Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8UiaGcKZZcSvThOWGtPXFC0GbP0.roa
File:                     8UiaGcKZZcSvThOWGtPXFC0GbP0.roa (raw, json)
Hash identifier:          QmbEbgGGf7PLuQ8N6Zth9LOKK9P++mzuGI0guAVkPhw=
Subject key identifier:   F1:48:9A:19:C2:99:65:C4:AF:4E:13:96:1A:D3:D7:14:2D:06:6C:FD
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0199D8C6E792762B24A32258414EED9A4917
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8UiaGcKZZcSvThOWGtPXFC0GbP0.roa
Signing time:             Sun 12 Oct 2025 14:15:38 +0000
ROA not before:           Sun 12 Oct 2025 14:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        92.62.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d8:c6:e7:92:76:2b:24:a3:22:58:41:4e:ed:9a:49:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Oct 12 14:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1489a19c29965c4af4e13961ad3d7142d066cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:af:d3:e2:95:b2:49:2f:8d:59:21:4c:5e:d5:
                    fb:b3:58:12:cf:ee:22:ac:b5:38:dd:98:65:7b:d7:
                    84:23:d4:89:f1:2b:b4:e8:ad:82:71:a2:fa:7f:95:
                    6e:b2:14:a1:fb:5d:52:b3:5a:57:2a:47:21:f1:ca:
                    9a:e3:b0:29:53:34:32:9c:70:d7:8f:d3:ae:1c:24:
                    d4:8c:2a:e0:f5:a6:05:4e:a4:7f:a5:a9:c4:26:7e:
                    57:ce:c2:3e:1d:b6:98:f1:c8:cd:65:08:c1:45:f0:
                    ef:c6:c7:13:45:7b:b3:cf:d4:4e:88:24:7b:b8:ae:
                    6b:f0:07:e7:66:08:37:46:61:4e:ca:78:aa:0c:66:
                    b0:b7:e2:7d:69:77:0d:86:c4:c6:6c:22:94:78:5b:
                    a8:db:62:43:2b:a9:8d:cc:d1:62:d4:f3:5d:57:86:
                    1d:24:ed:80:b9:a6:3f:8a:45:9d:c3:4a:e9:6e:d3:
                    dd:85:3d:db:08:b5:38:01:bd:94:67:e2:4d:ca:d1:
                    06:41:e7:50:d6:a5:72:c2:10:bb:3b:bd:f4:bd:9e:
                    d0:af:c0:c3:e2:9a:b2:fd:5b:97:93:77:3b:c5:1b:
                    d4:46:6f:e3:dc:65:65:c4:4a:3f:cf:61:82:3b:cd:
                    bf:fd:7d:7f:4c:e8:bc:ed:ee:85:35:d6:90:96:48:
                    7d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:48:9A:19:C2:99:65:C4:AF:4E:13:96:1A:D3:D7:14:2D:06:6C:FD
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8UiaGcKZZcSvThOWGtPXFC0GbP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:73:71:07:d7:82:c6:af:98:2b:85:ff:71:e0:d6:e1:2a:44:
         70:20:34:f0:7f:7c:fa:e7:9d:c2:f0:ea:2c:9e:9a:26:bd:35:
         aa:82:b6:8f:78:98:c8:2b:17:77:5e:55:b9:d2:d9:1c:14:3c:
         fc:89:03:d9:f7:be:7d:df:a9:9d:d4:6e:9a:b3:76:ce:e7:89:
         6d:76:9e:bd:a8:57:a2:67:59:73:a3:b1:10:4d:5a:be:68:6f:
         78:a4:4e:59:d4:04:58:9d:11:d3:99:95:c3:2d:b4:42:7a:52:
         e9:98:42:4f:70:f0:36:fc:2b:40:84:40:8a:73:c5:61:c3:a0:
         ae:5d:be:3f:18:60:d2:79:02:64:2a:d2:7c:b5:c7:50:de:4d:
         87:aa:70:4a:bf:8e:3f:72:d8:01:8b:50:32:61:19:5a:57:4d:
         33:c6:e8:0a:15:da:6d:64:02:d2:b9:8e:dc:d2:25:17:da:74:
         9e:76:1f:66:af:de:66:f8:54:e2:76:24:f6:78:8f:d5:fe:52:
         74:cc:85:0a:57:24:29:0b:36:78:f7:67:2a:d1:e8:95:ea:5e:
         d5:5c:89:6a:4d:75:f2:a3:d0:e2:cb:55:66:d7:63:26:5f:35:
         c2:88:3c:e6:32:d2:7a:63:a6:6e:2e:f2:77:b1:ab:51:c5:6a:
         94:25:2d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnYxueSdiskoyJYQU7tmkkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUxMDEyMTQxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQ4OWExOWMyOTk2NWM0YWY0ZTEzOTYxYWQzZDcxNDJkMDY2Y2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja/T4pWySS+NWSFMXtX7s1gSz+4i
rLU43Zhle9eEI9SJ8Su06K2CcaL6f5VushSh+11Ss1pXKkch8cqa47ApUzQynHDX
j9OuHCTUjCrg9aYFTqR/panEJn5XzsI+HbaY8cjNZQjBRfDvxscTRXuzz9ROiCR7
uK5r8AfnZgg3RmFOyniqDGawt+J9aXcNhsTGbCKUeFuo22JDK6mNzNFi1PNdV4Yd
JO2AuaY/ikWdw0rpbtPdhT3bCLU4Ab2UZ+JNytEGQedQ1qVywhC7O730vZ7Qr8DD
4pqy/VuXk3c7xRvURm/j3GVlxEo/z2GCO82//X1/TOi87e6FNdaQlkh9DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFImhnCmWXEr04TlhrT1xQtBmz9MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvOFVpYUdjS1paY1N2VGhPV0d0UFhGQzBHYlAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD72MA0G
CSqGSIb3DQEBCwUAA4IBAQBSc3EH14LGr5grhf9x4NbhKkRwIDTwf3z6553C8Oos
npomvTWqgraPeJjIKxd3XlW50tkcFDz8iQPZ975936md1G6as3bO54ltdp69qFei
Z1lzo7EQTVq+aG94pE5Z1ARYnRHTmZXDLbRCelLpmEJPcPA2/CtAhECKc8Vhw6Cu
Xb4/GGDSeQJkKtJ8tcdQ3k2HqnBKv44/ctgBi1AyYRlaV00zxugKFdptZALSuY7c
0iUX2nSedh9mr95m+FTidiT2eI/V/lJ0zIUKVyQpCzZ492cq0eiV6l7VXIlqTXXy
o9Diy1Vm12MmXzXCiDzmMtJ6Y6ZuLvJ3satRxWqUJS3h
-----END CERTIFICATE-----