Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/EnzizIDwaqisiYlqmmlt8YCsE4o.roa
File:                     EnzizIDwaqisiYlqmmlt8YCsE4o.roa (raw, json)
Hash identifier:          9KfPR2jxj+JDGRkZgCqnWwUp/4VMkozYEOGyfpxvJyI=
Subject key identifier:   12:7C:E2:CC:80:F0:6A:A8:AC:89:89:6A:9A:69:6D:F1:80:AC:13:8A
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CFC03222CBBC30502578BFF00D557526E
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/EnzizIDwaqisiYlqmmlt8YCsE4o.roa
Signing time:             Tue 17 Mar 2026 13:36:29 +0000
ROA not before:           Tue 17 Mar 2026 13:36:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        92.62.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:03:22:2c:bb:c3:05:02:57:8b:ff:00:d5:57:52:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar 17 13:36:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=127ce2cc80f06aa8ac89896a9a696df180ac138a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9c:9e:f3:78:9a:0c:5b:32:54:45:5e:1f:72:
                    60:d0:e6:36:b5:9a:3a:ad:38:f7:94:74:65:d5:fa:
                    28:56:25:d3:8e:db:87:c7:af:b3:e8:90:dc:81:d1:
                    f0:99:81:85:3a:98:6a:3a:27:60:99:fd:ce:be:75:
                    6d:cd:18:10:cf:a3:86:ba:ca:d2:8c:e4:c2:10:f0:
                    23:da:97:76:78:af:54:d6:fb:45:c3:84:18:32:43:
                    c6:ca:b1:2a:76:45:46:d2:21:0b:6a:a9:5c:ce:8d:
                    98:ef:83:a0:16:9f:b7:88:ab:43:27:26:c5:38:e1:
                    00:39:b2:82:e8:28:15:7b:1c:79:6c:c3:99:32:3a:
                    c8:1a:c0:cb:18:31:41:10:72:19:d5:f8:a9:96:fe:
                    9b:f8:4a:d8:8d:be:4e:9e:04:e7:ab:41:db:8b:b6:
                    cf:0b:83:22:7d:11:cc:b2:b1:86:ee:7b:67:29:5f:
                    b7:17:b3:48:19:21:30:4f:16:b5:0e:a2:3e:f2:4a:
                    50:9f:49:a3:96:25:49:aa:69:09:f1:91:95:e8:0b:
                    5c:98:49:2f:b0:7a:c5:b9:c3:2e:d3:36:3b:0a:d0:
                    24:2f:f8:b6:2f:4d:e8:09:91:a5:4b:83:91:06:53:
                    eb:72:9b:3b:d9:7a:ee:62:a1:31:92:26:42:3d:27:
                    29:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:7C:E2:CC:80:F0:6A:A8:AC:89:89:6A:9A:69:6D:F1:80:AC:13:8A
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/EnzizIDwaqisiYlqmmlt8YCsE4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:4d:20:a6:8a:c6:7f:b0:73:6d:32:00:87:07:d5:e1:1e:3c:
         09:bc:a8:0f:69:bb:14:9a:c6:7c:26:5c:94:a9:5c:10:f6:38:
         16:a9:d7:35:64:df:c8:cb:2d:da:de:66:c9:d7:bf:2b:c9:3d:
         a1:76:7d:12:ea:b5:09:fe:51:62:e1:33:7f:7c:6c:10:51:13:
         95:85:49:2a:df:6e:4f:2d:b8:b7:98:23:dd:11:3e:25:4e:b3:
         84:6d:30:54:a1:0b:d2:12:8e:be:3a:d5:6a:6a:52:23:c8:f7:
         20:9a:fb:45:13:81:c1:5d:72:5b:e2:cb:e6:ef:81:b4:bb:06:
         87:64:3e:78:e1:96:fc:1a:4d:c3:07:65:4b:f8:f2:53:31:80:
         9d:ef:53:3a:e7:2e:2f:09:42:2e:9d:20:57:35:89:af:d9:2c:
         6b:86:27:96:83:26:1b:14:14:6c:24:eb:59:cf:d3:d8:35:14:
         46:14:bf:35:4d:7c:18:41:a7:8d:62:79:53:a4:09:2f:b0:6b:
         22:ed:f8:7a:98:f7:20:01:bf:07:47:75:4d:59:11:72:0a:c5:
         c4:71:21:75:e4:7e:e6:c1:22:be:7f:1e:16:0a:d7:53:09:27:
         6f:9d:67:82:da:ba:4b:6c:50:44:68:b0:39:6e:5a:12:d2:e8:
         7e:34:75:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8AyIsu8MFAleL/wDVV1JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzE3MTMzNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjdjZTJjYzgwZjA2YWE4YWM4OTg5NmE5YTY5NmRmMTgwYWMxMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupye83iaDFsyVEVeH3Jg0OY2tZo6
rTj3lHRl1fooViXTjtuHx6+z6JDcgdHwmYGFOphqOidgmf3OvnVtzRgQz6OGusrS
jOTCEPAj2pd2eK9U1vtFw4QYMkPGyrEqdkVG0iELaqlczo2Y74OgFp+3iKtDJybF
OOEAObKC6CgVexx5bMOZMjrIGsDLGDFBEHIZ1fiplv6b+ErYjb5OngTnq0Hbi7bP
C4MifRHMsrGG7ntnKV+3F7NIGSEwTxa1DqI+8kpQn0mjliVJqmkJ8ZGV6AtcmEkv
sHrFucMu0zY7CtAkL/i2L03oCZGlS4ORBlPrcps72XruYqExkiZCPScpbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJ84syA8GqorImJapppbfGArBOKMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvRW56aXpJRHdhcWlzaVlscW1tbHQ4WUNzRTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD75MA0G
CSqGSIb3DQEBCwUAA4IBAQDITSCmisZ/sHNtMgCHB9XhHjwJvKgPabsUmsZ8JlyU
qVwQ9jgWqdc1ZN/Iyy3a3mbJ178ryT2hdn0S6rUJ/lFi4TN/fGwQUROVhUkq325P
Lbi3mCPdET4lTrOEbTBUoQvSEo6+OtVqalIjyPcgmvtFE4HBXXJb4svm74G0uwaH
ZD544Zb8Gk3DB2VL+PJTMYCd71M65y4vCUIunSBXNYmv2SxrhieWgyYbFBRsJOtZ
z9PYNRRGFL81TXwYQaeNYnlTpAkvsGsi7fh6mPcgAb8HR3VNWRFyCsXEcSF15H7m
wSK+fx4WCtdTCSdvnWeC2rpLbFBEaLA5bloS0uh+NHV0
-----END CERTIFICATE-----