Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/LrE2frxOXcAoeq_ZVzCqNTXk33M.roa
File:                     LrE2frxOXcAoeq_ZVzCqNTXk33M.roa (raw, json)
Hash identifier:          mwK8Mh8KOX9KMr5MZyXTGGmMVq9yTgz6tm3vdRw+NkY=
Subject key identifier:   2E:B1:36:7E:BC:4E:5D:C0:28:7A:AF:D9:57:30:AA:35:35:E4:DF:73
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0199E24C09CFE194548188B8F30B61E03E15
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/LrE2frxOXcAoeq_ZVzCqNTXk33M.roa
Signing time:             Tue 14 Oct 2025 10:37:38 +0000
ROA not before:           Tue 14 Oct 2025 10:37:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199785
IP address blocks:        213.21.236.0/24 maxlen: 24
                          213.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:4c:09:cf:e1:94:54:81:88:b8:f3:0b:61:e0:3e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Oct 14 10:37:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2eb1367ebc4e5dc0287aafd95730aa3535e4df73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:16:b1:03:c4:ec:e1:0e:4c:d8:32:30:91:e2:
                    84:5b:b5:23:b3:3a:70:80:74:a1:14:12:5a:8f:13:
                    01:b8:a7:de:2e:5a:02:a3:66:ce:a7:51:d0:8f:fa:
                    34:7e:f3:42:f0:d8:40:df:32:a3:d7:a0:ee:97:71:
                    b8:47:95:32:fc:95:9a:c3:19:e1:8b:f4:42:18:da:
                    ba:29:0a:5f:88:61:74:2e:5e:1d:5b:3d:41:67:3a:
                    f9:1e:7e:51:41:20:58:ec:c7:ef:7d:cf:42:43:df:
                    d3:18:14:29:72:d7:4d:fc:e5:21:30:c0:cc:7a:7d:
                    03:10:9e:cd:12:09:14:cc:11:ee:29:c4:7b:e3:fc:
                    92:94:b8:6f:56:30:50:da:69:38:98:e8:1b:57:a0:
                    37:5d:d2:e1:4b:2f:b5:d7:1d:40:2a:2b:e4:aa:1f:
                    ac:a0:83:ae:12:ff:00:5a:2d:f8:45:bc:3e:d9:a4:
                    ad:c0:ec:e3:e0:33:40:97:8f:98:80:68:05:93:9f:
                    b6:5b:68:d7:ae:f4:80:35:3c:a0:9b:a3:a5:80:04:
                    29:db:19:dc:21:b7:c1:5e:03:5f:20:d5:72:aa:25:
                    79:64:a0:a2:34:d3:1c:27:84:12:a2:f3:78:27:26:
                    a8:af:14:6a:dd:eb:4b:02:7d:d6:c6:ec:ba:71:4d:
                    fb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B1:36:7E:BC:4E:5D:C0:28:7A:AF:D9:57:30:AA:35:35:E4:DF:73
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/LrE2frxOXcAoeq_ZVzCqNTXk33M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.236.0/24
                  213.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:87:a6:c5:2d:86:82:2e:71:b1:37:f1:78:66:4f:0d:1d:96:
         89:2d:da:d4:22:e1:1a:0a:4e:b1:a6:46:1c:c0:9c:95:84:c0:
         21:c1:0e:79:82:f1:e6:07:95:cd:b8:a7:1a:79:d5:6b:6b:4a:
         a5:74:68:99:77:bc:4d:5c:6b:87:be:f7:aa:af:93:ec:63:6f:
         48:bd:28:e8:92:83:14:bb:1c:85:91:d4:08:86:8f:d3:b8:1c:
         19:9e:d6:b1:5b:47:2e:09:6d:c8:3b:11:87:8b:66:86:87:c6:
         3a:b7:89:53:6f:4c:4f:ac:3a:d3:5c:ee:47:0d:f9:1d:6c:e7:
         1c:68:05:50:ff:8e:c1:e0:cb:36:f7:58:6a:3e:75:75:fc:65:
         46:73:91:7f:ff:7c:ef:16:96:20:46:01:c5:07:18:fe:fa:38:
         dd:a4:c2:ce:0b:09:9a:4b:d4:33:73:49:9c:ec:f8:30:2f:18:
         7a:7b:bc:ee:0b:cd:10:51:d4:0b:2d:de:69:45:30:36:ab:b5:
         29:32:0c:84:ef:98:f6:4a:31:72:72:8f:48:f4:36:af:90:b5:
         4a:2d:16:d1:6f:3b:64:15:91:2d:51:c4:d3:cf:47:30:97:5b:
         56:6f:d7:15:27:61:84:dc:22:f5:fc:05:da:ed:be:49:b3:ea:
         f9:ab:a0:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZniTAnP4ZRUgYi48wth4D4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUxMDE0MTAzNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWIxMzY3ZWJjNGU1ZGMwMjg3YWFmZDk1NzMwYWEzNTM1ZTRkZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBaxA8Ts4Q5M2DIwkeKEW7Ujszpw
gHShFBJajxMBuKfeLloCo2bOp1HQj/o0fvNC8NhA3zKj16Dul3G4R5Uy/JWawxnh
i/RCGNq6KQpfiGF0Ll4dWz1BZzr5Hn5RQSBY7Mfvfc9CQ9/TGBQpctdN/OUhMMDM
en0DEJ7NEgkUzBHuKcR74/ySlLhvVjBQ2mk4mOgbV6A3XdLhSy+11x1AKivkqh+s
oIOuEv8AWi34Rbw+2aStwOzj4DNAl4+YgGgFk5+2W2jXrvSANTygm6OlgAQp2xnc
IbfBXgNfINVyqiV5ZKCiNNMcJ4QSovN4JyaorxRq3etLAn3Wxuy6cU37nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC6xNn68Tl3AKHqv2VcwqjU15N9zMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvTHJFMmZyeE9YY0FvZXFfWlZ6Q3FOVFhrMzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXsAwQA
1RX9MA0GCSqGSIb3DQEBCwUAA4IBAQBgh6bFLYaCLnGxN/F4Zk8NHZaJLdrUIuEa
Ck6xpkYcwJyVhMAhwQ55gvHmB5XNuKcaedVra0qldGiZd7xNXGuHvveqr5PsY29I
vSjokoMUuxyFkdQIho/TuBwZntaxW0cuCW3IOxGHi2aGh8Y6t4lTb0xPrDrTXO5H
DfkdbOccaAVQ/47B4Ms291hqPnV1/GVGc5F//3zvFpYgRgHFBxj++jjdpMLOCwma
S9Qzc0mc7PgwLxh6e7zuC80QUdQLLd5pRTA2q7UpMgyE75j2SjFyco9I9DavkLVK
LRbRbztkFZEtUcTTz0cwl1tWb9cVJ2GE3CL1/AXa7b5Js+r5q6D4
-----END CERTIFICATE-----