Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/4k_ZuHYqDe_Het9axD5evRht3Lw.roa
File:                     4k_ZuHYqDe_Het9axD5evRht3Lw.roa (raw, json)
Hash identifier:          psQ9n7MA7JcZWMk3LmtdaKPiVMz8GYjL9qmt7ww6xH8=
Subject key identifier:   E2:4F:D9:B8:76:2A:0D:EF:C7:7A:DF:5A:C4:3E:5E:BD:18:6D:DC:BC
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0196B8B71D814675B6C01829DEEBBC648102
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/4k_ZuHYqDe_Het9axD5evRht3Lw.roa
Signing time:             Sat 10 May 2025 05:42:10 +0000
ROA not before:           Sat 10 May 2025 05:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135444
IP address blocks:        92.62.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b8:b7:1d:81:46:75:b6:c0:18:29:de:eb:bc:64:81:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May 10 05:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e24fd9b8762a0defc77adf5ac43e5ebd186ddcbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:12:00:09:39:0e:82:58:9b:d1:16:29:dd:09:
                    3c:56:f2:48:8c:b8:11:de:d9:fd:e8:7e:54:4a:fc:
                    a1:3c:1b:ac:1d:84:c5:cc:d4:d2:aa:53:b2:54:b0:
                    48:e1:bd:06:29:fa:0f:c7:3a:67:34:ff:ad:91:5a:
                    7d:7e:8e:f0:78:23:a1:d2:ce:40:9b:3a:38:db:2f:
                    ce:4c:9b:f1:6b:c4:cb:42:0f:99:8b:35:01:fa:7d:
                    de:a3:85:d6:7d:ca:89:9c:a2:df:13:ca:dc:cf:ad:
                    83:3e:3d:e3:45:74:d9:66:8d:1b:22:c6:ca:80:d6:
                    bc:43:7e:90:d5:1b:45:e1:26:bd:a0:6f:2f:2a:81:
                    57:00:50:86:23:9d:6f:54:ce:79:d9:34:f6:da:f0:
                    d8:bb:42:02:2c:3e:5d:26:68:61:58:ba:17:c0:c8:
                    9e:20:82:ef:f9:69:00:ac:33:d6:b9:f8:c8:4b:8e:
                    06:43:02:8c:99:a7:d9:a5:8b:10:e2:a2:f6:1a:54:
                    90:50:0e:82:c1:ae:d3:bb:18:49:f1:21:88:fd:b1:
                    c1:e8:44:fa:13:ba:f6:a7:f7:23:d4:68:26:6b:75:
                    89:53:3e:ba:60:cc:44:34:d1:f2:04:5b:be:d5:a0:
                    bd:64:e2:4e:d8:58:d3:30:6e:5e:76:c8:cf:51:a9:
                    7a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4F:D9:B8:76:2A:0D:EF:C7:7A:DF:5A:C4:3E:5E:BD:18:6D:DC:BC
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/4k_ZuHYqDe_Het9axD5evRht3Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:64:a8:69:6b:91:70:ed:6e:c0:70:50:dc:48:ab:2e:6a:38:
         62:e8:04:9a:50:22:58:76:ac:08:c6:da:e9:ab:4d:16:3b:19:
         5b:f4:dd:78:fa:7a:77:5a:54:00:3e:0a:22:17:86:d5:4a:0c:
         a5:50:7e:0a:12:ce:64:c7:fe:a3:de:bd:21:5e:91:96:92:e6:
         97:50:82:43:f2:ec:8b:b4:28:cf:f6:07:f9:bb:ee:30:ac:e3:
         00:7c:e4:a7:32:74:02:54:06:b4:6b:42:95:3b:30:31:14:85:
         83:d0:36:1b:0c:9a:35:0c:de:9e:5a:b3:2c:37:57:0d:2b:39:
         d6:12:53:36:8d:2e:dd:4d:e8:61:df:9d:67:c4:23:8a:36:10:
         c7:7e:72:44:a6:08:13:61:05:2a:2c:1b:9b:a6:e1:45:07:08:
         73:52:28:b2:47:90:c3:1d:1a:03:fd:a4:2a:62:39:54:e0:f0:
         fb:1a:42:31:db:f1:53:ac:a1:87:f2:e7:95:a7:80:fc:c9:81:
         5e:f9:dc:91:38:2a:04:1c:5e:c5:e5:63:83:8e:76:5e:8e:03:
         fc:a0:12:2f:07:ba:46:81:83:07:93:2c:3f:42:42:2c:01:64:
         24:78:8a:c7:0f:82:90:22:6f:09:03:b2:40:dd:52:cc:dc:2f:
         68:79:e3:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa4tx2BRnW2wBgp3uu8ZIECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNTEwMDU0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjRmZDliODc2MmEwZGVmYzc3YWRmNWFjNDNlNWViZDE4NmRkY2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRIACTkOglib0RYp3Qk8VvJIjLgR
3tn96H5USvyhPBusHYTFzNTSqlOyVLBI4b0GKfoPxzpnNP+tkVp9fo7weCOh0s5A
mzo42y/OTJvxa8TLQg+ZizUB+n3eo4XWfcqJnKLfE8rcz62DPj3jRXTZZo0bIsbK
gNa8Q36Q1RtF4Sa9oG8vKoFXAFCGI51vVM552TT22vDYu0ICLD5dJmhhWLoXwMie
IILv+WkArDPWufjIS44GQwKMmafZpYsQ4qL2GlSQUA6Cwa7TuxhJ8SGI/bHB6ET6
E7r2p/cj1Ggma3WJUz66YMxENNHyBFu+1aC9ZOJO2FjTMG5edsjPUal6twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJP2bh2Kg3vx3rfWsQ+Xr0Ybdy8MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvNGtfWnVIWXFEZV9IZXQ5YXhENWV2Umh0M0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7xMA0G
CSqGSIb3DQEBCwUAA4IBAQB8ZKhpa5Fw7W7AcFDcSKsuajhi6ASaUCJYdqwIxtrp
q00WOxlb9N14+np3WlQAPgoiF4bVSgylUH4KEs5kx/6j3r0hXpGWkuaXUIJD8uyL
tCjP9gf5u+4wrOMAfOSnMnQCVAa0a0KVOzAxFIWD0DYbDJo1DN6eWrMsN1cNKznW
ElM2jS7dTehh351nxCOKNhDHfnJEpggTYQUqLBubpuFFBwhzUiiyR5DDHRoD/aQq
YjlU4PD7GkIx2/FTrKGH8ueVp4D8yYFe+dyROCoEHF7F5WODjnZejgP8oBIvB7pG
gYMHkyw/QkIsAWQkeIrHD4KQIm8JA7JA3VLM3C9oeeMG
-----END CERTIFICATE-----