Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/LZoTpPM2VkILReCwMFeJVUb0VAo.roa
File:                     LZoTpPM2VkILReCwMFeJVUb0VAo.roa (raw, json)
Hash identifier:          ID8ZXpUjQ9jwywDgmAXCourXR8hKniMNfDnHcEORfgE=
Subject key identifier:   2D:9A:13:A4:F3:36:56:42:0B:45:E0:B0:30:57:89:55:46:F4:54:0A
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       0199CB591952A5A7B6F840F0D49C3DA0EC8B
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/LZoTpPM2VkILReCwMFeJVUb0VAo.roa
Signing time:             Thu 09 Oct 2025 23:40:38 +0000
ROA not before:           Thu 09 Oct 2025 23:40:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        194.165.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cb:59:19:52:a5:a7:b6:f8:40:f0:d4:9c:3d:a0:ec:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Oct  9 23:40:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d9a13a4f33656420b45e0b03057895546f4540a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ed:3d:b1:ea:eb:94:ac:da:7e:ed:9f:0f:ca:
                    c5:16:22:1b:4f:20:c5:65:88:8a:0a:76:4b:cb:2e:
                    7c:0e:91:95:2f:ec:33:06:f0:77:83:6c:05:a2:6c:
                    66:36:c0:4b:a1:12:40:13:20:09:ad:2e:1f:ef:a8:
                    06:f9:89:00:b3:9e:ee:5e:a6:35:08:3c:9f:6f:ef:
                    b8:89:4a:ea:e4:ee:36:4a:9b:aa:07:4f:3a:35:89:
                    07:f7:99:46:6b:e5:dd:ba:7a:9f:2f:1f:88:6a:44:
                    9d:07:6b:d3:25:3e:d6:bd:1f:1e:97:e7:dd:0e:4a:
                    dc:26:69:ba:02:cd:26:91:73:4a:49:e4:c9:61:b6:
                    8f:a2:76:71:d3:3f:38:30:0e:a7:cf:f5:04:30:80:
                    82:db:a3:5a:a8:83:63:d6:57:11:02:27:3f:97:9d:
                    37:c1:7c:82:76:97:ba:e0:20:40:fb:a9:0e:b2:2e:
                    ef:93:ae:a2:04:80:64:ff:29:4f:76:f9:b0:bd:0d:
                    4c:26:73:66:da:2f:7b:83:87:e0:10:d7:b9:9a:fe:
                    8e:39:86:31:bb:16:a6:67:0e:8b:b3:7c:d0:70:e7:
                    fd:c8:42:73:ef:6b:59:b3:2e:9a:07:71:8f:c5:11:
                    78:d6:1b:11:a8:5f:65:95:a9:4d:9b:81:36:6d:97:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9A:13:A4:F3:36:56:42:0B:45:E0:B0:30:57:89:55:46:F4:54:0A
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/LZoTpPM2VkILReCwMFeJVUb0VAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b3:01:df:9e:4d:b9:26:a6:da:6d:1a:fd:2c:5b:4a:be:8d:
         da:ce:ec:aa:c7:d6:21:69:68:ff:f4:bd:3e:01:34:a0:3c:d8:
         9d:2e:29:2e:bb:7d:3c:bd:ff:ce:90:b9:cc:0e:01:5c:73:d0:
         89:f2:3b:28:80:93:38:de:dd:5e:05:fc:58:68:e9:f6:ba:0a:
         eb:7f:08:e4:1d:fd:54:f5:de:95:00:5b:4b:6c:59:01:c9:43:
         af:fd:8f:20:ff:34:8c:45:bc:d5:c0:fc:93:ce:7d:65:d1:6a:
         2f:8e:42:b4:50:63:d6:c6:4a:04:a4:96:8e:bc:e4:42:22:56:
         18:c4:3f:b8:01:01:77:57:d0:11:e7:1c:3c:e8:07:4d:4e:fa:
         be:83:49:59:78:20:8a:2c:b7:55:d6:8d:97:2b:fe:04:00:1d:
         15:e3:e8:43:2c:c7:4f:ae:10:7f:e9:0c:6d:e2:58:33:83:65:
         55:f7:05:ad:8b:53:73:43:05:9b:25:6c:65:fa:d8:eb:1d:2a:
         5c:7f:b7:8a:12:33:25:8f:4c:a5:3e:34:86:7f:bb:a7:df:02:
         43:71:60:8f:79:b8:f5:b7:19:59:c6:49:24:6d:a8:ea:58:1a:
         2d:ec:54:d5:00:59:e3:18:1e:a2:51:87:b3:b7:e7:f4:1b:59:
         e9:81:b9:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnLWRlSpae2+EDw1Jw9oOyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjUxMDA5MjM0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlhMTNhNGYzMzY1NjQyMGI0NWUwYjAzMDU3ODk1NTQ2ZjQ1NDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO09serrlKzafu2fD8rFFiIbTyDF
ZYiKCnZLyy58DpGVL+wzBvB3g2wFomxmNsBLoRJAEyAJrS4f76gG+YkAs57uXqY1
CDyfb++4iUrq5O42SpuqB086NYkH95lGa+XdunqfLx+IakSdB2vTJT7WvR8el+fd
DkrcJmm6As0mkXNKSeTJYbaPonZx0z84MA6nz/UEMICC26NaqINj1lcRAic/l503
wXyCdpe64CBA+6kOsi7vk66iBIBk/ylPdvmwvQ1MJnNm2i97g4fgENe5mv6OOYYx
uxamZw6Ls3zQcOf9yEJz72tZsy6aB3GPxRF41hsRqF9llalNm4E2bZfxxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2aE6TzNlZCC0XgsDBXiVVG9FQKMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvTFpvVHBQTTJWa0lMUmVDd01GZUpWVWIwVkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUbMA0G
CSqGSIb3DQEBCwUAA4IBAQA6swHfnk25JqbabRr9LFtKvo3azuyqx9YhaWj/9L0+
ATSgPNidLikuu308vf/OkLnMDgFcc9CJ8jsogJM43t1eBfxYaOn2ugrrfwjkHf1U
9d6VAFtLbFkByUOv/Y8g/zSMRbzVwPyTzn1l0WovjkK0UGPWxkoEpJaOvORCIlYY
xD+4AQF3V9AR5xw86AdNTvq+g0lZeCCKLLdV1o2XK/4EAB0V4+hDLMdPrhB/6Qxt
4lgzg2VV9wWti1NzQwWbJWxl+tjrHSpcf7eKEjMlj0ylPjSGf7un3wJDcWCPebj1
txlZxkkkbajqWBot7FTVAFnjGB6iUYezt+f0G1npgbkP
-----END CERTIFICATE-----