Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LjTYBt2Q_NrmMxKXOq-Muwm-M7o.roa
File:                     LjTYBt2Q_NrmMxKXOq-Muwm-M7o.roa (raw, json)
Hash identifier:          OO6EZJNHuAgCvP1rSKz1ySNGPNipAogX258uERWZ5YU=
Subject key identifier:   2E:34:D8:06:DD:90:FC:DA:E6:33:12:97:3A:AF:8C:BB:09:BE:33:BA
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0199BB23616C8890C0E2422BC5065EB91378
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LjTYBt2Q_NrmMxKXOq-Muwm-M7o.roa
Signing time:             Mon 06 Oct 2025 20:08:02 +0000
ROA not before:           Mon 06 Oct 2025 20:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213137
IP address blocks:        185.242.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bb:23:61:6c:88:90:c0:e2:42:2b:c5:06:5e:b9:13:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  6 20:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e34d806dd90fcdae63312973aaf8cbb09be33ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:91:9e:06:8d:d1:cd:4e:d1:86:39:d4:ed:a0:
                    b0:34:13:ff:05:e1:94:ab:a1:fd:01:e2:81:6b:6d:
                    aa:6e:d9:d8:90:75:48:a7:8d:51:b3:f9:4b:2f:a1:
                    b4:85:61:d3:46:7d:bf:33:6a:25:9b:8c:fa:53:ec:
                    fe:cb:77:39:23:4f:4d:b8:35:89:3a:ba:e7:9f:9d:
                    bd:b6:c3:8b:8e:39:6e:4d:47:f0:de:33:de:fd:5c:
                    3e:b2:27:ce:30:c6:0f:0f:ee:3d:85:21:bd:7f:85:
                    e9:86:5e:08:18:03:ea:b4:95:81:16:a3:3a:92:ac:
                    ec:4f:4c:17:93:2a:d1:7d:51:ae:45:31:95:ed:af:
                    00:7c:32:b1:c8:15:36:05:99:7c:23:30:43:ed:20:
                    27:48:e0:8c:a9:ec:cf:c0:1e:ee:6d:33:71:1e:61:
                    21:51:30:00:9b:73:1b:b5:4e:e3:4b:66:d6:89:5a:
                    51:db:eb:2d:4f:a5:67:37:ee:93:b2:6f:1d:64:e1:
                    50:bd:23:43:62:43:6c:9b:9a:88:4c:0d:17:ff:60:
                    d4:40:12:a3:79:ab:83:67:28:e1:a9:ed:44:f4:47:
                    e8:33:ff:79:ac:a3:db:65:c2:35:50:c5:fd:c8:5d:
                    f0:34:d6:eb:94:47:b3:e2:b0:31:b1:e1:39:70:fd:
                    7f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:34:D8:06:DD:90:FC:DA:E6:33:12:97:3A:AF:8C:BB:09:BE:33:BA
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LjTYBt2Q_NrmMxKXOq-Muwm-M7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:f2:ae:fa:7b:d3:50:10:9d:81:05:05:93:b4:53:08:6c:2c:
         ac:ba:4e:38:d9:82:c4:1c:00:59:63:56:83:c5:9a:58:db:b0:
         3d:03:e8:61:4b:c6:3c:a2:2b:21:9f:13:f5:79:67:53:77:19:
         2a:da:a7:ca:5d:c7:eb:7c:b3:10:68:15:a0:f0:d9:8b:a4:52:
         66:5b:fc:af:4a:20:82:be:d4:93:1c:1e:45:82:c9:da:b0:be:
         02:8b:9f:39:a4:55:f9:9c:b9:ca:d4:2d:1e:10:1a:9f:79:d2:
         b9:41:b5:58:81:d6:4a:0a:32:69:25:18:df:c7:3f:de:e8:42:
         91:61:48:de:3f:d3:8c:7a:56:ad:2e:48:21:c1:41:9a:09:2f:
         38:ec:17:95:b4:50:2f:ef:d4:4c:8e:cf:e1:d6:ce:f2:10:53:
         ae:78:cc:01:2b:2d:4d:80:f1:f2:c1:fd:a0:cd:b9:ed:65:fd:
         b5:b5:35:5d:3e:be:2a:01:60:6d:f8:c0:27:f1:20:44:01:9f:
         cf:1d:73:04:d9:58:b8:07:3e:bc:35:80:23:11:d6:8b:b9:b7:
         80:d7:01:c0:f6:ce:ed:14:04:20:85:b9:90:39:e7:3f:df:57:
         0b:e9:f3:51:a7:01:66:23:4b:43:cc:36:37:a1:56:4f:5f:e6:
         6e:e7:cc:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm7I2FsiJDA4kIrxQZeuRN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDA2MjAwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM0ZDgwNmRkOTBmY2RhZTYzMzEyOTczYWFmOGNiYjA5YmUzM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJGeBo3RzU7RhjnU7aCwNBP/BeGU
q6H9AeKBa22qbtnYkHVIp41Rs/lLL6G0hWHTRn2/M2olm4z6U+z+y3c5I09NuDWJ
Orrnn529tsOLjjluTUfw3jPe/Vw+sifOMMYPD+49hSG9f4Xphl4IGAPqtJWBFqM6
kqzsT0wXkyrRfVGuRTGV7a8AfDKxyBU2BZl8IzBD7SAnSOCMqezPwB7ubTNxHmEh
UTAAm3MbtU7jS2bWiVpR2+stT6VnN+6Tsm8dZOFQvSNDYkNsm5qITA0X/2DUQBKj
eauDZyjhqe1E9EfoM/95rKPbZcI1UMX9yF3wNNbrlEez4rAxseE5cP1/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC402AbdkPza5jMSlzqvjLsJvjO6MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTGpUWUJ0MlFfTnJtTXhLWE9xLU11d20tTTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufL2MA0G
CSqGSIb3DQEBCwUAA4IBAQC48q76e9NQEJ2BBQWTtFMIbCysuk442YLEHABZY1aD
xZpY27A9A+hhS8Y8oishnxP1eWdTdxkq2qfKXcfrfLMQaBWg8NmLpFJmW/yvSiCC
vtSTHB5FgsnasL4Ci585pFX5nLnK1C0eEBqfedK5QbVYgdZKCjJpJRjfxz/e6EKR
YUjeP9OMelatLkghwUGaCS847BeVtFAv79RMjs/h1s7yEFOueMwBKy1NgPHywf2g
zbntZf21tTVdPr4qAWBt+MAn8SBEAZ/PHXME2Vi4Bz68NYAjEdaLubeA1wHA9s7t
FAQghbmQOec/31cL6fNRpwFmI0tDzDY3oVZPX+Zu58yb
-----END CERTIFICATE-----