Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/l25-eagSr6WzVdrAzPnf48EkFxw.roa
File:                     l25-eagSr6WzVdrAzPnf48EkFxw.roa (raw, json)
Hash identifier:          XM2IXA1Cpr5+PIWiHfTlP1Lkgcivd8xdrrN+uvVV9sQ=
Subject key identifier:   97:6E:7E:79:A8:12:AF:A5:B3:55:DA:C0:CC:F9:DF:E3:C1:24:17:1C
Certificate issuer:       /CN=b0e25bcc5530b6f46f3d11cb8113f219a46dfdab
Certificate serial:       019CC3A5786BC9C542708CF341D9EF1A475D
Authority key identifier: B0:E2:5B:CC:55:30:B6:F4:6F:3D:11:CB:81:13:F2:19:A4:6D:FD:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/l25-eagSr6WzVdrAzPnf48EkFxw.roa
Signing time:             Fri 06 Mar 2026 14:55:27 +0000
ROA not before:           Fri 06 Mar 2026 14:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208869
IP address blocks:        185.248.146.0/24 maxlen: 24
                          2a12:6bc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:a5:78:6b:c9:c5:42:70:8c:f3:41:d9:ef:1a:47:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0e25bcc5530b6f46f3d11cb8113f219a46dfdab
        Validity
            Not Before: Mar  6 14:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=976e7e79a812afa5b355dac0ccf9dfe3c124171c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:96:3e:3c:fd:6f:52:17:9f:7c:e5:2e:f6:
                    1a:1f:34:cb:af:37:b2:16:36:fa:6b:28:66:5c:93:
                    ec:85:e6:de:3f:22:38:cf:43:44:5f:a7:79:7e:19:
                    b5:dd:f0:9e:a7:96:b8:7c:5f:75:b5:71:bf:10:3d:
                    ab:cd:5c:8a:16:70:2a:72:51:0e:d5:c2:6d:66:6e:
                    01:07:fe:12:1a:7b:38:a5:42:8b:45:6e:8a:9d:7a:
                    a0:07:c8:32:98:b6:4c:a4:77:79:4c:a5:3d:95:f8:
                    eb:fe:1b:1e:1f:33:6c:ea:fb:fe:be:05:e6:d1:93:
                    49:93:f6:03:6c:89:7e:ad:26:95:e6:5d:3d:d9:17:
                    37:e3:f9:4a:b8:e1:f8:57:c5:40:0f:cf:bc:8e:09:
                    9e:78:b0:58:f2:84:1b:fe:66:6d:bf:05:6f:99:2b:
                    2b:d1:fa:aa:61:88:30:17:f9:6d:8d:d6:2d:32:08:
                    32:bd:da:5b:c1:cb:3b:3a:b0:05:15:8a:0f:20:9e:
                    c7:b2:32:0a:cc:54:6d:51:4d:9a:7f:32:80:a4:10:
                    54:e8:b5:e9:52:a6:e5:2c:a5:56:d6:b4:f2:91:18:
                    89:a2:b9:69:45:cb:d9:ab:cd:bf:93:2d:98:50:b4:
                    e7:a5:a5:b4:ba:b0:8f:1f:c3:38:5e:55:6b:16:53:
                    50:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6E:7E:79:A8:12:AF:A5:B3:55:DA:C0:CC:F9:DF:E3:C1:24:17:1C
            X509v3 Authority Key Identifier:
                keyid:B0:E2:5B:CC:55:30:B6:F4:6F:3D:11:CB:81:13:F2:19:A4:6D:FD:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/l25-eagSr6WzVdrAzPnf48EkFxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.146.0/24
                IPv6:
                  2a12:6bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:69:98:f7:db:19:a5:b3:de:ba:0c:af:45:ff:99:c2:2e:9c:
         ef:93:79:b7:fc:4c:3b:7c:e2:6a:d2:bc:50:57:67:50:64:e1:
         c4:8e:72:28:22:89:31:d4:e5:45:d9:3f:8a:f4:2f:d1:44:12:
         89:a7:9f:c9:68:a5:5a:21:c7:15:3c:c3:ce:be:42:ea:71:f5:
         03:fe:55:5d:27:dc:d6:05:2f:03:46:c4:0e:58:73:62:64:43:
         a8:5a:9e:1f:8c:75:a5:94:40:da:6f:e3:2f:4d:ce:13:51:84:
         93:aa:fd:60:41:1f:58:1e:26:91:33:cf:36:cd:98:96:f6:4b:
         d4:d7:6b:74:c8:66:6f:20:d7:ec:e2:5d:0d:06:58:7d:9c:de:
         27:c9:ce:9e:43:9e:72:4b:cc:13:c0:d7:38:a7:a8:5f:8b:c2:
         18:c8:47:86:84:95:84:bd:f1:47:88:c7:9b:63:6d:6e:fd:45:
         0f:a1:b5:27:34:e2:91:b7:54:10:40:95:23:52:24:31:60:b0:
         98:d5:ea:19:c7:6f:7d:ed:32:75:85:e4:a4:ff:ec:d4:e5:5a:
         36:44:08:1b:73:a5:b8:43:e0:2d:9a:5f:fa:a2:3b:72:e5:38:
         f2:f8:3f:e3:b6:b8:65:b4:6c:31:c2:e3:49:d5:1e:5c:e1:9f:
         a1:b3:b9:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzDpXhrycVCcIzzQdnvGkddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZTI1YmNjNTUzMGI2ZjQ2ZjNkMTFjYjgxMTNmMjE5YTQ2
ZGZkYWIwHhcNMjYwMzA2MTQ1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZlN2U3OWE4MTJhZmE1YjM1NWRhYzBjY2Y5ZGZlM2MxMjQxNzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW+WPjz9b1IXn3zlLvYaHzTLrzey
Fjb6ayhmXJPshebePyI4z0NEX6d5fhm13fCep5a4fF91tXG/ED2rzVyKFnAqclEO
1cJtZm4BB/4SGns4pUKLRW6KnXqgB8gymLZMpHd5TKU9lfjr/hseHzNs6vv+vgXm
0ZNJk/YDbIl+rSaV5l092Rc34/lKuOH4V8VAD8+8jgmeeLBY8oQb/mZtvwVvmSsr
0fqqYYgwF/ltjdYtMggyvdpbwcs7OrAFFYoPIJ7HsjIKzFRtUU2afzKApBBU6LXp
UqblLKVW1rTykRiJorlpRcvZq82/ky2YULTnpaW0urCPH8M4XlVrFlNQewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJdufnmoEq+ls1XawMz53+PBJBccMB8GA1UdIwQY
MBaAFLDiW8xVMLb0bz0Ry4ET8hmkbf2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc09KYnpGVXd0dlJ2UFJITGdSUHlHYVJ0X2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zODMwYzgtODAyZi00ODQ2LWI2ZTUt
MWFhZGFiYTgwMDcyLzEvbDI1LWVhZ1NyNld6VmRyQXpQbmY0OEVrRnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zODMwYzgtODAyZi00ODQ2LWI2ZTUtMWFhZGFiYTgwMDcy
LzEvc09KYnpGVXd0dlJ2UFJITGdSUHlHYVJ0X2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufiSMA0E
AgACMAcDBQMqEmvAMA0GCSqGSIb3DQEBCwUAA4IBAQBGaZj32xmls966DK9F/5nC
Lpzvk3m3/Ew7fOJq0rxQV2dQZOHEjnIoIokx1OVF2T+K9C/RRBKJp5/JaKVaIccV
PMPOvkLqcfUD/lVdJ9zWBS8DRsQOWHNiZEOoWp4fjHWllEDab+MvTc4TUYSTqv1g
QR9YHiaRM882zZiW9kvU12t0yGZvINfs4l0NBlh9nN4nyc6eQ55yS8wTwNc4p6hf
i8IYyEeGhJWEvfFHiMebY21u/UUPobUnNOKRt1QQQJUjUiQxYLCY1eoZx2997TJ1
heSk/+zU5Vo2RAgbc6W4Q+Atml/6ojty5Tjy+D/jtrhltGwxwuNJ1R5c4Z+hs7kR
-----END CERTIFICATE-----