULg6T7bBG3h/9X18qbil2pK1szbi5EXAcZz5
Y37z3xIEZhe7J3N15e0bUZ7cH3ERzsrRJsBkO+25t4grs4cDXNLaISEllzsWQf1m
eYV5S22yL7fRr+fTaRdd7kjghdTqLdS8VyFWdDsHYBwGqp42bqrmTHa7Jbu6wOur
IjSKUj2C/U1yDwo3Ul1dlUX9V6+VERxRgxWJHS6eIkuepwzw16sG0cqqmf4b+wf+
Cx8C33vG5+cgSJxpLHXVbojQKV1dVsoPxqJJTNbAhvyV
-----END CERTIFICATE-----