Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bzzTA149jxH2aAs1Hmk0Ldjl1ks.roa
File:                     bzzTA149jxH2aAs1Hmk0Ldjl1ks.roa (raw, json)
Hash identifier:          bGv5aLr8TUtk+IAQZ7NNfU+YAcCIl809hdZK242FBfM=
Subject key identifier:   6F:3C:D3:03:5E:3D:8F:11:F6:68:0B:35:1E:69:34:2D:D8:E5:D6:4B
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0199CC9F0820108F08F149E31CFB6EC160F7
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bzzTA149jxH2aAs1Hmk0Ldjl1ks.roa
Signing time:             Fri 10 Oct 2025 05:36:38 +0000
ROA not before:           Fri 10 Oct 2025 05:36:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        92.62.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cc:9f:08:20:10:8f:08:f1:49:e3:1c:fb:6e:c1:60:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Oct 10 05:36:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f3cd3035e3d8f11f6680b351e69342dd8e5d64b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7e:b5:19:7f:50:ad:8b:cc:d0:2d:94:78:93:
                    59:ca:e8:d9:e0:76:87:ad:4b:70:d8:d2:a4:42:36:
                    02:6b:02:9a:a5:4f:3a:f3:5c:bd:2a:32:73:9e:00:
                    76:85:26:f5:ba:76:ce:0e:60:ce:9c:f4:bb:1b:ba:
                    62:0c:3c:fa:a2:ba:75:a1:4a:75:a5:54:d2:10:73:
                    a2:4e:53:8f:86:2e:df:44:91:7a:02:75:f2:04:80:
                    9a:66:00:e8:ec:4c:62:aa:8e:51:8a:9e:b9:01:61:
                    84:88:ca:d7:7b:0c:78:5e:36:66:e9:1e:9c:2d:4d:
                    76:a3:43:fb:61:aa:f4:df:cf:0a:1b:7e:5d:bb:eb:
                    22:43:57:af:8c:3d:d1:f8:bd:ee:b8:8d:4f:4b:1f:
                    99:e2:16:04:e0:3e:27:cc:54:ed:31:96:50:58:d2:
                    38:47:00:0e:45:fa:42:c0:08:04:ee:00:57:e4:cd:
                    62:e2:89:15:37:0c:b5:f2:19:0f:57:05:2b:5f:cc:
                    55:15:2a:61:2e:3c:d9:29:9f:f6:a4:46:31:82:bf:
                    58:62:3b:6d:2b:29:de:be:ec:0b:14:22:cb:3f:f7:
                    eb:bb:1e:83:4f:ab:5b:20:eb:87:08:5c:bd:15:06:
                    84:c1:a1:cf:93:e4:f3:85:26:98:2f:dc:4a:60:bd:
                    c5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3C:D3:03:5E:3D:8F:11:F6:68:0B:35:1E:69:34:2D:D8:E5:D6:4B
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/bzzTA149jxH2aAs1Hmk0Ldjl1ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:6b:bd:cc:8f:f8:57:80:34:1c:12:cc:97:b1:b5:93:98:b8:
         ce:ec:94:d7:93:bc:e0:24:94:b3:b4:b6:1e:55:34:17:46:86:
         46:86:38:ef:29:4d:5d:cf:bf:eb:78:6a:b9:21:d3:f5:4b:91:
         8f:4e:96:bd:2f:38:2a:a5:2f:aa:eb:0f:42:40:bc:99:58:c1:
         2c:82:72:b4:52:01:c2:73:e4:95:5f:84:64:bf:0b:50:b4:64:
         65:df:2b:bf:16:db:8b:39:22:85:34:d2:d9:ae:49:22:f4:5d:
         cb:db:1d:b2:10:3f:96:2f:5b:b2:cb:ed:b1:4b:63:21:33:21:
         da:23:40:f7:f3:88:1b:b9:c1:83:fd:9f:be:99:a0:01:0d:e4:
         a0:28:97:33:cd:be:11:e2:53:28:ee:c8:23:7d:e5:35:08:db:
         5a:01:06:a5:8e:eb:e5:6c:6d:54:ad:49:8c:21:6a:3f:1c:5b:
         ab:33:4d:99:00:22:d0:cc:4d:c5:ca:da:6d:22:2a:3b:5d:13:
         5a:cf:b3:f8:db:8f:a2:09:62:c2:d3:06:5e:a6:ca:d7:53:1b:
         5d:8a:d6:d7:3f:be:cf:e3:da:a3:5d:c5:48:07:fd:3f:ee:a4:
         02:68:ed:b9:d8:1d:bc:13:53:a0:0a:a7:7c:db:2f:f5:63:b7:
         0f:4e:91:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnMnwggEI8I8UnjHPtuwWD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUxMDEwMDUzNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjNjZDMwMzVlM2Q4ZjExZjY2ODBiMzUxZTY5MzQyZGQ4ZTVkNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH61GX9QrYvM0C2UeJNZyujZ4HaH
rUtw2NKkQjYCawKapU8681y9KjJzngB2hSb1unbODmDOnPS7G7piDDz6orp1oUp1
pVTSEHOiTlOPhi7fRJF6AnXyBICaZgDo7Exiqo5Rip65AWGEiMrXewx4XjZm6R6c
LU12o0P7Yar0388KG35du+siQ1evjD3R+L3uuI1PSx+Z4hYE4D4nzFTtMZZQWNI4
RwAORfpCwAgE7gBX5M1i4okVNwy18hkPVwUrX8xVFSphLjzZKZ/2pEYxgr9YYjtt
KynevuwLFCLLP/frux6DT6tbIOuHCFy9FQaEwaHPk+TzhSaYL9xKYL3FkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG880wNePY8R9mgLNR5pNC3Y5dZLMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvYnp6VEExNDlqeEgyYUFzMUhtazBMZGpsMWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD79MA0G
CSqGSIb3DQEBCwUAA4IBAQAsa73Mj/hXgDQcEsyXsbWTmLjO7JTXk7zgJJSztLYe
VTQXRoZGhjjvKU1dz7/reGq5IdP1S5GPTpa9LzgqpS+q6w9CQLyZWMEsgnK0UgHC
c+SVX4RkvwtQtGRl3yu/FtuLOSKFNNLZrkki9F3L2x2yED+WL1uyy+2xS2MhMyHa
I0D384gbucGD/Z++maABDeSgKJczzb4R4lMo7sgjfeU1CNtaAQaljuvlbG1UrUmM
IWo/HFurM02ZACLQzE3FytptIio7XRNaz7P424+iCWLC0wZepsrXUxtditbXP77P
49qjXcVIB/0/7qQCaO252B28E1OgCqd82y/1Y7cPTpEO
-----END CERTIFICATE-----