Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ppxFq9FW6SgGwTgswwgo7MDMvCo.roa
File:                     ppxFq9FW6SgGwTgswwgo7MDMvCo.roa (raw, json)
Hash identifier:          GQrvIoWgSDHR2ZCWnUNN0M92xgtqibSSA7BIT9UwD8k=
Subject key identifier:   A6:9C:45:AB:D1:56:E9:28:06:C1:38:2C:C3:08:28:EC:C0:CC:BC:2A
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019DF8CA7972A3971C1D6EFDB123ACEF3607
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ppxFq9FW6SgGwTgswwgo7MDMvCo.roa
Signing time:             Tue 05 May 2026 15:38:32 +0000
ROA not before:           Tue 05 May 2026 15:38:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47272
IP address blocks:        92.62.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:ca:79:72:a3:97:1c:1d:6e:fd:b1:23:ac:ef:36:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May  5 15:38:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a69c45abd156e92806c1382cc30828ecc0ccbc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fe:04:12:e7:83:ce:34:64:5d:42:c6:62:34:
                    18:e2:11:0d:89:a3:e5:da:2c:be:14:cd:cd:f2:ef:
                    e8:fd:86:2c:95:87:4c:63:5d:6c:b4:cd:a5:14:6c:
                    6c:7e:9b:9a:9e:99:79:b7:06:23:31:68:69:fb:25:
                    3b:97:0b:8b:5e:ff:0d:19:c2:f2:29:5a:69:93:4e:
                    7b:88:5c:09:14:d1:33:c2:9d:95:88:d4:39:fa:4d:
                    65:58:e8:88:a2:4a:61:12:f7:e8:c3:85:46:8d:f5:
                    da:f8:f4:db:fb:c5:a5:58:c9:19:ee:35:cc:8b:d6:
                    95:4e:9d:b7:b9:38:ab:c5:f6:aa:27:c1:e7:2f:96:
                    4e:92:21:f1:90:3f:1f:db:28:01:9e:eb:ae:55:c3:
                    a3:3b:8b:98:95:6b:8b:92:75:34:69:e4:f5:45:b3:
                    b3:ab:48:8b:03:30:f8:29:05:4b:5e:13:f9:2e:a8:
                    d5:94:11:b0:72:f3:15:72:1e:a9:06:f5:9a:45:b9:
                    8d:8f:4b:9a:4d:70:65:89:05:1d:dd:bf:da:bf:9d:
                    92:24:93:59:af:2b:56:5d:30:62:ec:a6:a8:e1:75:
                    e1:d7:3f:89:f3:98:9b:04:0d:23:3c:2d:6e:a5:4e:
                    74:cd:58:b5:1c:36:7a:72:10:ef:b7:28:53:5f:6d:
                    24:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:9C:45:AB:D1:56:E9:28:06:C1:38:2C:C3:08:28:EC:C0:CC:BC:2A
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ppxFq9FW6SgGwTgswwgo7MDMvCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:41:4e:2e:07:fa:79:bd:5f:17:34:e8:a5:91:06:6e:c1:57:
         11:14:55:7d:ee:16:79:66:99:69:fe:5d:51:d6:12:3e:0e:79:
         56:44:bf:36:13:7e:41:3a:b0:1f:6c:46:27:ba:ac:58:80:95:
         05:cd:b8:0a:35:19:82:91:ee:00:61:6e:00:0c:1f:67:22:ee:
         ed:71:18:0e:0f:37:44:05:f3:8f:25:d0:2d:37:ac:01:5a:1d:
         c2:d2:db:a5:19:94:ca:3f:df:0e:b7:7e:13:6d:ca:66:bc:0e:
         72:6b:c7:a4:6c:58:ae:aa:e7:0b:80:78:4f:97:7f:77:7b:35:
         47:a9:93:6e:3a:17:44:89:b8:10:fe:42:4c:69:39:a2:05:ff:
         bc:84:c6:10:b9:0d:06:b4:b1:9a:19:4f:6d:04:e9:8b:c0:ea:
         c1:6f:a1:14:b8:af:4d:86:79:f1:34:cb:79:2e:6f:f6:07:83:
         bc:d9:0e:9b:d9:18:6f:56:92:90:05:16:81:6a:68:f8:7d:cc:
         f9:18:5a:13:b8:33:3c:2a:32:04:4b:f9:e1:7d:05:8e:a8:be:
         de:78:24:a4:5e:e4:3e:5c:90:ef:f4:d8:94:f8:a2:d8:91:5c:
         51:c8:b8:74:ae:d0:8a:63:b3:f8:10:86:bb:51:f3:ad:7a:dd:
         7e:6e:d1:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34ynlyo5ccHW79sSOs7zYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNTA1MTUzODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjljNDVhYmQxNTZlOTI4MDZjMTM4MmNjMzA4MjhlY2MwY2NiYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP4EEueDzjRkXULGYjQY4hENiaPl
2iy+FM3N8u/o/YYslYdMY11stM2lFGxsfpuanpl5twYjMWhp+yU7lwuLXv8NGcLy
KVppk057iFwJFNEzwp2ViNQ5+k1lWOiIokphEvfow4VGjfXa+PTb+8WlWMkZ7jXM
i9aVTp23uTirxfaqJ8HnL5ZOkiHxkD8f2ygBnuuuVcOjO4uYlWuLknU0aeT1RbOz
q0iLAzD4KQVLXhP5LqjVlBGwcvMVch6pBvWaRbmNj0uaTXBliQUd3b/av52SJJNZ
rytWXTBi7Kao4XXh1z+J85ibBA0jPC1upU50zVi1HDZ6chDvtyhTX20kQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKacRavRVukoBsE4LMMIKOzAzLwqMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvcHB4RnE5Rlc2U2dHd1Rnc3d3Z283TURNdkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7yMA0G
CSqGSIb3DQEBCwUAA4IBAQDFQU4uB/p5vV8XNOilkQZuwVcRFFV97hZ5Zplp/l1R
1hI+DnlWRL82E35BOrAfbEYnuqxYgJUFzbgKNRmCke4AYW4ADB9nIu7tcRgODzdE
BfOPJdAtN6wBWh3C0tulGZTKP98Ot34TbcpmvA5ya8ekbFiuqucLgHhPl393ezVH
qZNuOhdEibgQ/kJMaTmiBf+8hMYQuQ0GtLGaGU9tBOmLwOrBb6EUuK9NhnnxNMt5
Lm/2B4O82Q6b2RhvVpKQBRaBamj4fcz5GFoTuDM8KjIES/nhfQWOqL7eeCSkXuQ+
XJDv9NiU+KLYkVxRyLh0rtCKY7P4EIa7UfOtet1+btHa
-----END CERTIFICATE-----