Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/eoBQfc17YMW18lDGLvbcO_mY_AI.roa
File:                     eoBQfc17YMW18lDGLvbcO_mY_AI.roa (raw, json)
Hash identifier:          RHrko1plBfSTVGvaquUYDvyHrqn6dVrup7a+/ecj8TU=
Subject key identifier:   7A:80:50:7D:CD:7B:60:C5:B5:F2:50:C6:2E:F6:DC:3B:F9:98:FC:02
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       0198C63207861BE4486A0195E96331816125
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/eoBQfc17YMW18lDGLvbcO_mY_AI.roa
Signing time:             Wed 20 Aug 2025 06:37:04 +0000
ROA not before:           Wed 20 Aug 2025 06:37:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.14.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:32:07:86:1b:e4:48:6a:01:95:e9:63:31:81:61:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Aug 20 06:37:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a80507dcd7b60c5b5f250c62ef6dc3bf998fc02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:e5:8c:3a:4e:0e:d8:27:e6:91:5f:6f:07:
                    18:4f:c4:d8:32:6e:97:a9:8b:02:0c:44:70:bc:32:
                    d8:19:e3:16:37:2e:e3:7b:2d:6f:7e:03:63:e6:be:
                    80:9a:e6:50:2c:ad:6b:95:b9:61:da:b5:b9:f9:9d:
                    9f:9a:4d:33:a8:99:97:d5:f4:fe:79:cb:99:8a:07:
                    f1:13:4b:51:1f:33:00:d4:1e:78:46:d0:ef:3e:c3:
                    57:2a:d8:b9:43:4f:9a:6a:06:37:3f:8a:32:bc:b9:
                    9d:d6:e7:06:9e:8a:43:fb:0f:23:a1:88:d6:3c:b5:
                    c0:47:99:a3:16:b2:ee:b1:fa:66:85:fa:90:4f:23:
                    00:3a:9d:86:6a:36:3e:b6:24:81:81:29:86:64:03:
                    7c:88:71:8f:93:ec:34:fb:dc:5a:e3:9c:b1:4e:69:
                    d6:81:54:37:83:6e:09:14:ed:1d:e5:68:0a:5d:68:
                    6e:9b:87:56:bc:26:b4:0b:f1:18:ea:f3:0c:d7:0a:
                    06:23:00:c5:2a:5f:b9:69:d1:19:94:69:a3:8e:45:
                    55:f8:6f:6a:9e:ed:4a:28:e7:84:db:de:fc:f1:5d:
                    bc:b3:c9:1b:fe:cb:4c:39:e0:7f:f3:36:c1:df:98:
                    c0:25:cf:cc:2e:ba:74:45:51:47:c4:ff:b9:d1:d7:
                    e3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:80:50:7D:CD:7B:60:C5:B5:F2:50:C6:2E:F6:DC:3B:F9:98:FC:02
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/eoBQfc17YMW18lDGLvbcO_mY_AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0f:70:1d:1c:91:85:90:72:52:fd:6b:8d:de:46:33:9b:54:
         81:72:6a:23:7f:46:ae:5e:75:b1:51:23:83:f6:4c:64:ea:12:
         a5:23:ea:7a:07:de:ec:37:1f:96:2e:1b:f9:03:31:49:46:ba:
         94:f1:55:03:7c:02:4d:d7:92:29:65:1e:fe:e0:32:75:49:5f:
         bb:95:e0:ae:89:65:aa:f4:4e:5d:45:96:a4:25:a2:b0:64:f9:
         bd:d0:b6:e4:3a:c7:ca:29:76:6f:16:87:74:55:23:c2:a7:78:
         43:a2:31:58:fe:f5:f3:f1:20:6d:cd:55:ac:63:ed:61:7a:4b:
         12:54:49:7a:93:95:4f:c6:44:37:87:e1:a6:13:7c:ce:7e:8a:
         38:f9:15:d4:23:58:58:3c:13:06:a4:4d:88:35:0e:6d:bb:97:
         80:a8:b9:cd:f2:70:b6:eb:f1:75:13:ff:90:bc:87:44:e9:54:
         66:19:21:dc:be:08:aa:97:69:41:b0:54:4f:66:d5:ae:ce:0d:
         b9:d1:91:1e:75:f6:96:1f:d0:90:73:11:e4:55:32:e5:25:7b:
         78:9e:ff:e0:04:d4:66:a1:e9:ba:c8:ba:f7:6d:5b:92:ec:40:
         c3:0c:e5:44:42:61:e2:05:fe:6a:7c:06:47:a9:0b:3c:ee:4d:
         69:d0:4f:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGMgeGG+RIagGV6WMxgWElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjUwODIwMDYzNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTgwNTA3ZGNkN2I2MGM1YjVmMjUwYzYyZWY2ZGMzYmY5OThmYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgHljDpODtgn5pFfbwcYT8TYMm6X
qYsCDERwvDLYGeMWNy7jey1vfgNj5r6AmuZQLK1rlblh2rW5+Z2fmk0zqJmX1fT+
ecuZigfxE0tRHzMA1B54RtDvPsNXKti5Q0+aagY3P4oyvLmd1ucGnopD+w8joYjW
PLXAR5mjFrLusfpmhfqQTyMAOp2GajY+tiSBgSmGZAN8iHGPk+w0+9xa45yxTmnW
gVQ3g24JFO0d5WgKXWhum4dWvCa0C/EY6vMM1woGIwDFKl+5adEZlGmjjkVV+G9q
nu1KKOeE29788V28s8kb/stMOeB/8zbB35jAJc/MLrp0RVFHxP+50dfjMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqAUH3Ne2DFtfJQxi723Dv5mPwCMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvZW9CUWZjMTdZTVcxOGxER0x2YmNPX21ZX0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7tMA0G
CSqGSIb3DQEBCwUAA4IBAQAvD3AdHJGFkHJS/WuN3kYzm1SBcmojf0auXnWxUSOD
9kxk6hKlI+p6B97sNx+WLhv5AzFJRrqU8VUDfAJN15IpZR7+4DJ1SV+7leCuiWWq
9E5dRZakJaKwZPm90LbkOsfKKXZvFod0VSPCp3hDojFY/vXz8SBtzVWsY+1heksS
VEl6k5VPxkQ3h+GmE3zOfoo4+RXUI1hYPBMGpE2INQ5tu5eAqLnN8nC26/F1E/+Q
vIdE6VRmGSHcvgiql2lBsFRPZtWuzg250ZEedfaWH9CQcxHkVTLlJXt4nv/gBNRm
oem6yLr3bVuS7EDDDOVEQmHiBf5qfAZHqQs87k1p0E/U
-----END CERTIFICATE-----