Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/zwLlwIImiPwFnO9JiTIl87LVjLA.roa
File:                     zwLlwIImiPwFnO9JiTIl87LVjLA.roa (raw, json)
Hash identifier:          sjKdUMw14Wvb+Na/NnXsaFKkGsO/QUwOy8YrrPOrC3w=
Subject key identifier:   CF:02:E5:C0:82:26:88:FC:05:9C:EF:49:89:32:25:F3:B2:D5:8C:B0
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019972CA97516CB946B9D0258476EC47CDA5
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/zwLlwIImiPwFnO9JiTIl87LVjLA.roa
Signing time:             Mon 22 Sep 2025 18:58:23 +0000
ROA not before:           Mon 22 Sep 2025 18:58:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56409
IP address blocks:        92.118.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:ca:97:51:6c:b9:46:b9:d0:25:84:76:ec:47:cd:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Sep 22 18:58:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf02e5c0822688fc059cef49893225f3b2d58cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7e:a5:54:41:d9:19:2d:c9:a5:ab:54:d8:8e:
                    9c:16:60:82:41:87:75:d8:17:a7:74:75:47:5e:58:
                    e9:34:12:37:1e:d1:c0:88:25:a7:ec:72:83:00:71:
                    00:de:38:f8:76:ce:6f:d2:0a:52:d3:6a:16:8e:2e:
                    28:b4:f7:be:00:9d:36:a6:c3:c8:eb:5f:dc:de:22:
                    bc:0d:4b:3d:09:54:c5:df:0e:eb:43:74:cb:23:6e:
                    58:cd:13:7c:2e:a0:80:96:3f:c7:f3:86:23:0a:31:
                    44:22:52:f2:7b:4d:38:77:ae:d6:d1:0e:31:ae:70:
                    37:80:66:78:24:e3:d2:d3:d1:db:64:28:1c:af:ec:
                    c9:d6:7d:70:e6:33:db:91:ba:bc:c6:30:a7:58:8c:
                    1d:7e:e0:29:21:62:d3:a0:60:bd:4f:e3:3f:c4:aa:
                    66:bd:9b:96:9b:9a:53:57:aa:c2:2f:73:c7:4b:37:
                    b2:bc:11:01:0d:05:ac:50:36:64:62:03:a5:62:66:
                    ef:59:d6:07:ff:0e:fc:51:44:b9:f9:e0:89:3e:b5:
                    ab:9f:0d:c7:ba:55:95:44:7d:a0:09:5a:1d:05:df:
                    17:84:78:d0:6d:46:63:fe:91:6d:80:d6:85:58:77:
                    c2:17:62:f4:a8:f5:83:0c:1a:2c:db:2b:67:f2:f8:
                    ac:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:02:E5:C0:82:26:88:FC:05:9C:EF:49:89:32:25:F3:B2:D5:8C:B0
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/zwLlwIImiPwFnO9JiTIl87LVjLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:65:13:4f:54:fa:94:c5:eb:c2:81:b4:43:6e:d3:96:cb:b2:
         03:8c:bc:ea:fd:1d:de:2f:2a:1d:79:50:63:ec:cb:17:6c:1c:
         8f:c6:e2:d8:a6:39:9d:59:c7:a2:58:17:5d:4a:38:51:6e:ed:
         d5:c3:c0:6c:80:f5:91:73:e4:b1:90:ea:1f:ed:34:f9:34:67:
         a7:13:10:90:cc:8e:4f:9c:55:a0:5f:19:d7:cc:e1:17:88:03:
         38:26:a5:5b:b5:32:1e:67:92:03:34:c9:ce:92:04:50:c6:26:
         52:a6:33:dd:8d:5a:2a:97:50:69:94:70:c4:72:cf:bc:8a:59:
         68:c1:f8:1b:e1:dd:cc:62:40:90:1c:5d:fa:61:f2:36:85:e0:
         3d:45:12:54:a3:eb:ea:62:20:d0:a4:06:96:eb:85:1a:d6:f3:
         32:ee:b4:bb:f3:22:c9:8a:78:4c:8e:1a:81:a8:13:99:3f:40:
         a7:d8:8a:fa:e2:1f:59:fa:36:7b:9a:6a:9b:ed:58:1f:6e:ef:
         4a:12:1f:f6:4f:84:2a:c2:69:5e:d3:32:31:0a:b2:c3:3b:9a:
         54:2f:73:20:14:ef:6f:fc:ee:20:68:62:ad:01:b8:1c:2c:7f:
         98:37:03:cc:49:90:bf:e8:ea:1a:b8:f8:9a:b8:95:c7:d4:05:
         1e:7f:f5:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlyypdRbLlGudAlhHbsR82lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwOTIyMTg1ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjAyZTVjMDgyMjY4OGZjMDU5Y2VmNDk4OTMyMjVmM2IyZDU4Y2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX6lVEHZGS3JpatU2I6cFmCCQYd1
2BendHVHXljpNBI3HtHAiCWn7HKDAHEA3jj4ds5v0gpS02oWji4otPe+AJ02psPI
61/c3iK8DUs9CVTF3w7rQ3TLI25YzRN8LqCAlj/H84YjCjFEIlLye004d67W0Q4x
rnA3gGZ4JOPS09HbZCgcr+zJ1n1w5jPbkbq8xjCnWIwdfuApIWLToGC9T+M/xKpm
vZuWm5pTV6rCL3PHSzeyvBEBDQWsUDZkYgOlYmbvWdYH/w78UUS5+eCJPrWrnw3H
ulWVRH2gCVodBd8XhHjQbUZj/pFtgNaFWHfCF2L0qPWDDBos2ytn8viscQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8C5cCCJoj8BZzvSYkyJfOy1YywMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvendMbHdJSW1pUHdGbk85SmlUSWw4N0xWakxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHarMA0G
CSqGSIb3DQEBCwUAA4IBAQChZRNPVPqUxevCgbRDbtOWy7IDjLzq/R3eLyodeVBj
7MsXbByPxuLYpjmdWceiWBddSjhRbu3Vw8BsgPWRc+SxkOof7TT5NGenExCQzI5P
nFWgXxnXzOEXiAM4JqVbtTIeZ5IDNMnOkgRQxiZSpjPdjVoql1BplHDEcs+8illo
wfgb4d3MYkCQHF36YfI2heA9RRJUo+vqYiDQpAaW64Ua1vMy7rS78yLJinhMjhqB
qBOZP0Cn2Ir64h9Z+jZ7mmqb7Vgfbu9KEh/2T4Qqwmle0zIxCrLDO5pUL3MgFO9v
/O4gaGKtAbgcLH+YNwPMSZC/6OoauPiauJXH1AUef/We
-----END CERTIFICATE-----