Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/CqElUduaScHUfUXZ9oxVz_D7LwU.roa
File:                     CqElUduaScHUfUXZ9oxVz_D7LwU.roa (raw, json)
Hash identifier:          3e+PiLGHJw3mA6A8DCEuv3cyH3r4LQ3GYaMPKoRjmZw=
Subject key identifier:   0A:A1:25:51:DB:9A:49:C1:D4:7D:45:D9:F6:8C:55:CF:F0:FB:2F:05
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       0199760CA3D7873472E53C257A159A7FC604
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/CqElUduaScHUfUXZ9oxVz_D7LwU.roa
Signing time:             Tue 23 Sep 2025 10:09:23 +0000
ROA not before:           Tue 23 Sep 2025 10:09:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401783
IP address blocks:        147.185.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:0c:a3:d7:87:34:72:e5:3c:25:7a:15:9a:7f:c6:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Sep 23 10:09:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aa12551db9a49c1d47d45d9f68c55cff0fb2f05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e9:18:0b:57:2b:e4:3a:bd:78:c1:7a:e4:08:
                    d7:cd:ba:ef:01:f3:45:76:5a:6e:7f:38:33:c4:0e:
                    64:20:aa:50:a3:5b:85:44:da:79:5b:59:f3:59:04:
                    04:88:5c:07:e7:f6:66:f8:92:d8:79:96:14:47:a7:
                    d0:aa:44:83:16:1e:9f:3a:be:1e:d3:87:5d:46:75:
                    48:4d:03:36:52:2e:ef:fa:b1:b0:74:46:67:ad:28:
                    90:bd:78:82:00:ed:7a:43:ff:74:ed:38:80:27:3c:
                    24:5f:55:7c:4c:30:c4:37:f6:d2:9b:87:a7:97:1e:
                    27:72:63:ac:59:71:cc:f3:07:e3:d3:fe:05:68:9b:
                    a4:7e:7a:06:88:35:0e:e6:cd:57:ed:cf:2e:ba:41:
                    df:2c:2a:b4:6e:54:5d:64:be:5a:06:5e:58:3e:77:
                    97:30:18:61:ce:05:2e:50:f7:45:c3:5e:32:eb:19:
                    5a:cd:48:47:19:39:84:ee:fd:21:60:f5:89:8f:5d:
                    58:0a:3b:3f:f8:09:40:3d:66:37:a0:dd:2f:cd:77:
                    f8:e0:e8:ac:41:17:b2:ac:fd:09:97:f7:bf:cf:24:
                    1a:98:55:0f:cb:f9:96:72:fd:38:47:d9:cb:99:4e:
                    f6:8c:b7:fa:37:4c:85:e4:e9:de:d7:fe:b3:4e:31:
                    2c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A1:25:51:DB:9A:49:C1:D4:7D:45:D9:F6:8C:55:CF:F0:FB:2F:05
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/CqElUduaScHUfUXZ9oxVz_D7LwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:18:f9:c6:07:d2:8b:27:09:6a:51:7f:f3:01:20:0c:7e:b4:
         84:6c:50:59:28:86:ce:b9:60:64:1e:28:0e:f2:77:f5:a7:2e:
         a7:8c:a0:03:b7:74:69:da:f5:d2:3b:02:0a:21:e5:8d:dc:6f:
         d4:e2:17:bb:54:b2:b5:d0:c6:b3:fa:ee:ed:a5:c2:f1:b7:68:
         95:1b:73:bb:c6:d4:ef:7b:ff:a3:bd:0b:83:29:d3:65:ac:40:
         11:d6:a3:7a:30:12:49:06:36:89:4b:04:bc:c2:93:f1:b5:5a:
         df:c1:46:9c:b2:ee:c1:b4:5f:82:5a:db:1a:6f:77:34:fe:87:
         85:eb:e1:ab:c2:2b:41:70:7e:7b:37:6b:ac:9c:5e:2a:53:95:
         cf:c8:bd:27:7d:b5:f2:46:cc:62:43:da:d6:95:a8:e3:1d:03:
         a6:2c:30:4f:ea:ea:54:1f:be:b8:b9:da:cd:67:df:3f:63:a1:
         7f:16:94:96:6f:99:c7:49:86:52:ce:a8:e3:85:6c:19:0f:87:
         97:b2:72:6a:99:3e:a5:62:da:e9:43:4b:d4:29:d5:31:1d:7d:
         15:02:e7:44:95:bb:16:c0:1a:69:bc:e8:b4:36:b0:71:0f:47:
         98:d6:01:37:b1:0d:b7:f2:42:05:af:b4:d5:39:e4:43:09:15:
         e9:7d:91:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2DKPXhzRy5TwlehWaf8YEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjUwOTIzMTAwOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWExMjU1MWRiOWE0OWMxZDQ3ZDQ1ZDlmNjhjNTVjZmYwZmIyZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtukYC1cr5Dq9eMF65AjXzbrvAfNF
dlpufzgzxA5kIKpQo1uFRNp5W1nzWQQEiFwH5/Zm+JLYeZYUR6fQqkSDFh6fOr4e
04ddRnVITQM2Ui7v+rGwdEZnrSiQvXiCAO16Q/907TiAJzwkX1V8TDDEN/bSm4en
lx4ncmOsWXHM8wfj0/4FaJukfnoGiDUO5s1X7c8uukHfLCq0blRdZL5aBl5YPneX
MBhhzgUuUPdFw14y6xlazUhHGTmE7v0hYPWJj11YCjs/+AlAPWY3oN0vzXf44Ois
QReyrP0Jl/e/zyQamFUPy/mWcv04R9nLmU72jLf6N0yF5One1/6zTjEstwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqhJVHbmknB1H1F2faMVc/w+y8FMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvQ3FFbFVkdWFTY0hVZlVYWjlveFZ6X0Q3THdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7lrMA0G
CSqGSIb3DQEBCwUAA4IBAQAYGPnGB9KLJwlqUX/zASAMfrSEbFBZKIbOuWBkHigO
8nf1py6njKADt3Rp2vXSOwIKIeWN3G/U4he7VLK10Maz+u7tpcLxt2iVG3O7xtTv
e/+jvQuDKdNlrEAR1qN6MBJJBjaJSwS8wpPxtVrfwUacsu7BtF+CWtsab3c0/oeF
6+GrwitBcH57N2usnF4qU5XPyL0nfbXyRsxiQ9rWlajjHQOmLDBP6upUH764udrN
Z98/Y6F/FpSWb5nHSYZSzqjjhWwZD4eXsnJqmT6lYtrpQ0vUKdUxHX0VAudElbsW
wBppvOi0NrBxD0eY1gE3sQ238kIFr7TVOeRDCRXpfZHw
-----END CERTIFICATE-----