Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/daT_tlHA6Qk4P5c_mAKg_30bQto.roa
File:                     daT_tlHA6Qk4P5c_mAKg_30bQto.roa (raw, json)
Hash identifier:          8QeryI1AvWB8IxUm5wUjKihb2jduD7+5c0+oE2ozl40=
Subject key identifier:   75:A4:FF:B6:51:C0:E9:09:38:3F:97:3F:98:02:A0:FF:7D:1B:42:DA
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       01982CAE6E996B4CA2F23423087600AE7AA8
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/daT_tlHA6Qk4P5c_mAKg_30bQto.roa
Signing time:             Mon 21 Jul 2025 11:11:25 +0000
ROA not before:           Mon 21 Jul 2025 11:11:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213537
IP address blocks:        92.242.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:ae:6e:99:6b:4c:a2:f2:34:23:08:76:00:ae:7a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Jul 21 11:11:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75a4ffb651c0e909383f973f9802a0ff7d1b42da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:82:78:94:04:16:de:59:0e:88:9e:33:7b:0b:
                    1c:29:2d:2c:2c:09:08:a2:d7:e2:99:ae:7b:ce:62:
                    9d:c9:c8:4d:12:a8:f7:0c:ec:12:2b:db:86:c1:98:
                    b9:cd:f0:43:7c:5f:c4:40:1f:f2:05:eb:bd:f0:b1:
                    ee:68:19:99:eb:3e:9b:60:1a:b5:cb:a8:94:30:47:
                    2a:46:48:86:13:e3:cf:8d:73:c1:ea:e0:1c:09:6e:
                    cc:37:aa:e1:0c:6c:b4:32:24:91:07:b0:35:df:c3:
                    5e:54:05:50:02:19:5f:a2:94:1f:ba:48:7d:4f:64:
                    62:af:52:64:61:d9:04:03:4b:b5:d6:7c:ab:19:13:
                    37:d1:50:58:37:38:a4:45:4c:be:04:34:a6:2e:15:
                    75:3f:f8:e3:cb:98:41:da:36:aa:e5:15:f0:67:8d:
                    95:c0:d9:a4:f6:44:de:90:ab:c8:cd:77:7b:79:64:
                    90:c7:df:b9:7e:4e:ad:ef:26:92:f0:ed:29:b1:7f:
                    46:dc:7e:39:0f:6a:be:4f:05:bb:9c:14:3d:1c:c9:
                    00:b6:21:f7:5f:c2:eb:28:83:ba:50:3e:6f:36:c9:
                    fc:dc:19:c9:0a:08:1d:0c:a0:5e:fb:65:b4:ad:60:
                    fe:5d:9e:52:e5:8a:c7:c8:34:b2:53:4b:12:a0:76:
                    49:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A4:FF:B6:51:C0:E9:09:38:3F:97:3F:98:02:A0:FF:7D:1B:42:DA
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/daT_tlHA6Qk4P5c_mAKg_30bQto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:15:bc:47:75:76:d2:14:a5:d2:79:98:7b:76:5b:60:e8:2b:
         b7:cb:0f:fd:66:bc:4a:58:11:45:1d:2a:52:b2:dd:af:f4:53:
         d1:a6:3f:4f:13:ee:84:e7:7f:00:dd:30:94:3b:65:b3:8a:56:
         ad:e5:d4:6e:0e:85:8a:b5:29:56:89:da:05:ff:33:38:a2:50:
         e2:f8:81:ad:09:b6:0a:b9:23:26:68:12:71:4b:55:0e:28:48:
         5e:d8:89:90:5f:b8:9d:5c:bf:ab:75:db:14:72:5a:ec:67:d8:
         5a:bd:67:da:33:f1:1a:ba:bd:37:53:29:ca:4f:59:7c:f4:13:
         5e:fe:df:13:18:31:0c:cc:51:6d:13:fe:f0:f6:34:5f:e8:c2:
         3e:fb:d1:0b:8a:04:bf:53:1f:c9:54:18:5c:a9:dc:5c:fb:f3:
         f0:61:8c:2b:04:f9:5c:b4:b9:61:3a:50:31:a2:e0:33:0f:11:
         04:75:2b:93:e9:0a:95:18:92:30:7d:1a:e0:a2:a9:e0:d8:f3:
         35:7b:35:cb:48:c9:91:4d:c9:7e:eb:14:d3:35:d7:01:8c:b9:
         4a:42:86:77:24:98:18:07:b0:bc:ad:bc:6d:7b:fa:dd:4d:3f:
         5f:1e:1c:2e:d5:00:27:b9:9f:ef:47:c7:7f:ac:96:c0:27:3c:
         ec:5d:32:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgsrm6Za0yi8jQjCHYArnqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjUwNzIxMTExMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWE0ZmZiNjUxYzBlOTA5MzgzZjk3M2Y5ODAyYTBmZjdkMWI0MmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7oJ4lAQW3lkOiJ4zewscKS0sLAkI
otfima57zmKdychNEqj3DOwSK9uGwZi5zfBDfF/EQB/yBeu98LHuaBmZ6z6bYBq1
y6iUMEcqRkiGE+PPjXPB6uAcCW7MN6rhDGy0MiSRB7A138NeVAVQAhlfopQfukh9
T2Rir1JkYdkEA0u11nyrGRM30VBYNzikRUy+BDSmLhV1P/jjy5hB2jaq5RXwZ42V
wNmk9kTekKvIzXd7eWSQx9+5fk6t7yaS8O0psX9G3H45D2q+TwW7nBQ9HMkAtiH3
X8LrKIO6UD5vNsn83BnJCggdDKBe+2W0rWD+XZ5S5YrHyDSyU0sSoHZJhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWk/7ZRwOkJOD+XP5gCoP99G0LaMB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvZGFUX3RsSEE2UWs0UDVjX21BS2dfMzBiUXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKlMA0G
CSqGSIb3DQEBCwUAA4IBAQCSFbxHdXbSFKXSeZh7dltg6Cu3yw/9ZrxKWBFFHSpS
st2v9FPRpj9PE+6E538A3TCUO2Wzilat5dRuDoWKtSlWidoF/zM4olDi+IGtCbYK
uSMmaBJxS1UOKEhe2ImQX7idXL+rddsUclrsZ9havWfaM/Eaur03UynKT1l89BNe
/t8TGDEMzFFtE/7w9jRf6MI++9ELigS/Ux/JVBhcqdxc+/PwYYwrBPlctLlhOlAx
ouAzDxEEdSuT6QqVGJIwfRrgoqng2PM1ezXLSMmRTcl+6xTTNdcBjLlKQoZ3JJgY
B7C8rbxte/rdTT9fHhwu1QAnuZ/vR8d/rJbAJzzsXTKz
-----END CERTIFICATE-----