Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/42ZKqzZkMxt9TNa3kDuOPMM6iQE.roa
File:                     42ZKqzZkMxt9TNa3kDuOPMM6iQE.roa (raw, json)
Hash identifier:          KZlJ8qtbQIc6xsv2BWgZJQIZNypBYZKEQKWe5hueZS8=
Subject key identifier:   E3:66:4A:AB:36:64:33:1B:7D:4C:D6:B7:90:3B:8E:3C:C3:3A:89:01
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       0197E0B633B99F1ED5945421B2237D45920E
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/42ZKqzZkMxt9TNa3kDuOPMM6iQE.roa
Signing time:             Sun 06 Jul 2025 17:08:46 +0000
ROA not before:           Sun 06 Jul 2025 17:08:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        92.60.72.0/23 maxlen: 23
                          92.60.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e0:b6:33:b9:9f:1e:d5:94:54:21:b2:23:7d:45:92:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Jul  6 17:08:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3664aab3664331b7d4cd6b7903b8e3cc33a8901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d5:1e:b5:d8:a6:40:b9:32:14:04:48:ac:79:
                    6c:a7:35:73:6d:f2:3f:59:0d:b8:5e:5d:dc:5a:66:
                    f6:a8:56:b4:72:60:76:30:1b:c2:e2:9b:0a:c7:02:
                    c9:9a:17:c2:6e:39:cd:1c:68:ac:1e:1d:ec:fc:b4:
                    aa:c8:e7:3f:14:5a:45:cc:e6:bf:ca:3a:58:b7:3d:
                    57:cd:57:a1:cd:64:c9:8c:66:fb:2f:84:74:72:44:
                    66:10:22:f7:cc:b2:72:12:02:cd:8e:f6:55:9d:9c:
                    91:c0:28:e2:c5:cc:a8:07:25:55:81:35:8a:07:ac:
                    f3:4f:19:9c:ea:14:61:97:aa:6c:e3:86:2c:1f:55:
                    e2:60:9d:dc:8f:04:e8:86:5b:13:80:d3:28:d5:7f:
                    15:17:99:15:66:42:d6:a4:85:40:49:45:f6:81:89:
                    2d:81:58:53:03:68:dd:9b:dd:31:c4:98:2a:c6:a2:
                    fb:7c:40:39:f0:96:c4:f7:bf:51:5a:01:03:dd:c8:
                    8c:be:b2:76:8e:ec:d8:67:ff:cb:a3:21:6d:54:67:
                    d0:1b:6d:35:ea:8d:99:67:41:31:d1:cf:5b:f6:8d:
                    92:25:aa:47:d5:e7:0d:22:57:65:21:5c:b0:b2:51:
                    c9:c1:ac:3f:6c:f5:12:c4:9c:47:ef:21:d7:dd:a4:
                    8b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:66:4A:AB:36:64:33:1B:7D:4C:D6:B7:90:3B:8E:3C:C3:3A:89:01
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/42ZKqzZkMxt9TNa3kDuOPMM6iQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.72.0-92.60.74.255

    Signature Algorithm: sha256WithRSAEncryption
         09:67:62:b1:33:6a:95:98:f7:5c:af:14:8c:e2:e5:5c:1c:7b:
         1c:34:77:3a:1d:8e:a9:3a:70:68:9f:4b:8c:97:d3:97:f5:bf:
         82:1f:5b:75:24:c3:5c:b7:ae:a4:05:f5:d5:d2:8e:16:9c:92:
         9d:77:f1:ae:37:ad:e4:02:08:d7:4f:56:16:49:99:54:26:45:
         e7:38:92:37:d0:62:28:c1:d5:62:6f:43:54:3b:62:d0:35:11:
         7f:b9:82:ef:3c:aa:27:70:8a:5a:a7:a7:bc:d6:f9:6a:0e:6e:
         f3:a6:9f:28:c5:d5:81:d0:12:b1:60:88:1f:8f:f9:b1:e3:75:
         d0:58:df:86:2b:07:85:e0:25:d4:e8:74:a1:12:10:da:1e:cc:
         fb:ac:5c:02:3f:85:7b:d4:e9:f4:35:e1:c2:b6:4e:97:ca:4b:
         a7:c5:76:60:63:3f:f8:f7:9a:f6:77:c3:cd:fc:73:b2:fe:b2:
         d0:0a:62:81:f6:59:86:22:6c:42:b7:58:72:dd:b4:df:5f:d9:
         12:a3:96:7a:42:8a:3e:89:57:3d:38:da:f0:ab:2a:3b:71:25:
         99:9a:84:4e:d7:c9:25:ce:29:3e:64:0e:1a:a2:e0:52:a6:52:
         35:a5:1b:69:55:31:15:a7:3a:9e:32:1a:51:51:89:b3:2f:5f:
         34:00:e4:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfgtjO5nx7VlFQhsiN9RZIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjUwNzA2MTcwODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY2NGFhYjM2NjQzMzFiN2Q0Y2Q2Yjc5MDNiOGUzY2MzM2E4OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotUetdimQLkyFARIrHlspzVzbfI/
WQ24Xl3cWmb2qFa0cmB2MBvC4psKxwLJmhfCbjnNHGisHh3s/LSqyOc/FFpFzOa/
yjpYtz1XzVehzWTJjGb7L4R0ckRmECL3zLJyEgLNjvZVnZyRwCjixcyoByVVgTWK
B6zzTxmc6hRhl6ps44YsH1XiYJ3cjwTohlsTgNMo1X8VF5kVZkLWpIVASUX2gYkt
gVhTA2jdm90xxJgqxqL7fEA58JbE979RWgED3ciMvrJ2juzYZ//LoyFtVGfQG201
6o2ZZ0Ex0c9b9o2SJapH1ecNIldlIVywslHJwaw/bPUSxJxH7yHX3aSLtwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFONmSqs2ZDMbfUzWt5A7jjzDOokBMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvNDJaS3F6WmtNeHQ5VE5hM2tEdU9QTU02aVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANcPEgD
BABcPEowDQYJKoZIhvcNAQELBQADggEBAAlnYrEzapWY91yvFIzi5Vwcexw0dzod
jqk6cGifS4yX05f1v4IfW3Ukw1y3rqQF9dXSjhackp138a43reQCCNdPVhZJmVQm
Rec4kjfQYijB1WJvQ1Q7YtA1EX+5gu88qidwilqnp7zW+WoObvOmnyjF1YHQErFg
iB+P+bHjddBY34YrB4XgJdTodKESENoezPusXAI/hXvU6fQ14cK2TpfKS6fFdmBj
P/j3mvZ3w838c7L+stAKYoH2WYYibEK3WHLdtN9f2RKjlnpCij6JVz042vCrKjtx
JZmahE7XySXOKT5kDhqi4FKmUjWlG2lVMRWnOp4yGlFRibMvXzQA5Ew=
-----END CERTIFICATE-----