Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/2RLPKPvDSs3i2HR8_eugi8jwWnc.roa
File:                     2RLPKPvDSs3i2HR8_eugi8jwWnc.roa (raw, json)
Hash identifier:          wcYNpPvYweifi8qy+TpJpPxYZ1uEH1ELvZbmF4K8Vuw=
Subject key identifier:   D9:12:CF:28:FB:C3:4A:CD:E2:D8:74:7C:FD:EB:A0:8B:C8:F0:5A:77
Certificate issuer:       /CN=2d81421acb578415465ecdec4581e895ebbfbc7f
Certificate serial:       0198994A10A4D1C2453F8D4C92EA127CAD10
Authority key identifier: 2D:81:42:1A:CB:57:84:15:46:5E:CD:EC:45:81:E8:95:EB:BF:BC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/2RLPKPvDSs3i2HR8_eugi8jwWnc.roa
Signing time:             Mon 11 Aug 2025 13:20:24 +0000
ROA not before:           Mon 11 Aug 2025 13:20:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        109.175.218.0/24 maxlen: 24
                          109.175.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:4a:10:a4:d1:c2:45:3f:8d:4c:92:ea:12:7c:ad:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d81421acb578415465ecdec4581e895ebbfbc7f
        Validity
            Not Before: Aug 11 13:20:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d912cf28fbc34acde2d8747cfdeba08bc8f05a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f8:10:50:bb:09:a8:de:b2:de:d0:16:54:a8:
                    f9:13:47:02:16:9b:3a:8d:a1:4a:cd:72:c8:64:61:
                    92:43:e8:5b:29:e4:05:eb:cb:5f:c4:6a:2f:f3:28:
                    ef:2b:73:5e:34:0c:41:73:20:7d:bf:51:65:25:58:
                    52:19:37:61:76:2f:f0:1f:3a:03:78:05:49:c6:37:
                    c9:e8:6c:81:dc:32:7a:88:95:3f:99:9b:90:5c:10:
                    38:61:e3:8e:b4:5e:af:d3:76:31:42:f6:4b:ce:a8:
                    c7:91:c8:ca:ca:85:c2:96:6e:fd:e5:8a:f9:9a:2e:
                    4f:2e:f2:a1:29:89:66:38:9a:08:c0:f6:ab:bd:7b:
                    74:1a:f1:27:f9:3b:57:95:09:5f:ab:13:e3:6a:e6:
                    a6:11:9f:1f:24:5a:8b:6d:a2:a0:7d:62:c3:d2:92:
                    ca:4a:d4:4f:85:b4:e8:dc:22:ba:7f:f6:87:8f:1b:
                    f5:de:a9:a7:c5:51:53:c4:aa:2e:a4:48:da:d5:72:
                    43:ed:99:9f:cc:ae:76:e3:6c:06:fa:9d:00:f6:d8:
                    5a:c8:44:eb:5b:be:b9:ef:12:23:04:e7:08:61:f6:
                    bb:e4:7b:dd:09:a2:2f:4d:d0:15:2d:9f:aa:ef:cb:
                    d5:8e:31:ec:84:fc:c4:88:d2:ff:0a:90:74:1f:7b:
                    f5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:12:CF:28:FB:C3:4A:CD:E2:D8:74:7C:FD:EB:A0:8B:C8:F0:5A:77
            X509v3 Authority Key Identifier:
                keyid:2D:81:42:1A:CB:57:84:15:46:5E:CD:EC:45:81:E8:95:EB:BF:BC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/2RLPKPvDSs3i2HR8_eugi8jwWnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.218.0/24
                  109.175.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ce:df:da:2c:18:80:2d:c1:79:e0:0d:a5:f7:c3:0c:d5:a0:
         62:5f:2e:5c:cd:ee:2f:34:f4:5f:c8:a9:f6:e4:e1:49:c6:4f:
         07:e3:3d:c2:67:a8:56:ce:6f:de:f3:af:a6:2d:34:d4:7f:93:
         30:7c:b7:48:83:27:b4:cc:1f:c6:73:48:f6:1d:66:4c:0c:15:
         64:80:43:68:fa:34:fa:ad:6e:43:5e:c3:d2:2e:c4:75:74:63:
         46:75:75:7c:55:7a:cf:61:42:c2:07:ba:42:ad:70:7c:32:28:
         0c:1d:6b:cf:70:4b:04:70:32:b0:3f:af:d8:86:bf:93:11:d3:
         8c:52:ab:cc:d4:57:02:c6:45:29:6b:ac:e1:e1:43:e0:aa:d9:
         55:b4:21:a1:cd:e6:86:85:e0:de:5e:c2:ab:b9:23:a1:e0:c5:
         c4:d3:33:f5:bc:65:1e:28:a7:92:1d:1b:74:9b:01:a6:ba:d4:
         f5:0e:6a:bd:1d:f2:fd:9d:51:39:83:92:a5:e0:8a:9f:da:6f:
         7e:ab:c9:fc:9e:de:d8:14:09:34:34:23:e4:d9:7b:54:f3:7b:
         6d:ae:9c:e1:84:43:42:c9:bb:ec:e1:0e:71:c6:8d:1b:af:3c:
         b6:0c:4d:cb:89:6b:b3:25:61:99:23:8c:bb:6c:1d:2d:a2:b8:
         60:ae:cb:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiZShCk0cJFP41MkuoSfK0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkODE0MjFhY2I1Nzg0MTU0NjVlY2RlYzQ1ODFlODk1ZWJi
ZmJjN2YwHhcNMjUwODExMTMyMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTEyY2YyOGZiYzM0YWNkZTJkODc0N2NmZGViYTA4YmM4ZjA1YTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgQULsJqN6y3tAWVKj5E0cCFps6
jaFKzXLIZGGSQ+hbKeQF68tfxGov8yjvK3NeNAxBcyB9v1FlJVhSGTdhdi/wHzoD
eAVJxjfJ6GyB3DJ6iJU/mZuQXBA4YeOOtF6v03YxQvZLzqjHkcjKyoXClm795Yr5
mi5PLvKhKYlmOJoIwParvXt0GvEn+TtXlQlfqxPjauamEZ8fJFqLbaKgfWLD0pLK
StRPhbTo3CK6f/aHjxv13qmnxVFTxKoupEja1XJD7ZmfzK5242wG+p0A9thayETr
W7657xIjBOcIYfa75HvdCaIvTdAVLZ+q78vVjjHshPzEiNL/CpB0H3v1iwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkSzyj7w0rN4th0fP3roIvI8Fp3MB8GA1UdIwQY
MBaAFC2BQhrLV4QVRl7N7EWB6JXrv7x/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFlGQ0dzdFhoQlZHWHMzc1JZSG9sZXVfdkg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zYjFkNWEtZmNjNi00YWUzLWEyYzgt
OTg0ZWVjM2Y3YTNlLzEvMlJMUEtQdkRTczNpMkhSOF9ldWdpOGp3V25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zYjFkNWEtZmNjNi00YWUzLWEyYzgtOTg0ZWVjM2Y3YTNl
LzEvTFlGQ0dzdFhoQlZHWHMzc1JZSG9sZXVfdkg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAba/aAwQA
ba/eMA0GCSqGSIb3DQEBCwUAA4IBAQCFzt/aLBiALcF54A2l98MM1aBiXy5cze4v
NPRfyKn25OFJxk8H4z3CZ6hWzm/e86+mLTTUf5MwfLdIgye0zB/Gc0j2HWZMDBVk
gENo+jT6rW5DXsPSLsR1dGNGdXV8VXrPYULCB7pCrXB8MigMHWvPcEsEcDKwP6/Y
hr+TEdOMUqvM1FcCxkUpa6zh4UPgqtlVtCGhzeaGheDeXsKruSOh4MXE0zP1vGUe
KKeSHRt0mwGmutT1Dmq9HfL9nVE5g5Kl4Iqf2m9+q8n8nt7YFAk0NCPk2XtU83tt
rpzhhENCybvs4Q5xxo0brzy2DE3LiWuzJWGZI4y7bB0torhgrssr
-----END CERTIFICATE-----