Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/l8tQ2a5tsC_IJvBiOOKTO7iciYc.roa
File:                     l8tQ2a5tsC_IJvBiOOKTO7iciYc.roa (raw, json)
Hash identifier:          FqDmWsqzwjKQGSt2+UDF+KtQhIfiLbYX+aE348a2xzY=
Subject key identifier:   97:CB:50:D9:AE:6D:B0:2F:C8:26:F0:62:38:E2:93:3B:B8:9C:89:87
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       01999FD641E6947890C481B3E8935A579C37
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/l8tQ2a5tsC_IJvBiOOKTO7iciYc.roa
Signing time:             Wed 01 Oct 2025 12:54:02 +0000
ROA not before:           Wed 01 Oct 2025 12:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43197
IP address blocks:        62.89.208.0/22 maxlen: 24
                          62.89.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:d6:41:e6:94:78:90:c4:81:b3:e8:93:5a:57:9c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Oct  1 12:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97cb50d9ae6db02fc826f06238e2933bb89c8987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fb:2e:57:c8:0d:1d:94:2f:ba:fc:6c:e4:01:
                    d3:43:5a:d8:96:19:68:c7:a3:8f:88:d4:5a:21:2a:
                    36:59:76:65:4c:0f:20:18:5c:fb:68:6d:e5:91:45:
                    e4:c2:e6:b5:43:61:6b:42:ae:a4:d3:b8:ba:da:38:
                    f7:18:83:18:f5:04:63:1e:df:0c:aa:31:04:ff:8c:
                    7f:fd:00:da:75:e0:49:bf:69:d0:6b:32:30:a2:62:
                    a5:b3:cd:bc:00:f1:29:f2:04:45:9d:e4:1b:0c:47:
                    b3:d9:ac:b8:76:24:ca:1d:ec:bb:ce:64:d8:85:75:
                    cb:4c:7e:1e:c6:2a:2e:25:37:b4:bb:db:2d:d8:0d:
                    21:8d:66:10:a4:78:ec:10:81:9f:9b:ea:cf:f3:fc:
                    0a:17:6b:2d:e5:2b:f1:53:72:33:c7:93:d8:14:55:
                    49:f7:bb:a9:11:82:b4:79:4e:5f:5f:ac:88:61:83:
                    ac:7a:67:d2:f4:b3:3d:e7:77:be:09:49:23:ab:e8:
                    4e:27:f2:40:64:e2:7f:e6:e9:a7:61:ef:cc:49:51:
                    af:cb:e1:00:24:c2:b6:73:ed:e0:d6:f2:b1:87:f5:
                    96:20:01:b4:f6:c8:26:4d:2c:e5:be:9e:76:d7:87:
                    3f:33:b3:b6:16:0f:30:b4:3b:e7:82:ff:f5:12:e3:
                    1c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CB:50:D9:AE:6D:B0:2F:C8:26:F0:62:38:E2:93:3B:B8:9C:89:87
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/l8tQ2a5tsC_IJvBiOOKTO7iciYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.208.0/22
                  62.89.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:15:45:fd:21:1c:90:95:0d:86:a8:ef:19:a0:ac:31:c1:3f:
         01:aa:17:7f:7c:1e:d1:73:5b:99:3a:77:0f:3c:21:eb:4c:d0:
         4f:68:7f:ef:05:f7:aa:b8:a8:6b:a7:c3:a8:77:64:1b:dd:08:
         ac:b8:3b:2b:90:78:ff:e9:18:46:b1:c2:be:03:53:90:a9:33:
         3f:58:aa:cb:1c:5a:8f:90:b1:cb:43:66:72:62:92:79:8d:94:
         2b:68:39:55:34:64:39:3d:8d:b2:e5:65:dd:24:e5:3e:0c:91:
         79:92:b4:08:aa:69:ed:24:8a:86:e9:7f:dd:97:2d:08:85:01:
         47:39:7d:a0:c5:28:f4:b3:53:f8:28:72:bd:31:a9:87:33:81:
         cc:66:4d:95:0b:87:72:70:e2:55:41:f9:02:f1:d2:86:9d:8a:
         9c:0a:70:c5:c1:70:2b:db:1e:95:86:30:f6:17:48:5a:f7:6b:
         fe:75:a2:0e:5c:6c:f0:1f:89:5f:63:e7:c5:9e:58:78:1b:d3:
         6f:2d:30:29:fa:a6:f3:f9:ba:7e:e0:c8:27:a5:de:d3:36:38:
         e8:df:2f:0b:78:3e:bd:04:aa:2d:6e:90:84:4c:be:bb:29:7f:
         fb:a2:53:28:b3:21:8a:5f:56:d0:5f:77:41:01:23:6c:c0:74:
         78:ce:86:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmf1kHmlHiQxIGz6JNaV5w3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUxMDAxMTI1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NiNTBkOWFlNmRiMDJmYzgyNmYwNjIzOGUyOTMzYmI4OWM4OTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/suV8gNHZQvuvxs5AHTQ1rYlhlo
x6OPiNRaISo2WXZlTA8gGFz7aG3lkUXkwua1Q2FrQq6k07i62jj3GIMY9QRjHt8M
qjEE/4x//QDadeBJv2nQazIwomKls828APEp8gRFneQbDEez2ay4diTKHey7zmTY
hXXLTH4exiouJTe0u9st2A0hjWYQpHjsEIGfm+rP8/wKF2st5SvxU3Izx5PYFFVJ
97upEYK0eU5fX6yIYYOsemfS9LM953e+CUkjq+hOJ/JAZOJ/5umnYe/MSVGvy+EA
JMK2c+3g1vKxh/WWIAG09sgmTSzlvp5214c/M7O2Fg8wtDvngv/1EuMcAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJfLUNmubbAvyCbwYjjikzu4nImHMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvbDh0UTJhNXRzQ19JSnZCaU9PS1RPN2ljaVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCPlnQAwQC
PlncMA0GCSqGSIb3DQEBCwUAA4IBAQAqFUX9IRyQlQ2GqO8ZoKwxwT8Bqhd/fB7R
c1uZOncPPCHrTNBPaH/vBfequKhrp8Ood2Qb3QisuDsrkHj/6RhGscK+A1OQqTM/
WKrLHFqPkLHLQ2ZyYpJ5jZQraDlVNGQ5PY2y5WXdJOU+DJF5krQIqmntJIqG6X/d
ly0IhQFHOX2gxSj0s1P4KHK9MamHM4HMZk2VC4dycOJVQfkC8dKGnYqcCnDFwXAr
2x6VhjD2F0ha92v+daIOXGzwH4lfY+fFnlh4G9NvLTAp+qbz+bp+4Mgnpd7TNjjo
3y8LeD69BKotbpCETL67KX/7olMosyGKX1bQX3dBASNswHR4zoao
-----END CERTIFICATE-----