Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/RM5tveyL7IwwCTJhkjI3P9MlLys.roa
File:                     RM5tveyL7IwwCTJhkjI3P9MlLys.roa (raw, json)
Hash identifier:          KFFKSBrC9ZMfN/WLMwRRsqjcRSmKiqYliu6seaJxBqE=
Subject key identifier:   44:CE:6D:BD:EC:8B:EC:8C:30:09:32:61:92:32:37:3F:D3:25:2F:2B
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       019818B1AD74AFBF1C58BC6CFBF620373792
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/RM5tveyL7IwwCTJhkjI3P9MlLys.roa
Signing time:             Thu 17 Jul 2025 14:02:34 +0000
ROA not before:           Thu 17 Jul 2025 14:02:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49791
IP address blocks:        92.60.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:b1:ad:74:af:bf:1c:58:bc:6c:fb:f6:20:37:37:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Jul 17 14:02:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44ce6dbdec8bec8c300932619232373fd3252f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:08:e1:f3:fe:07:21:a7:b7:5c:43:14:76:
                    18:53:90:06:64:02:52:fb:ff:47:78:fd:23:cd:ef:
                    9c:dd:d3:8a:fe:4a:9e:85:66:45:c6:44:a3:08:47:
                    2d:bf:2a:34:64:d5:6d:ff:e4:4a:2f:99:48:e9:66:
                    17:9c:04:14:ce:86:13:fd:e4:8e:be:2e:1c:ab:07:
                    26:01:06:6d:97:68:7c:b2:aa:c6:40:2a:f8:40:38:
                    57:ce:1e:e0:dd:a0:71:53:7d:31:c2:15:bd:0f:45:
                    59:d7:14:03:4d:e6:32:9b:ab:56:73:3b:bd:b9:2d:
                    da:8d:8a:cd:4f:b2:c1:51:10:c8:46:1f:b6:f8:f4:
                    ef:d0:43:63:81:18:7d:54:0d:2d:4a:62:9f:97:9f:
                    75:fc:f9:9d:e9:14:9e:e3:4a:56:d5:b4:64:99:b0:
                    6e:9e:16:12:2e:ae:eb:b5:6f:2d:45:c9:87:18:20:
                    c6:a3:64:10:1e:be:44:e4:bc:27:b7:af:8b:13:c0:
                    01:02:9a:55:52:82:82:56:57:a3:30:99:d5:07:14:
                    7b:6f:5e:58:6b:13:88:cb:52:7e:50:10:9f:4a:ed:
                    a5:97:37:a7:98:2e:80:92:96:cf:0a:4c:e3:6a:bc:
                    f4:b3:05:2b:c1:94:d5:80:38:a3:da:1c:0d:1e:ee:
                    80:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CE:6D:BD:EC:8B:EC:8C:30:09:32:61:92:32:37:3F:D3:25:2F:2B
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/RM5tveyL7IwwCTJhkjI3P9MlLys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:cf:56:1c:6e:c9:5d:cc:be:60:7b:cb:ea:e9:40:40:48:df:
         30:47:6b:4f:6a:15:7d:04:d9:c7:dc:27:85:c0:8d:db:5b:0f:
         53:50:84:46:c0:70:fa:bd:af:10:50:48:55:70:0f:c0:a1:45:
         25:85:dc:f9:cb:1f:45:cf:33:1c:b5:e8:b0:4b:0a:38:04:d6:
         8a:2e:c1:11:11:a7:a3:df:b3:16:8a:b1:fa:16:76:80:01:8a:
         05:f5:d0:74:7c:18:64:b3:77:c1:9d:8f:a0:0e:6a:0b:7b:13:
         21:1f:f1:01:a1:ca:6b:3c:75:ee:aa:29:f0:41:77:35:40:6c:
         08:6b:32:d5:00:f0:8f:60:2f:ac:c2:13:a3:75:03:2a:d9:69:
         75:83:ba:b7:d8:8e:85:f1:a2:1f:a6:2b:35:2c:56:97:7e:77:
         65:99:92:c5:46:6d:8d:b7:18:6e:62:c9:45:5c:3c:5f:c7:ee:
         70:e8:0d:8d:8d:0e:6f:55:c7:b1:7e:ce:64:33:82:83:0c:f0:
         f3:71:3c:7b:79:48:d6:f1:22:12:bf:0a:91:06:df:77:3d:97:
         6b:69:2a:ff:09:98:e1:bc:d4:ae:50:b4:65:f0:ca:c2:7a:9d:
         af:54:de:95:7d:91:35:c7:85:e7:49:f2:d1:0d:2d:e6:4a:be:
         5b:ac:5a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYsa10r78cWLxs+/YgNzeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjUwNzE3MTQwMjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNlNmRiZGVjOGJlYzhjMzAwOTMyNjE5MjMyMzczZmQzMjUyZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouEI4fP+ByGnt1xDFHYYU5AGZAJS
+/9HeP0jze+c3dOK/kqehWZFxkSjCEctvyo0ZNVt/+RKL5lI6WYXnAQUzoYT/eSO
vi4cqwcmAQZtl2h8sqrGQCr4QDhXzh7g3aBxU30xwhW9D0VZ1xQDTeYym6tWczu9
uS3ajYrNT7LBURDIRh+2+PTv0ENjgRh9VA0tSmKfl591/Pmd6RSe40pW1bRkmbBu
nhYSLq7rtW8tRcmHGCDGo2QQHr5E5Lwnt6+LE8ABAppVUoKCVlejMJnVBxR7b15Y
axOIy1J+UBCfSu2llzenmC6AkpbPCkzjarz0swUrwZTVgDij2hwNHu6AywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETObb3si+yMMAkyYZIyNz/TJS8rMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvUk01dHZleUw3SXd3Q1RKaGtqSTNQOU1sTHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDxLMA0G
CSqGSIb3DQEBCwUAA4IBAQAkz1YcbsldzL5ge8vq6UBASN8wR2tPahV9BNnH3CeF
wI3bWw9TUIRGwHD6va8QUEhVcA/AoUUlhdz5yx9FzzMcteiwSwo4BNaKLsEREaej
37MWirH6FnaAAYoF9dB0fBhks3fBnY+gDmoLexMhH/EBocprPHXuqinwQXc1QGwI
azLVAPCPYC+swhOjdQMq2Wl1g7q32I6F8aIfpis1LFaXfndlmZLFRm2NtxhuYslF
XDxfx+5w6A2NjQ5vVcexfs5kM4KDDPDzcTx7eUjW8SISvwqRBt93PZdraSr/CZjh
vNSuULRl8MrCep2vVN6VfZE1x4XnSfLRDS3mSr5brFqB
-----END CERTIFICATE-----