Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8R7LSfhE3UtkOqqB0W3_nrZ3ho4.roa
File:                     8R7LSfhE3UtkOqqB0W3_nrZ3ho4.roa (raw, json)
Hash identifier:          WHfNau4t7umd5KoTkut/GoNz6JYCazshlb2JdkIEsSE=
Subject key identifier:   F1:1E:CB:49:F8:44:DD:4B:64:3A:AA:81:D1:6D:FF:9E:B6:77:86:8E
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019CB97436CEACB862B422723391083FACC9
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8R7LSfhE3UtkOqqB0W3_nrZ3ho4.roa
Signing time:             Wed 04 Mar 2026 15:25:26 +0000
ROA not before:           Wed 04 Mar 2026 15:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        92.62.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:74:36:ce:ac:b8:62:b4:22:72:33:91:08:3f:ac:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar  4 15:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f11ecb49f844dd4b643aaa81d16dff9eb677868e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d2:f9:02:6d:77:f6:b5:a6:ce:97:c0:c1:b8:
                    53:08:72:19:f5:07:40:ca:11:a4:da:86:06:55:76:
                    0a:ca:2c:3b:15:30:da:91:cc:4b:e5:fd:39:d0:bb:
                    c0:92:21:b3:54:61:c0:3a:58:c0:8c:ca:40:fb:16:
                    74:8d:50:6b:27:9c:e4:d1:ea:a8:2f:86:9b:eb:dc:
                    eb:21:06:42:f3:55:f8:08:3d:71:86:cd:3c:68:d8:
                    85:9d:bd:84:f1:ed:8e:79:97:e9:55:4a:46:62:c3:
                    9e:bc:d3:4f:6e:d3:99:74:8d:a8:ba:26:56:89:e1:
                    51:80:3f:5f:43:1b:f0:ea:05:6a:93:e3:72:ef:3a:
                    bf:ec:6a:03:10:dd:b5:52:92:99:aa:89:63:77:6e:
                    ae:05:8a:99:6a:25:a3:15:a7:ee:26:04:0b:e1:d2:
                    d3:cd:98:ec:28:6e:e1:6f:23:6f:ad:22:19:b9:79:
                    70:f5:e0:0e:70:5e:56:70:41:82:91:38:c2:99:7f:
                    5c:ba:b7:3e:48:2d:f9:1f:95:a5:20:a6:c3:6e:ed:
                    e6:39:fa:91:a4:1f:3f:01:65:09:eb:df:23:2f:1e:
                    0f:47:79:be:22:fc:68:63:c7:a4:34:d6:38:8f:62:
                    10:ad:a0:ed:93:b7:68:b1:8a:b2:0e:e2:8c:bd:c0:
                    bd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:1E:CB:49:F8:44:DD:4B:64:3A:AA:81:D1:6D:FF:9E:B6:77:86:8E
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/8R7LSfhE3UtkOqqB0W3_nrZ3ho4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:92:29:73:20:6a:92:db:90:db:b1:07:f8:b9:f8:b1:ad:c0:
         af:93:7c:8b:d0:19:ff:10:5d:77:d8:ec:d2:b8:7b:db:5f:89:
         15:86:5b:85:d6:2a:48:6a:74:f1:e0:7f:44:f9:80:65:03:fc:
         3d:e9:1d:f0:5a:47:0c:7d:21:c1:dc:c4:41:5a:e3:6b:15:97:
         e7:a6:76:56:3a:28:34:4e:9f:62:de:6a:c4:f9:14:2b:04:1e:
         0c:9a:87:ff:1f:3d:9a:7f:98:d3:ae:82:12:f8:97:90:82:a7:
         0a:76:49:18:e8:45:fa:3c:39:c8:84:4b:e3:b2:21:c5:8c:fa:
         e1:0e:a8:2f:18:50:55:0f:4f:1c:82:f0:40:4d:af:b1:f5:23:
         16:2f:d6:2b:88:5f:ad:ef:cf:8b:b1:0d:ce:ac:9a:78:7e:2d:
         59:f3:e9:e1:cd:23:4e:63:92:3b:43:54:c4:21:d5:ae:6e:64:
         58:49:7a:3f:b9:0b:fb:d1:f8:e5:19:6c:06:4d:18:39:f6:63:
         82:59:7f:26:b0:4f:55:f8:5a:43:2f:bb:21:a2:df:c9:2d:31:
         7d:2d:c0:e1:67:f8:b6:ec:83:03:3f:f7:f3:c6:14:1a:69:31:
         bc:38:e9:6d:fc:ed:83:26:90:e1:4b:02:e3:f6:97:0a:ce:c3:
         9b:2c:ad:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy5dDbOrLhitCJyM5EIP6zJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzA0MTUyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTFlY2I0OWY4NDRkZDRiNjQzYWFhODFkMTZkZmY5ZWI2Nzc4NjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdL5Am139rWmzpfAwbhTCHIZ9QdA
yhGk2oYGVXYKyiw7FTDakcxL5f050LvAkiGzVGHAOljAjMpA+xZ0jVBrJ5zk0eqo
L4ab69zrIQZC81X4CD1xhs08aNiFnb2E8e2OeZfpVUpGYsOevNNPbtOZdI2ouiZW
ieFRgD9fQxvw6gVqk+Ny7zq/7GoDEN21UpKZqoljd26uBYqZaiWjFafuJgQL4dLT
zZjsKG7hbyNvrSIZuXlw9eAOcF5WcEGCkTjCmX9curc+SC35H5WlIKbDbu3mOfqR
pB8/AWUJ698jLx4PR3m+IvxoY8ekNNY4j2IQraDtk7dosYqyDuKMvcC98wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEey0n4RN1LZDqqgdFt/562d4aOMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvOFI3TFNmaEUzVXRrT3FxQjBXM19uclozaG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7+MA0G
CSqGSIb3DQEBCwUAA4IBAQBukilzIGqS25DbsQf4ufixrcCvk3yL0Bn/EF132OzS
uHvbX4kVhluF1ipIanTx4H9E+YBlA/w96R3wWkcMfSHB3MRBWuNrFZfnpnZWOig0
Tp9i3mrE+RQrBB4Mmof/Hz2af5jTroIS+JeQgqcKdkkY6EX6PDnIhEvjsiHFjPrh
DqgvGFBVD08cgvBATa+x9SMWL9YriF+t78+LsQ3OrJp4fi1Z8+nhzSNOY5I7Q1TE
IdWubmRYSXo/uQv70fjlGWwGTRg59mOCWX8msE9V+FpDL7shot/JLTF9LcDhZ/i2
7IMDP/fzxhQaaTG8OOlt/O2DJpDhSwLj9pcKzsObLK3M
-----END CERTIFICATE-----