Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/cOWXDby_VAjDBm-QNXyxFV15NYc.roa
File:                     cOWXDby_VAjDBm-QNXyxFV15NYc.roa (raw, json)
Hash identifier:          d23wa4ZI6ixe2JTopJ8C5Bi1Ca40n6+Q2pIZccoLoNY=
Subject key identifier:   70:E5:97:0D:BC:BF:54:08:C3:06:6F:90:35:7C:B1:15:5D:79:35:87
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01987DDB1F2DD424465488E9F4A2CFA6095B
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/cOWXDby_VAjDBm-QNXyxFV15NYc.roa
Signing time:             Wed 06 Aug 2025 05:29:29 +0000
ROA not before:           Wed 06 Aug 2025 05:29:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        92.62.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7d:db:1f:2d:d4:24:46:54:88:e9:f4:a2:cf:a6:09:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug  6 05:29:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70e5970dbcbf5408c3066f90357cb1155d793587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4c:d0:06:eb:be:e9:92:76:9a:69:ae:67:b3:
                    0a:7e:5d:39:f1:c6:6f:a7:c8:84:6e:64:64:3d:60:
                    77:11:09:95:a6:f4:3c:61:8a:9b:26:4e:f7:40:4d:
                    10:78:0c:f6:ac:34:e8:55:87:9e:09:c4:d4:5d:b6:
                    d1:1e:c8:1e:b5:ba:24:0b:52:1e:ac:90:f0:86:f0:
                    51:6b:4f:24:b8:7d:46:cd:3e:b1:76:99:bc:28:45:
                    ae:ff:a0:a6:1e:49:0a:3a:a3:2b:af:4e:a1:c8:b1:
                    a8:ac:e6:c3:9d:b7:64:84:10:06:e4:79:1c:c8:73:
                    4a:0f:fb:29:a6:89:4c:13:4e:ba:94:e0:70:df:8e:
                    ec:17:cb:cb:6e:99:bb:11:b5:ae:5d:17:11:62:5b:
                    91:ba:81:26:d7:58:9f:3f:84:dc:1e:27:58:63:3c:
                    00:f6:e8:52:32:96:02:e7:61:b2:f1:1e:43:4d:27:
                    2b:c8:ed:c1:8b:b7:b9:be:e3:99:90:b5:fd:66:ff:
                    f4:02:32:4f:c1:43:d2:06:86:e0:91:5a:61:55:a6:
                    3e:39:36:cb:a7:8e:e4:cb:6a:c6:b2:d2:3b:b1:24:
                    a9:d7:43:82:92:01:8d:d2:88:3f:93:06:0c:fe:ff:
                    79:90:f0:77:c5:65:2a:0a:2d:c2:3f:e8:7f:c7:76:
                    3c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E5:97:0D:BC:BF:54:08:C3:06:6F:90:35:7C:B1:15:5D:79:35:87
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/cOWXDby_VAjDBm-QNXyxFV15NYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:5a:ae:82:24:48:98:86:51:d1:f3:ad:64:4d:cf:d8:03:6e:
         16:10:c8:73:96:65:3f:7d:62:b5:86:1f:64:0f:0e:15:a1:1b:
         22:a7:29:9f:87:23:8a:89:ba:5b:b9:76:22:ef:70:6c:da:79:
         03:64:b2:ff:14:5e:8f:74:ae:d7:f9:85:58:86:28:c0:8c:de:
         e5:15:3d:84:82:63:dd:09:92:0d:c9:11:1a:e1:ad:45:05:a4:
         ff:b9:cb:0b:63:91:08:cd:b0:63:ff:88:28:3e:31:d7:fe:50:
         6a:7e:70:12:cc:c9:6d:78:15:c1:bb:a1:eb:9b:03:7f:92:08:
         9d:9d:5c:06:f2:8e:18:e7:b5:cc:d0:a3:0e:68:bd:a1:c8:0d:
         f3:26:3b:8f:89:9c:33:33:19:ea:98:51:b2:11:ba:47:8c:b5:
         1b:2e:da:20:3c:7f:19:50:3a:66:0f:f0:41:32:da:7b:db:cd:
         b3:d9:1f:54:29:df:de:c2:31:4d:45:5f:dd:ec:6b:45:51:82:
         4f:d4:15:53:a9:32:00:6a:33:ba:6a:73:32:f1:da:52:42:3d:
         f3:58:1c:cd:f9:87:83:74:b8:d9:0c:79:11:99:39:54:7b:cb:
         97:d8:bb:5a:ed:06:69:04:4e:2e:40:35:e6:42:97:74:7c:14:
         ac:26:44:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh92x8t1CRGVIjp9KLPpglbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwODA2MDUyOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU1OTcwZGJjYmY1NDA4YzMwNjZmOTAzNTdjYjExNTVkNzkzNTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUzQBuu+6ZJ2mmmuZ7MKfl058cZv
p8iEbmRkPWB3EQmVpvQ8YYqbJk73QE0QeAz2rDToVYeeCcTUXbbRHsgetbokC1Ie
rJDwhvBRa08kuH1GzT6xdpm8KEWu/6CmHkkKOqMrr06hyLGorObDnbdkhBAG5Hkc
yHNKD/sppolME066lOBw347sF8vLbpm7EbWuXRcRYluRuoEm11ifP4TcHidYYzwA
9uhSMpYC52Gy8R5DTScryO3Bi7e5vuOZkLX9Zv/0AjJPwUPSBobgkVphVaY+OTbL
p47ky2rGstI7sSSp10OCkgGN0og/kwYM/v95kPB3xWUqCi3CP+h/x3Y8+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDllw28v1QIwwZvkDV8sRVdeTWHMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvY09XWERieV9WQWpEQm0tUU5YeXhGVjE1TlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD78MA0G
CSqGSIb3DQEBCwUAA4IBAQAMWq6CJEiYhlHR861kTc/YA24WEMhzlmU/fWK1hh9k
Dw4VoRsipymfhyOKibpbuXYi73Bs2nkDZLL/FF6PdK7X+YVYhijAjN7lFT2EgmPd
CZINyREa4a1FBaT/ucsLY5EIzbBj/4goPjHX/lBqfnASzMlteBXBu6HrmwN/kgid
nVwG8o4Y57XM0KMOaL2hyA3zJjuPiZwzMxnqmFGyEbpHjLUbLtogPH8ZUDpmD/BB
Mtp7282z2R9UKd/ewjFNRV/d7GtFUYJP1BVTqTIAajO6anMy8dpSQj3zWBzN+YeD
dLjZDHkRmTlUe8uX2Lta7QZpBE4uQDXmQpd0fBSsJkSJ
-----END CERTIFICATE-----