Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/3BnuyGrYylV5pRDx-7OQlGYPf_4.roa
File:                     3BnuyGrYylV5pRDx-7OQlGYPf_4.roa (raw, json)
Hash identifier:          Ek1qfu9Kb7LjB+XIljaaeiOiQASMiPVTgCEC1FBmvd4=
Subject key identifier:   DC:19:EE:C8:6A:D8:CA:55:79:A5:10:F1:FB:B3:90:94:66:0F:7F:FE
Certificate issuer:       /CN=fca1e4487cf8d4a2d961dd622f3e7501bdc24829
Certificate serial:       0199E9468CF5ECA51D32D42FBE3023E1B229
Authority key identifier: FC:A1:E4:48:7C:F8:D4:A2:D9:61:DD:62:2F:3E:75:01:BD:C2:48:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/3BnuyGrYylV5pRDx-7OQlGYPf_4.roa
Signing time:             Wed 15 Oct 2025 19:08:58 +0000
ROA not before:           Wed 15 Oct 2025 19:08:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        92.42.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e9:46:8c:f5:ec:a5:1d:32:d4:2f:be:30:23:e1:b2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca1e4487cf8d4a2d961dd622f3e7501bdc24829
        Validity
            Not Before: Oct 15 19:08:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc19eec86ad8ca5579a510f1fbb39094660f7ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:9a:5c:41:cd:51:26:a2:59:62:f8:c3:07:
                    73:54:f0:c7:13:a1:a1:1d:7f:3b:04:5e:37:80:7f:
                    26:f1:ad:29:6c:f6:9d:da:90:92:42:ae:cf:a0:4f:
                    ee:d0:45:b0:82:da:88:5f:67:60:e3:74:af:66:ae:
                    41:b5:45:5b:f8:67:e1:89:52:14:98:88:94:8d:b5:
                    ae:9f:40:c5:4d:79:0a:50:53:2d:45:80:01:66:93:
                    7f:3d:1c:e8:e5:db:cf:12:2e:15:bf:d9:c8:5e:47:
                    30:3f:15:4e:1f:ad:07:eb:49:40:74:68:0d:fb:6c:
                    f3:ab:b5:10:4b:4e:89:11:9c:a2:b8:5a:6d:64:64:
                    38:c6:e8:57:8b:1e:81:1d:74:86:bf:7b:81:3c:b7:
                    00:a8:d1:9d:e6:23:8d:13:6b:27:5f:6b:57:9b:59:
                    bc:31:fb:68:89:22:e4:11:cf:12:e3:a9:74:ea:42:
                    ac:2b:ca:ed:17:30:21:49:c5:ee:0c:39:8b:a0:aa:
                    fe:c7:7b:02:82:84:8e:95:12:2f:8f:3d:81:02:f0:
                    6a:52:35:ea:bb:27:f4:87:34:a9:44:5a:52:5c:9f:
                    6f:15:25:50:3b:1b:46:d1:ed:f8:76:d6:e2:ab:9b:
                    d3:9c:cf:8a:c4:43:99:17:16:90:fe:b5:ea:2b:d9:
                    f2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:19:EE:C8:6A:D8:CA:55:79:A5:10:F1:FB:B3:90:94:66:0F:7F:FE
            X509v3 Authority Key Identifier:
                keyid:FC:A1:E4:48:7C:F8:D4:A2:D9:61:DD:62:2F:3E:75:01:BD:C2:48:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KHkSHz41KLZYd1iLz51Ab3CSCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/3BnuyGrYylV5pRDx-7OQlGYPf_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/672974-72b1-44fd-826a-1e292c0e95f1/1/_KHkSHz41KLZYd1iLz51Ab3CSCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:87:99:84:d4:6d:64:40:c8:31:ed:87:75:94:b1:a1:22:6e:
         ac:50:e9:b2:43:b8:75:30:0d:03:3a:cb:33:fb:de:79:b4:04:
         0d:c2:2c:1a:fb:2e:bd:dc:3a:99:ce:8f:f2:1a:5c:70:69:1f:
         df:bb:8d:cc:ab:e5:64:80:e8:0c:ce:42:b4:28:4b:9a:0d:20:
         e8:b4:33:08:bc:a2:c4:1d:14:c0:03:9b:14:7c:ea:fe:2b:2e:
         af:a6:6a:2b:75:49:37:ca:e3:e4:3b:37:11:82:75:a2:ab:a8:
         3b:17:8d:a3:ed:10:66:d1:db:a2:5e:33:a5:c7:e3:e3:0a:7b:
         a2:95:11:6c:53:94:2a:04:34:67:4a:ad:39:59:0e:6d:11:36:
         60:10:e8:92:0f:1a:8b:a5:47:54:ce:63:d9:32:12:16:3f:9d:
         c8:c8:47:83:71:b7:30:2a:d6:da:94:6b:87:93:2a:63:e0:ad:
         de:26:3e:a3:61:ad:a1:3f:52:32:68:03:4a:2d:d2:4a:74:5d:
         2e:af:96:2f:cb:07:e3:e8:1e:29:34:05:01:00:98:42:fd:0b:
         a9:76:6a:5f:81:a9:06:4e:e0:a5:0e:0b:ef:15:5b:5f:61:f4:
         a7:5a:3c:a2:2a:90:4e:7d:91:07:68:3f:8d:a2:4b:66:e4:25:
         f9:84:9a:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnpRoz17KUdMtQvvjAj4bIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTFlNDQ4N2NmOGQ0YTJkOTYxZGQ2MjJmM2U3NTAxYmRj
MjQ4MjkwHhcNMjUxMDE1MTkwODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzE5ZWVjODZhZDhjYTU1NzlhNTEwZjFmYmIzOTA5NDY2MGY3ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyOaXEHNUSaiWWL4wwdzVPDHE6Gh
HX87BF43gH8m8a0pbPad2pCSQq7PoE/u0EWwgtqIX2dg43SvZq5BtUVb+GfhiVIU
mIiUjbWun0DFTXkKUFMtRYABZpN/PRzo5dvPEi4Vv9nIXkcwPxVOH60H60lAdGgN
+2zzq7UQS06JEZyiuFptZGQ4xuhXix6BHXSGv3uBPLcAqNGd5iONE2snX2tXm1m8
MftoiSLkEc8S46l06kKsK8rtFzAhScXuDDmLoKr+x3sCgoSOlRIvjz2BAvBqUjXq
uyf0hzSpRFpSXJ9vFSVQOxtG0e34dtbiq5vTnM+KxEOZFxaQ/rXqK9nyIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwZ7shq2MpVeaUQ8fuzkJRmD3/+MB8GA1UdIwQY
MBaAFPyh5Eh8+NSi2WHdYi8+dQG9wkgpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tIa1NIejQxS0xaWWQxaUx6NTFBYjNDU0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82NzI5NzQtNzJiMS00NGZkLTgyNmEt
MWUyOTJjMGU5NWYxLzEvM0JudXlHcll5bFY1cFJEeC03T1FsR1lQZl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82NzI5NzQtNzJiMS00NGZkLTgyNmEtMWUyOTJjMGU5NWYx
LzEvX0tIa1NIejQxS0xaWWQxaUx6NTFBYjNDU0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrKMA0G
CSqGSIb3DQEBCwUAA4IBAQBIh5mE1G1kQMgx7Yd1lLGhIm6sUOmyQ7h1MA0DOssz
+955tAQNwiwa+y693DqZzo/yGlxwaR/fu43Mq+VkgOgMzkK0KEuaDSDotDMIvKLE
HRTAA5sUfOr+Ky6vpmordUk3yuPkOzcRgnWiq6g7F42j7RBm0duiXjOlx+PjCnui
lRFsU5QqBDRnSq05WQ5tETZgEOiSDxqLpUdUzmPZMhIWP53IyEeDcbcwKtbalGuH
kypj4K3eJj6jYa2hP1IyaANKLdJKdF0ur5Yvywfj6B4pNAUBAJhC/QupdmpfgakG
TuClDgvvFVtfYfSnWjyiKpBOfZEHaD+Noktm5CX5hJr4
-----END CERTIFICATE-----