Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/8np8dFC03aZy-NSvKyaibYkoD2c.roa
File:                     8np8dFC03aZy-NSvKyaibYkoD2c.roa (raw, json)
Hash identifier:          yH2zRDSO2w0uHZTYPQwRFl05v2muoqWJ+Z0OUk1oMhY=
Subject key identifier:   F2:7A:7C:74:50:B4:DD:A6:72:F8:D4:AF:2B:26:A2:6D:89:28:0F:67
Certificate issuer:       /CN=1a31dca887d8be606019d0a1593a16ffd39fd692
Certificate serial:       0197A6282E95B5165273A188228F863E8005
Authority key identifier: 1A:31:DC:A8:87:D8:BE:60:60:19:D0:A1:59:3A:16:FF:D3:9F:D6:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GjHcqIfYvmBgGdChWToW_9Of1pI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/8np8dFC03aZy-NSvKyaibYkoD2c.roa
Signing time:             Wed 25 Jun 2025 08:15:40 +0000
ROA not before:           Wed 25 Jun 2025 08:15:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57724
IP address blocks:        185.223.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/GjHcqIfYvmBgGdChWToW_9Of1pI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/GjHcqIfYvmBgGdChWToW_9Of1pI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GjHcqIfYvmBgGdChWToW_9Of1pI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:28:2e:95:b5:16:52:73:a1:88:22:8f:86:3e:80:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a31dca887d8be606019d0a1593a16ffd39fd692
        Validity
            Not Before: Jun 25 08:15:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f27a7c7450b4dda672f8d4af2b26a26d89280f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fb:69:16:e3:d1:cd:bf:ee:c4:55:15:32:1c:
                    ab:25:45:c2:26:55:e6:a6:63:96:57:9f:c0:b1:de:
                    e2:44:44:1c:2e:5c:f6:52:f1:f3:8d:f7:cc:1d:a1:
                    12:67:28:f0:38:29:7c:9c:23:c0:1c:aa:e6:92:7d:
                    7b:14:8a:c6:a0:d9:95:c0:cd:b0:fd:36:93:4a:2e:
                    77:ee:3d:dd:f0:b1:d5:f2:45:79:f5:7d:e4:bb:61:
                    de:6d:1f:23:dc:67:e3:ae:90:3c:70:bd:e8:f4:0c:
                    54:51:32:42:16:33:f5:42:28:8f:2a:4a:b3:7a:7b:
                    2d:32:59:ee:e6:04:05:0c:aa:62:07:2f:75:54:d1:
                    a5:25:c9:24:16:34:b1:7d:d6:eb:3a:5b:80:2f:75:
                    be:9e:cf:34:9d:2b:3e:39:6f:15:d4:98:b3:72:65:
                    b0:6b:4d:08:52:55:e5:84:25:0b:b6:0d:4e:08:32:
                    65:7f:1e:03:e0:6c:5f:6d:65:77:a9:93:b0:36:07:
                    f9:df:bc:ec:cd:7a:74:32:78:99:f9:cc:ad:2b:8d:
                    c7:68:d9:f3:8a:56:ce:09:23:62:df:3d:01:40:67:
                    62:bb:3f:48:81:1d:10:4d:db:fc:c1:24:a0:2e:aa:
                    d0:b0:62:6a:0c:4b:91:8e:3e:bd:61:5d:2a:02:c5:
                    33:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:7A:7C:74:50:B4:DD:A6:72:F8:D4:AF:2B:26:A2:6D:89:28:0F:67
            X509v3 Authority Key Identifier:
                keyid:1A:31:DC:A8:87:D8:BE:60:60:19:D0:A1:59:3A:16:FF:D3:9F:D6:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GjHcqIfYvmBgGdChWToW_9Of1pI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/8np8dFC03aZy-NSvKyaibYkoD2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/2780ce-4f26-4b64-b7f1-90c999d35ed8/1/GjHcqIfYvmBgGdChWToW_9Of1pI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:dc:ab:34:63:4a:9f:05:5a:d2:3c:8a:ce:0d:e7:0c:0b:e3:
         22:10:2a:3a:45:af:d6:64:9d:e0:50:50:e0:47:4a:e5:7a:87:
         6e:ee:1a:3e:54:3f:30:05:cd:80:a0:0f:cb:fa:21:24:b2:74:
         fb:e1:24:7f:02:65:a0:f9:83:04:45:b3:61:7d:f1:1c:4b:01:
         81:32:08:d2:1a:a9:c8:c2:06:22:64:ed:2b:f9:5d:5d:a4:56:
         8a:8a:0d:85:b9:20:ce:dc:51:8d:2d:11:61:6a:a4:3b:07:51:
         72:85:7f:59:22:20:6d:cb:13:78:7b:40:93:9e:5f:cb:b6:87:
         73:ba:c7:e6:a1:f8:b9:06:f7:a8:e0:7d:1f:88:c0:4b:42:92:
         5b:c7:68:7c:a3:6e:52:65:bf:39:68:fb:17:29:d9:06:ee:c3:
         8a:cc:de:30:15:52:1e:15:a6:a8:ee:17:4f:3a:88:81:ac:8a:
         6e:dd:a7:03:cd:d8:da:73:00:be:74:09:d3:6c:53:42:94:57:
         29:95:d0:11:7b:f5:7c:9e:ba:6c:53:6a:d3:15:8a:b2:7e:ad:
         9d:b6:49:dd:71:3d:3e:ea:ee:82:2b:fe:97:79:92:00:fc:a4:
         09:e2:39:57:3b:81:5a:a7:8c:6f:ee:a2:66:2d:7b:57:dc:28:
         d3:a9:a6:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemKC6VtRZSc6GIIo+GPoAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzFkY2E4ODdkOGJlNjA2MDE5ZDBhMTU5M2ExNmZmZDM5
ZmQ2OTIwHhcNMjUwNjI1MDgxNTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdhN2M3NDUwYjRkZGE2NzJmOGQ0YWYyYjI2YTI2ZDg5MjgwZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/tpFuPRzb/uxFUVMhyrJUXCJlXm
pmOWV5/Asd7iREQcLlz2UvHzjffMHaESZyjwOCl8nCPAHKrmkn17FIrGoNmVwM2w
/TaTSi537j3d8LHV8kV59X3ku2HebR8j3GfjrpA8cL3o9AxUUTJCFjP1QiiPKkqz
enstMlnu5gQFDKpiBy91VNGlJckkFjSxfdbrOluAL3W+ns80nSs+OW8V1JizcmWw
a00IUlXlhCULtg1OCDJlfx4D4GxfbWV3qZOwNgf537zszXp0MniZ+cytK43HaNnz
ilbOCSNi3z0BQGdiuz9IgR0QTdv8wSSgLqrQsGJqDEuRjj69YV0qAsUzcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJ6fHRQtN2mcvjUrysmom2JKA9nMB8GA1UdIwQY
MBaAFBox3KiH2L5gYBnQoVk6Fv/Tn9aSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2pIY3FJZll2bUJnR2RDaFdUb1dfOU9mMXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yNzgwY2UtNGYyNi00YjY0LWI3ZjEt
OTBjOTk5ZDM1ZWQ4LzEvOG5wOGRGQzAzYVp5LU5Tdkt5YWliWWtvRDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yNzgwY2UtNGYyNi00YjY0LWI3ZjEtOTBjOTk5ZDM1ZWQ4
LzEvR2pIY3FJZll2bUJnR2RDaFdUb1dfOU9mMXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud9cMA0G
CSqGSIb3DQEBCwUAA4IBAQB43Ks0Y0qfBVrSPIrODecMC+MiECo6Ra/WZJ3gUFDg
R0rleodu7ho+VD8wBc2AoA/L+iEksnT74SR/AmWg+YMERbNhffEcSwGBMgjSGqnI
wgYiZO0r+V1dpFaKig2FuSDO3FGNLRFhaqQ7B1FyhX9ZIiBtyxN4e0CTnl/Ltodz
usfmofi5Bveo4H0fiMBLQpJbx2h8o25SZb85aPsXKdkG7sOKzN4wFVIeFaao7hdP
OoiBrIpu3acDzdjacwC+dAnTbFNClFcpldARe/V8nrpsU2rTFYqyfq2dtkndcT0+
6u6CK/6XeZIA/KQJ4jlXO4Fap4xv7qJmLXtX3CjTqaZA
-----END CERTIFICATE-----