Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RQ2crOeOAZ1c0JiP0a-mcGtlHcM.roa
File:                     RQ2crOeOAZ1c0JiP0a-mcGtlHcM.roa (raw, json)
Hash identifier:          ZR9Fp42cxwAzYr2gVOkUq/pNM4R+mYX08YKosc+6MSc=
Subject key identifier:   45:0D:9C:AC:E7:8E:01:9D:5C:D0:98:8F:D1:AF:A6:70:6B:65:1D:C3
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01988AFDC98FFACC6B1A5FC4AAB5B927A15C
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RQ2crOeOAZ1c0JiP0a-mcGtlHcM.roa
Signing time:             Fri 08 Aug 2025 18:42:24 +0000
ROA not before:           Fri 08 Aug 2025 18:42:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        92.62.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8a:fd:c9:8f:fa:cc:6b:1a:5f:c4:aa:b5:b9:27:a1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug  8 18:42:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=450d9cace78e019d5cd0988fd1afa6706b651dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b0:0e:42:77:5e:74:3d:72:79:c7:4f:62:f6:
                    c1:dc:bc:7c:c3:e9:54:65:f0:19:84:55:45:d4:6d:
                    99:13:79:1a:bb:61:79:81:36:1b:00:9f:df:74:93:
                    f5:6e:44:ae:c0:a8:8e:3f:d1:a0:00:15:56:29:79:
                    b5:6b:b7:6a:e4:03:9e:00:86:5c:c6:5d:3d:a2:ef:
                    38:88:d6:24:2e:6e:ad:65:30:70:27:89:ac:e3:67:
                    72:80:a6:a3:5f:22:af:50:42:55:5c:48:c0:c9:26:
                    35:ff:e7:bc:3c:3c:00:39:69:7a:4e:63:d5:5b:06:
                    23:f4:fb:7f:a4:ae:5f:13:ff:8e:3b:90:5f:91:10:
                    56:53:8c:75:9a:49:d7:24:6c:dd:10:a9:b1:15:72:
                    f8:a5:87:0b:8c:2e:8f:e1:8c:cf:ed:ac:e5:c3:d3:
                    f6:fb:9d:b2:d3:ec:97:5f:71:4e:2f:a0:93:76:f6:
                    0a:54:de:57:82:fe:2e:e2:63:9a:ef:30:30:5f:4a:
                    92:df:df:b4:3b:70:2b:4a:28:c6:2d:3c:7d:81:06:
                    34:13:32:68:47:8a:a4:9e:59:a3:b7:9e:be:d5:d2:
                    bd:03:e6:91:08:fa:8f:d4:58:64:4f:46:31:12:de:
                    ec:bc:05:e2:90:17:d3:43:fe:a7:dc:e4:ec:41:42:
                    0b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0D:9C:AC:E7:8E:01:9D:5C:D0:98:8F:D1:AF:A6:70:6B:65:1D:C3
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RQ2crOeOAZ1c0JiP0a-mcGtlHcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c6:58:26:95:b6:86:72:57:dc:e6:62:51:cc:45:71:80:45:
         6c:19:35:8e:51:94:78:b0:5f:3b:14:97:b7:31:6e:72:34:48:
         21:9f:b9:f3:1b:1f:bf:13:64:25:af:93:8f:2c:f1:ec:a1:bf:
         bf:d0:19:cd:eb:f5:8f:fb:be:a8:cc:37:0c:55:ba:00:c2:11:
         c2:9c:1c:a7:ff:40:6c:99:9d:1a:df:d6:09:a3:c7:40:d7:ca:
         a4:33:c0:e6:d5:2d:31:8f:a2:1c:01:a3:ef:75:f9:77:19:e1:
         95:a5:34:88:3a:f2:aa:22:52:4e:01:72:15:b1:dd:49:85:02:
         41:29:2b:9f:a8:05:d5:86:fc:47:41:7c:04:53:d3:28:48:43:
         1d:83:e1:2b:0e:c6:28:3c:61:21:cd:ab:3f:90:d4:4a:91:47:
         a5:bb:81:67:24:84:d7:09:8a:fa:40:68:a3:17:28:9b:13:d4:
         de:25:ae:f2:f8:e6:57:04:8a:ee:d8:09:39:ac:46:a8:33:db:
         63:2f:70:f8:7d:97:b6:c1:03:23:71:b3:7f:a3:3e:9d:f9:f7:
         8d:84:ec:40:96:df:c1:cf:fa:03:15:53:e3:05:eb:2e:7a:51:
         c5:2e:5b:36:82:41:ae:bf:a8:9c:89:b2:a0:c3:6e:da:cf:a2:
         8e:59:5e:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiK/cmP+sxrGl/EqrW5J6FcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwODA4MTg0MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBkOWNhY2U3OGUwMTlkNWNkMDk4OGZkMWFmYTY3MDZiNjUxZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27AOQndedD1yecdPYvbB3Lx8w+lU
ZfAZhFVF1G2ZE3kau2F5gTYbAJ/fdJP1bkSuwKiOP9GgABVWKXm1a7dq5AOeAIZc
xl09ou84iNYkLm6tZTBwJ4ms42dygKajXyKvUEJVXEjAySY1/+e8PDwAOWl6TmPV
WwYj9Pt/pK5fE/+OO5BfkRBWU4x1mknXJGzdEKmxFXL4pYcLjC6P4YzP7azlw9P2
+52y0+yXX3FOL6CTdvYKVN5Xgv4u4mOa7zAwX0qS39+0O3ArSijGLTx9gQY0EzJo
R4qknlmjt56+1dK9A+aRCPqP1FhkT0YxEt7svAXikBfTQ/6n3OTsQUIL8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUNnKznjgGdXNCYj9GvpnBrZR3DMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUlEyY3JPZU9BWjFjMEppUDBhLW1jR3RsSGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD72MA0G
CSqGSIb3DQEBCwUAA4IBAQCaxlgmlbaGclfc5mJRzEVxgEVsGTWOUZR4sF87FJe3
MW5yNEghn7nzGx+/E2Qlr5OPLPHsob+/0BnN6/WP+76ozDcMVboAwhHCnByn/0Bs
mZ0a39YJo8dA18qkM8Dm1S0xj6IcAaPvdfl3GeGVpTSIOvKqIlJOAXIVsd1JhQJB
KSufqAXVhvxHQXwEU9MoSEMdg+ErDsYoPGEhzas/kNRKkUelu4FnJITXCYr6QGij
FyibE9TeJa7y+OZXBIru2Ak5rEaoM9tjL3D4fZe2wQMjcbN/oz6d+feNhOxAlt/B
z/oDFVPjBesuelHFLls2gkGuv6icibKgw27az6KOWV7J
-----END CERTIFICATE-----