Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/mg19WNAm6gXvD1CwHwj3wOuxd08.roa
File:                     mg19WNAm6gXvD1CwHwj3wOuxd08.roa (raw, json)
Hash identifier:          jdqFWR6ebZf/ocAinEJ2n6v0StWgaAo3c7xcDkQstc0=
Subject key identifier:   9A:0D:7D:58:D0:26:EA:05:EF:0F:50:B0:1F:08:F7:C0:EB:B1:77:4F
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0194E4562D811F584F31FD86FE335B39D58B
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/mg19WNAm6gXvD1CwHwj3wOuxd08.roa
Signing time:             Sat 08 Feb 2025 06:54:00 +0000
ROA not before:           Sat 08 Feb 2025 06:54:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        92.62.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e4:56:2d:81:1f:58:4f:31:fd:86:fe:33:5b:39:d5:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Feb  8 06:54:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a0d7d58d026ea05ef0f50b01f08f7c0ebb1774f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:85:ef:9e:79:58:95:9c:c4:e7:f9:61:93:
                    4b:ce:c8:de:6b:a7:42:51:65:81:f7:37:d2:ee:3b:
                    94:38:a9:78:c6:9f:e4:d0:9f:e0:b9:54:2d:0e:34:
                    a7:3a:0e:35:22:27:3d:8f:5d:65:0e:3e:ef:16:fe:
                    72:9a:6a:0e:65:d7:d4:55:41:61:10:7d:2a:7a:7a:
                    73:c6:e2:11:10:b1:4c:0f:96:0f:26:fd:b7:b3:fe:
                    46:f7:9a:ab:43:81:9c:32:a8:28:09:9a:10:c4:b4:
                    f3:c7:96:4e:3d:55:f7:19:48:77:56:b9:55:32:38:
                    7e:ac:91:92:9c:cb:fd:41:94:82:9a:9c:e6:cc:4d:
                    ba:a7:de:b3:88:4e:c1:7e:e8:d3:8a:81:e8:bc:da:
                    d7:64:8c:b2:32:fb:0e:01:29:1a:c2:90:82:f3:da:
                    78:97:fe:6a:77:67:21:40:0b:7b:b6:61:d0:89:a8:
                    d4:b6:f4:24:42:93:34:d0:42:fb:a1:7c:ac:a2:13:
                    dc:f1:c2:3b:76:ea:ed:d5:34:1c:a1:b8:bd:ff:80:
                    80:d2:6f:29:a2:43:0c:f6:57:70:b1:13:f0:76:1f:
                    6c:5b:5e:61:65:32:3f:28:50:26:2e:f5:d7:00:e7:
                    b9:20:c1:06:8c:03:42:40:7a:34:31:1d:c1:5c:9f:
                    ae:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:0D:7D:58:D0:26:EA:05:EF:0F:50:B0:1F:08:F7:C0:EB:B1:77:4F
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/mg19WNAm6gXvD1CwHwj3wOuxd08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e4:bc:13:53:95:d2:50:18:ad:8b:81:4e:90:e5:5e:3b:f5:
         71:80:ad:9b:dd:69:a6:b7:1a:be:0e:7e:9b:24:1d:5b:4f:3f:
         25:65:35:ba:20:90:db:9e:47:21:c9:7f:ea:fb:09:96:f2:da:
         a3:82:b7:84:c9:60:8a:a1:ac:50:c0:14:9c:4e:2a:d3:3b:26:
         2a:16:1a:82:90:60:4b:81:2a:29:29:ea:82:89:43:96:55:6a:
         a9:a3:0e:95:18:4e:27:7c:28:1e:1c:b0:db:d1:a7:1d:d1:5b:
         21:28:7a:7d:f8:03:ea:0d:6c:a6:e3:af:db:e2:55:c6:14:31:
         ed:a2:29:1c:44:12:34:28:e4:f2:bc:c6:72:77:7e:6a:c7:0f:
         80:41:9e:95:a3:59:09:19:75:bf:40:46:89:7f:95:67:80:99:
         44:05:8c:73:b6:89:59:00:88:09:1f:a1:12:d9:e9:70:1b:8c:
         6a:03:c7:b8:76:44:01:12:db:c5:70:09:fa:70:90:45:99:cc:
         bc:cf:f3:04:ef:1d:59:64:03:c6:06:04:c2:9b:b4:bb:a6:b3:
         14:d1:1d:4e:66:f3:eb:dc:4f:77:cb:30:32:2a:eb:28:03:cc:
         fe:99:24:36:32:d9:f7:4d:8a:52:f7:a0:da:d8:dc:0e:e5:e8:
         5c:64:1a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTkVi2BH1hPMf2G/jNbOdWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMjA4MDY1NDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTBkN2Q1OGQwMjZlYTA1ZWYwZjUwYjAxZjA4ZjdjMGViYjE3NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf2F7555WJWcxOf5YZNLzsjea6dC
UWWB9zfS7juUOKl4xp/k0J/guVQtDjSnOg41Iic9j11lDj7vFv5ymmoOZdfUVUFh
EH0qenpzxuIRELFMD5YPJv23s/5G95qrQ4GcMqgoCZoQxLTzx5ZOPVX3GUh3VrlV
Mjh+rJGSnMv9QZSCmpzmzE26p96ziE7BfujTioHovNrXZIyyMvsOASkawpCC89p4
l/5qd2chQAt7tmHQiajUtvQkQpM00EL7oXysohPc8cI7durt1TQcobi9/4CA0m8p
okMM9ldwsRPwdh9sW15hZTI/KFAmLvXXAOe5IMEGjANCQHo0MR3BXJ+uNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoNfVjQJuoF7w9QsB8I98DrsXdPMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvbWcxOVdOQW02Z1h2RDFDd0h3ajN3T3V4ZDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD79MA0G
CSqGSIb3DQEBCwUAA4IBAQCr5LwTU5XSUBiti4FOkOVeO/VxgK2b3Wmmtxq+Dn6b
JB1bTz8lZTW6IJDbnkchyX/q+wmW8tqjgreEyWCKoaxQwBScTirTOyYqFhqCkGBL
gSopKeqCiUOWVWqpow6VGE4nfCgeHLDb0acd0VshKHp9+APqDWym46/b4lXGFDHt
oikcRBI0KOTyvMZyd35qxw+AQZ6Vo1kJGXW/QEaJf5VngJlEBYxztolZAIgJH6ES
2elwG4xqA8e4dkQBEtvFcAn6cJBFmcy8z/ME7x1ZZAPGBgTCm7S7prMU0R1OZvPr
3E93yzAyKusoA8z+mSQ2Mtn3TYpS96Da2NwO5ehcZBpi
-----END CERTIFICATE-----