Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/LUZuaBg79dIsS49OjD0lOYRx6WI.roa
File:                     LUZuaBg79dIsS49OjD0lOYRx6WI.roa (raw, json)
Hash identifier:          v0D4l90748oOxXUPlzJQ4Ifkz4PFxH9/jO6hptgWgns=
Subject key identifier:   2D:46:6E:68:18:3B:F5:D2:2C:4B:8F:4E:8C:3D:25:39:84:71:E9:62
Certificate issuer:       /CN=af1eee22c5015363118a71d26a9463dc9374ba28
Certificate serial:       0199B5205B31198F42742AA6CDEC741760F4
Authority key identifier: AF:1E:EE:22:C5:01:53:63:11:8A:71:D2:6A:94:63:DC:93:74:BA:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rx7uIsUBU2MRinHSapRj3JN0uig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/LUZuaBg79dIsS49OjD0lOYRx6WI.roa
Signing time:             Sun 05 Oct 2025 16:07:00 +0000
ROA not before:           Sun 05 Oct 2025 16:07:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212177
IP address blocks:        80.75.219.0/24 maxlen: 24
                          2a03:f980::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/rx7uIsUBU2MRinHSapRj3JN0uig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/rx7uIsUBU2MRinHSapRj3JN0uig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rx7uIsUBU2MRinHSapRj3JN0uig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b5:20:5b:31:19:8f:42:74:2a:a6:cd:ec:74:17:60:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af1eee22c5015363118a71d26a9463dc9374ba28
        Validity
            Not Before: Oct  5 16:07:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d466e68183bf5d22c4b8f4e8c3d25398471e962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:04:4e:9f:ad:86:62:77:6c:fe:e4:ec:67:4e:
                    5a:32:94:a3:2e:9a:7c:98:c6:6b:b1:a6:fe:23:aa:
                    46:53:8f:f4:1f:c4:3c:aa:1a:d8:5a:ea:9f:16:3a:
                    8d:40:66:b9:ab:2d:8b:13:2f:00:07:2c:fe:37:91:
                    de:ff:da:38:b7:54:01:b1:0c:f0:1e:66:f3:38:4b:
                    78:84:78:6d:f6:79:99:d4:59:a6:71:cf:4d:00:a9:
                    e9:56:b1:45:d4:3d:a1:32:ef:2f:c8:20:91:66:d8:
                    5c:ce:6a:56:e1:5a:6a:f6:7f:6c:47:c1:3c:1e:bf:
                    ff:c8:23:6b:cd:75:2e:c0:d0:32:55:45:a5:77:c6:
                    73:a6:f0:21:1d:b7:cd:d2:ca:4a:fd:98:0a:4f:7c:
                    3f:90:10:e3:af:05:cf:69:df:cc:6c:3a:6a:55:1a:
                    e4:95:aa:cf:23:48:11:15:56:53:69:53:4f:a6:13:
                    a9:ab:4a:9b:b0:9b:b1:82:f2:66:d4:44:49:b2:48:
                    f6:e6:47:8a:36:4f:e5:4d:14:d9:e3:c8:0b:11:f5:
                    07:86:87:c2:c2:55:59:50:94:81:23:56:65:6d:4f:
                    13:35:5b:a1:1c:e8:ae:9e:d1:9b:c8:3f:d5:88:b9:
                    f3:2b:a2:12:23:94:58:bd:ea:32:a4:63:78:29:aa:
                    87:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:46:6E:68:18:3B:F5:D2:2C:4B:8F:4E:8C:3D:25:39:84:71:E9:62
            X509v3 Authority Key Identifier:
                keyid:AF:1E:EE:22:C5:01:53:63:11:8A:71:D2:6A:94:63:DC:93:74:BA:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rx7uIsUBU2MRinHSapRj3JN0uig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/LUZuaBg79dIsS49OjD0lOYRx6WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fdc2f4-2222-4f1b-a5e5-b2178ef2f82f/1/rx7uIsUBU2MRinHSapRj3JN0uig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.219.0/24
                IPv6:
                  2a03:f980::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:87:53:c1:08:8c:3f:6c:3b:d9:de:68:9e:c1:99:0b:9e:b6:
         d4:fd:17:41:dd:30:e3:79:2e:c6:dd:87:09:f8:b9:54:4e:1c:
         a1:16:bf:d3:c4:33:e3:ab:a1:71:4d:98:9b:3f:bc:5d:d4:c9:
         b6:af:ac:0a:cb:0b:6d:e7:9f:f5:ae:66:0d:22:f4:58:f9:79:
         e2:c8:ab:4c:b8:35:58:6a:66:2e:9e:ad:0a:6a:c2:26:86:d3:
         d2:d8:96:eb:91:c7:9d:e2:54:58:2d:c0:f1:f5:53:0a:cb:b8:
         60:fd:08:33:09:4a:aa:be:7a:02:7e:7e:dc:e6:b0:03:3c:0d:
         37:7b:ee:53:db:e0:66:e4:3a:81:0e:e1:de:c0:11:4f:f2:4b:
         82:97:29:fc:18:18:e7:2d:94:ac:f6:37:23:06:09:88:1e:e1:
         3d:ea:20:71:db:68:0e:78:e3:49:73:1b:52:9c:d0:e8:77:bd:
         11:54:18:b5:7e:1d:9f:43:b6:e8:07:19:c7:8e:45:f3:81:91:
         e1:3f:4a:33:ab:48:e8:25:cc:0b:3b:52:fd:10:f6:19:c1:e4:
         05:ab:84:fb:82:ed:19:20:d6:fd:4a:5e:05:2a:db:3e:ec:7b:
         f4:22:06:55:60:c9:bc:31:03:67:c5:21:e5:a4:69:cb:d2:46:
         0b:3e:fe:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZm1IFsxGY9CdCqmzex0F2D0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMWVlZTIyYzUwMTUzNjMxMThhNzFkMjZhOTQ2M2RjOTM3
NGJhMjgwHhcNMjUxMDA1MTYwNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQ2NmU2ODE4M2JmNWQyMmM0YjhmNGU4YzNkMjUzOTg0NzFlOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAROn62GYnds/uTsZ05aMpSjLpp8
mMZrsab+I6pGU4/0H8Q8qhrYWuqfFjqNQGa5qy2LEy8AByz+N5He/9o4t1QBsQzw
HmbzOEt4hHht9nmZ1Fmmcc9NAKnpVrFF1D2hMu8vyCCRZthczmpW4Vpq9n9sR8E8
Hr//yCNrzXUuwNAyVUWld8ZzpvAhHbfN0spK/ZgKT3w/kBDjrwXPad/MbDpqVRrk
larPI0gRFVZTaVNPphOpq0qbsJuxgvJm1ERJskj25keKNk/lTRTZ48gLEfUHhofC
wlVZUJSBI1ZlbU8TNVuhHOiuntGbyD/ViLnzK6ISI5RYveoypGN4KaqHawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC1GbmgYO/XSLEuPTow9JTmEceliMB8GA1UdIwQY
MBaAFK8e7iLFAVNjEYpx0mqUY9yTdLooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcng3dUlzVUJVMk1SaW5IU2FwUmozSk4wdWlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mZGMyZjQtMjIyMi00ZjFiLWE1ZTUt
YjIxNzhlZjJmODJmLzEvTFVadWFCZzc5ZElzUzQ5T2pEMGxPWVJ4NldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mZGMyZjQtMjIyMi00ZjFiLWE1ZTUtYjIxNzhlZjJmODJm
LzEvcng3dUlzVUJVMk1SaW5IU2FwUmozSk4wdWlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUEvbMA0E
AgACMAcDBQMqA/mAMA0GCSqGSIb3DQEBCwUAA4IBAQBBh1PBCIw/bDvZ3miewZkL
nrbU/RdB3TDjeS7G3YcJ+LlUThyhFr/TxDPjq6FxTZibP7xd1Mm2r6wKywtt55/1
rmYNIvRY+XniyKtMuDVYamYunq0KasImhtPS2Jbrkced4lRYLcDx9VMKy7hg/Qgz
CUqqvnoCfn7c5rADPA03e+5T2+Bm5DqBDuHewBFP8kuClyn8GBjnLZSs9jcjBgmI
HuE96iBx22gOeONJcxtSnNDod70RVBi1fh2fQ7boBxnHjkXzgZHhP0ozq0joJcwL
O1L9EPYZweQFq4T7gu0ZINb9Sl4FKts+7Hv0IgZVYMm8MQNnxSHlpGnL0kYLPv5g
-----END CERTIFICATE-----