Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/R62AVX9PSX_LR3e7BXrfaNWa-sk.roa
File:                     R62AVX9PSX_LR3e7BXrfaNWa-sk.roa (raw, json)
Hash identifier:          YzMi859O+qBTTC6gsM6vWbR1mp+LYP/rXN/pWI8xAyk=
Subject key identifier:   47:AD:80:55:7F:4F:49:7F:CB:47:77:BB:05:7A:DF:68:D5:9A:FA:C9
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019993CC96CB500BCBB0054A2869BB773892
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/R62AVX9PSX_LR3e7BXrfaNWa-sk.roa
Signing time:             Mon 29 Sep 2025 04:48:02 +0000
ROA not before:           Mon 29 Sep 2025 04:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        185.26.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:93:cc:96:cb:50:0b:cb:b0:05:4a:28:69:bb:77:38:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Sep 29 04:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47ad80557f4f497fcb4777bb057adf68d59afac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f6:b2:91:84:0e:f1:ac:10:a5:51:a0:50:32:
                    f0:5d:c0:c1:2d:fc:32:55:de:ee:7c:2e:c7:15:73:
                    9c:22:08:d1:f5:1e:78:d7:93:1f:a6:be:3c:d0:d5:
                    92:d2:75:8b:87:40:3c:62:c3:a8:1e:b9:62:30:e5:
                    83:43:12:fd:d7:5b:43:58:11:e6:8b:98:60:d6:e9:
                    fd:3a:6d:1a:67:42:f0:bd:26:fc:18:79:81:64:1a:
                    6b:64:f3:8c:e1:68:c8:cf:75:46:23:60:5a:f1:2f:
                    2a:f7:54:b4:c6:77:2d:e2:4e:1f:6b:70:42:fd:9a:
                    f5:19:0d:17:31:1c:2f:1b:08:94:03:e8:32:ee:9e:
                    d9:c1:45:51:48:5d:fa:fc:cb:17:cc:e7:da:aa:09:
                    76:11:e5:63:76:e8:f9:0c:0f:77:7f:90:f0:ed:28:
                    13:31:e2:c0:aa:a2:84:02:a5:60:a9:41:17:45:62:
                    16:b3:b6:1f:1b:57:a2:25:f4:20:97:35:d4:f4:18:
                    7a:d1:c1:97:fd:18:c6:07:67:cf:aa:7a:67:e6:bd:
                    1c:e2:ac:f9:47:a3:83:b0:c1:1e:a6:e5:fd:ba:11:
                    fa:71:2f:9e:27:fd:d2:a0:53:83:5a:34:68:fc:22:
                    9e:29:a4:4a:7d:eb:e7:97:b0:db:d3:ba:41:aa:2e:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:AD:80:55:7F:4F:49:7F:CB:47:77:BB:05:7A:DF:68:D5:9A:FA:C9
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/R62AVX9PSX_LR3e7BXrfaNWa-sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:17:d7:1d:94:ab:0a:66:ec:78:09:96:89:d0:bc:09:11:17:
         6c:0b:92:ff:33:e5:27:fc:bf:b4:fe:86:ad:24:b7:66:dd:96:
         14:96:30:ce:c9:ec:3d:7c:07:71:8f:37:4c:8b:3a:2c:5c:68:
         23:2d:db:ab:b7:e2:d4:d5:34:83:f8:14:9a:07:ce:93:1e:df:
         99:37:a4:2f:1b:10:a8:42:73:c7:a8:49:ff:3b:bd:2e:7e:6c:
         ea:5e:a0:c4:df:62:7e:57:d6:8b:85:59:43:2d:07:50:29:a7:
         0c:7d:32:65:fe:b0:16:cc:cb:85:02:58:ca:af:ba:2a:39:a1:
         96:22:65:04:e9:a0:88:49:0c:85:98:d2:9b:65:3f:4f:21:9f:
         97:7c:97:3f:16:d9:a9:b4:bc:e1:6d:d2:4d:70:46:f2:fa:fc:
         e1:fa:1f:cd:0a:b0:40:ef:69:39:a5:83:6f:d1:88:5a:e7:6a:
         b4:e2:c2:b7:be:f3:48:10:36:6b:4c:d3:92:b3:a7:62:24:59:
         8b:5e:de:5e:09:d9:3f:73:41:06:2b:f9:94:d0:18:90:dc:e4:
         52:42:d9:46:2d:eb:33:00:07:2f:3c:08:bb:9f:de:c1:5a:ea:
         1e:36:94:12:33:88:63:e4:61:85:7a:51:63:55:f9:0e:01:3c:
         33:9a:7a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmTzJbLUAvLsAVKKGm7dziSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwOTI5MDQ0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2FkODA1NTdmNGY0OTdmY2I0Nzc3YmIwNTdhZGY2OGQ1OWFmYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovaykYQO8awQpVGgUDLwXcDBLfwy
Vd7ufC7HFXOcIgjR9R5415Mfpr480NWS0nWLh0A8YsOoHrliMOWDQxL911tDWBHm
i5hg1un9Om0aZ0LwvSb8GHmBZBprZPOM4WjIz3VGI2Ba8S8q91S0xnct4k4fa3BC
/Zr1GQ0XMRwvGwiUA+gy7p7ZwUVRSF36/MsXzOfaqgl2EeVjduj5DA93f5Dw7SgT
MeLAqqKEAqVgqUEXRWIWs7YfG1eiJfQglzXU9Bh60cGX/RjGB2fPqnpn5r0c4qz5
R6ODsMEepuX9uhH6cS+eJ/3SoFODWjRo/CKeKaRKfevnl7Db07pBqi4+iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEetgFV/T0l/y0d3uwV632jVmvrJMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvUjYyQVZYOVBTWF9MUjNlN0JYcmZhTldhLXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRogMA0G
CSqGSIb3DQEBCwUAA4IBAQC8F9cdlKsKZux4CZaJ0LwJERdsC5L/M+Un/L+0/oat
JLdm3ZYUljDOyew9fAdxjzdMizosXGgjLdurt+LU1TSD+BSaB86THt+ZN6QvGxCo
QnPHqEn/O70ufmzqXqDE32J+V9aLhVlDLQdQKacMfTJl/rAWzMuFAljKr7oqOaGW
ImUE6aCISQyFmNKbZT9PIZ+XfJc/FtmptLzhbdJNcEby+vzh+h/NCrBA72k5pYNv
0Yha52q04sK3vvNIEDZrTNOSs6diJFmLXt5eCdk/c0EGK/mU0BiQ3ORSQtlGLesz
AAcvPAi7n97BWuoeNpQSM4hj5GGFelFjVfkOATwzmnqI
-----END CERTIFICATE-----