Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lDJ0tBkYNDQ3v2XQA0Ilkajf8O8.roa
File:                     lDJ0tBkYNDQ3v2XQA0Ilkajf8O8.roa (raw, json)
Hash identifier:          3LVdBBDFLxsP4HLTjG4uW+kuxd2W3OxKcvWWIM3boOk=
Subject key identifier:   94:32:74:B4:19:18:34:34:37:BF:65:D0:03:42:25:91:A8:DF:F0:EF
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0198BE0C7630BF345EB38C609C88B654DF51
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lDJ0tBkYNDQ3v2XQA0Ilkajf8O8.roa
Signing time:             Mon 18 Aug 2025 16:39:04 +0000
ROA not before:           Mon 18 Aug 2025 16:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        213.145.66.0/24 maxlen: 24
                          213.145.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:be:0c:76:30:bf:34:5e:b3:8c:60:9c:88:b6:54:df:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Aug 18 16:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=943274b41918343437bf65d003422591a8dff0ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:f3:fa:4a:4a:d8:ef:9f:5c:34:e3:7a:21:
                    e8:85:44:82:57:25:a1:8a:d2:63:d7:2f:1b:89:a0:
                    10:a3:d0:7b:1b:e0:a2:5a:14:91:4e:ee:ff:d7:79:
                    35:ec:e8:23:0a:74:0a:ce:15:d2:19:9e:3d:d7:56:
                    0c:d1:32:e2:13:6d:fb:b7:27:8f:f9:d0:90:fa:ae:
                    1d:8e:6b:ef:ad:db:92:4d:1a:f0:89:3f:91:0b:ea:
                    7a:5a:05:77:58:cc:02:9a:5e:85:f0:68:47:c3:45:
                    34:85:d0:45:d1:2e:9d:0a:c2:64:9c:a9:b3:51:d3:
                    68:ec:f5:f6:58:53:ea:26:95:b1:af:07:8a:30:32:
                    62:60:2c:f9:9d:e9:48:61:78:e7:cb:cc:90:bd:09:
                    93:0a:91:c6:1c:05:27:fb:42:1c:83:c8:38:3d:a2:
                    9a:48:8e:05:47:81:c1:11:ab:d6:a4:c5:39:7c:15:
                    df:07:37:64:81:f9:37:ef:a9:06:64:4e:0d:0e:c6:
                    f0:30:21:b5:e2:17:f1:ed:e1:12:4d:31:08:93:7d:
                    c7:62:3a:a1:e1:f9:6e:0b:28:fc:14:e5:f1:5a:e5:
                    a7:35:79:fc:22:12:83:e6:20:f1:e7:66:4f:30:22:
                    16:8c:55:fe:29:b0:f7:fb:5a:1b:90:40:12:ab:5a:
                    36:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:32:74:B4:19:18:34:34:37:BF:65:D0:03:42:25:91:A8:DF:F0:EF
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lDJ0tBkYNDQ3v2XQA0Ilkajf8O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.66.0/24
                  213.145.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:c0:a1:83:b1:81:3d:06:e3:dd:aa:fa:24:5c:96:d8:29:66:
         a7:a7:28:18:8e:19:0f:34:9f:c8:2a:36:09:8a:3f:e1:ec:22:
         fd:58:a7:6a:01:a4:66:ee:4d:64:9d:73:95:6c:dd:22:0f:78:
         97:7a:0e:76:c3:ef:da:a7:d9:ca:88:41:79:dd:2d:7b:49:e0:
         54:94:57:42:02:b0:65:0f:47:38:f0:af:73:db:98:90:b4:15:
         76:04:cc:b1:38:e1:50:a5:74:86:bd:9d:87:ca:d6:40:1b:d5:
         73:08:77:b5:77:d3:9a:37:86:17:62:18:76:f0:6f:0f:89:7a:
         27:0c:e5:d2:7d:c7:95:0e:d0:f8:2b:0a:cc:d2:82:62:1f:e7:
         c5:f7:f8:b8:7c:e4:83:f9:43:31:34:90:c0:a6:12:34:83:09:
         96:f2:45:4e:2e:79:3b:b2:ba:5c:d6:76:9e:a6:9b:fd:2d:52:
         bb:3b:7f:73:90:28:98:3f:7f:c0:cb:df:37:24:da:e9:37:2c:
         85:03:d8:fb:9e:6e:13:35:b5:6f:cd:14:00:97:20:70:f6:f1:
         42:1a:46:c7:a4:12:be:5a:3a:28:15:f9:18:68:d2:6d:ef:f3:
         2c:0a:5a:d7:92:da:93:db:78:d1:6a:e3:25:ac:f8:78:73:e0:
         7c:2e:69:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZi+DHYwvzRes4xgnIi2VN9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwODE4MTYzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMyNzRiNDE5MTgzNDM0MzdiZjY1ZDAwMzQyMjU5MWE4ZGZmMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZPz+kpK2O+fXDTjeiHohUSCVyWh
itJj1y8biaAQo9B7G+CiWhSRTu7/13k17OgjCnQKzhXSGZ4911YM0TLiE237tyeP
+dCQ+q4djmvvrduSTRrwiT+RC+p6WgV3WMwCml6F8GhHw0U0hdBF0S6dCsJknKmz
UdNo7PX2WFPqJpWxrweKMDJiYCz5nelIYXjny8yQvQmTCpHGHAUn+0Icg8g4PaKa
SI4FR4HBEavWpMU5fBXfBzdkgfk376kGZE4NDsbwMCG14hfx7eESTTEIk33HYjqh
4fluCyj8FOXxWuWnNXn8IhKD5iDx52ZPMCIWjFX+KbD3+1obkEASq1o2lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJQydLQZGDQ0N79l0ANCJZGo3/DvMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvbERKMHRCa1lORFEzdjJYUUEwSWxrYWpmOE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1ZFCAwQA
1ZFHMA0GCSqGSIb3DQEBCwUAA4IBAQDHwKGDsYE9BuPdqvokXJbYKWanpygYjhkP
NJ/IKjYJij/h7CL9WKdqAaRm7k1knXOVbN0iD3iXeg52w+/ap9nKiEF53S17SeBU
lFdCArBlD0c48K9z25iQtBV2BMyxOOFQpXSGvZ2HytZAG9VzCHe1d9OaN4YXYhh2
8G8PiXonDOXSfceVDtD4KwrM0oJiH+fF9/i4fOSD+UMxNJDAphI0gwmW8kVOLnk7
srpc1naeppv9LVK7O39zkCiYP3/Ay983JNrpNyyFA9j7nm4TNbVvzRQAlyBw9vFC
GkbHpBK+WjooFfkYaNJt7/MsClrXktqT23jRauMlrPh4c+B8Lmk5
-----END CERTIFICATE-----