Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/HN-sxkXhsPARhEyjcxF2VA5ULns.roa
File:                     HN-sxkXhsPARhEyjcxF2VA5ULns.roa (raw, json)
Hash identifier:          XKKXt3nQtVRf5U2SzwHGZlsTijL5Olvfsj7LyZpSgu0=
Subject key identifier:   1C:DF:AC:C6:45:E1:B0:F0:11:84:4C:A3:73:11:76:54:0E:54:2E:7B
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0199157B930C9F0A88C06EC512CCB731F73E
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/HN-sxkXhsPARhEyjcxF2VA5ULns.roa
Signing time:             Thu 04 Sep 2025 16:07:24 +0000
ROA not before:           Thu 04 Sep 2025 16:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13527
IP address blocks:        92.62.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:7b:93:0c:9f:0a:88:c0:6e:c5:12:cc:b7:31:f7:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Sep  4 16:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cdfacc645e1b0f011844ca3731176540e542e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1c:d8:9d:d8:8b:9d:f2:2c:79:67:28:7e:25:
                    57:af:a8:c0:2f:57:24:ca:d6:b2:d2:1b:c2:8f:3e:
                    02:d0:0a:c8:bd:97:f0:ad:ad:89:93:23:f7:dd:9c:
                    8f:b3:05:9d:de:3d:e0:af:04:ae:3d:d9:f7:4a:a4:
                    ef:ab:a3:c9:ff:0d:d7:d8:d4:af:30:c1:43:b7:4f:
                    98:90:c2:c5:9f:7a:3a:cb:df:eb:da:10:a8:e7:4e:
                    cf:08:73:92:60:db:f5:7f:52:29:08:59:a2:9d:79:
                    0c:82:a2:63:e4:22:c2:2e:53:4c:ea:c7:29:3c:33:
                    4c:50:26:45:1c:c1:68:fb:3d:5d:87:7a:ba:56:ad:
                    22:7c:22:7f:fb:fa:cf:63:0e:13:e4:1b:cd:41:5d:
                    6e:44:47:e8:7c:1f:6e:de:40:12:db:63:f4:05:da:
                    64:21:94:1c:df:16:85:cc:57:77:c6:f1:20:9b:48:
                    ed:94:7d:e4:c9:3b:ea:d7:8e:df:65:57:27:84:39:
                    55:c8:57:29:43:f2:44:fb:ce:53:20:62:c9:75:67:
                    b3:2e:d6:cf:da:12:85:1c:c9:5c:49:d4:90:dc:fb:
                    5d:38:85:19:f8:99:bd:52:94:16:ac:b1:a9:4e:8c:
                    23:6d:f8:b5:00:b5:16:a5:a2:83:17:ce:2e:ca:d0:
                    56:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DF:AC:C6:45:E1:B0:F0:11:84:4C:A3:73:11:76:54:0E:54:2E:7B
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/HN-sxkXhsPARhEyjcxF2VA5ULns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:8b:5d:46:61:6a:5d:f0:e3:df:19:cf:51:6b:10:84:ed:80:
         3a:8b:77:62:03:18:07:ab:21:0a:4b:20:83:79:5c:00:f6:27:
         91:ee:bd:81:a4:d6:df:0a:08:f4:6d:86:eb:c6:21:ab:4b:87:
         be:d0:12:90:56:55:b0:6f:bc:d7:80:a4:cc:9b:43:3f:0c:b6:
         05:cd:48:04:58:e4:2a:cc:2c:53:ac:9f:a3:de:da:f3:2b:0a:
         16:be:e2:a1:b1:c6:2e:19:f1:3e:e7:ad:16:47:e5:20:d3:cf:
         1e:66:7f:24:95:13:84:6d:a8:5b:bb:e3:16:3c:46:4f:17:74:
         2b:75:8a:43:4d:d6:60:d0:49:b7:f2:05:27:4c:7f:66:36:c0:
         a0:97:b5:e3:83:fa:46:06:a1:bf:cb:ff:f2:77:1b:4e:7a:74:
         84:44:c4:4e:d5:a1:14:4b:ac:ea:9b:aa:44:3f:ad:88:9a:87:
         48:7c:78:26:8a:fc:3e:4f:0e:4e:fe:03:22:ee:a4:4d:76:06:
         1c:9a:12:b7:5d:18:cc:5c:7d:3a:d8:98:3e:a0:00:fc:ca:8d:
         8d:22:26:2b:82:da:9e:25:e8:05:50:66:13:15:10:86:3e:0b:
         7b:1f:a0:7f:8f:a8:65:16:68:3f:a8:d3:13:ae:48:a8:ba:6b:
         64:37:a3:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVe5MMnwqIwG7FEsy3Mfc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwOTA0MTYwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2RmYWNjNjQ1ZTFiMGYwMTE4NDRjYTM3MzExNzY1NDBlNTQyZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBzYndiLnfIseWcofiVXr6jAL1ck
ytay0hvCjz4C0ArIvZfwra2JkyP33ZyPswWd3j3grwSuPdn3SqTvq6PJ/w3X2NSv
MMFDt0+YkMLFn3o6y9/r2hCo507PCHOSYNv1f1IpCFminXkMgqJj5CLCLlNM6scp
PDNMUCZFHMFo+z1dh3q6Vq0ifCJ/+/rPYw4T5BvNQV1uREfofB9u3kAS22P0Bdpk
IZQc3xaFzFd3xvEgm0jtlH3kyTvq147fZVcnhDlVyFcpQ/JE+85TIGLJdWezLtbP
2hKFHMlcSdSQ3PtdOIUZ+Jm9UpQWrLGpTowjbfi1ALUWpaKDF84uytBWdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzfrMZF4bDwEYRMo3MRdlQOVC57MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvSE4tc3hrWGhzUEFSaEV5amN4RjJWQTVVTG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7+MA0G
CSqGSIb3DQEBCwUAA4IBAQBTi11GYWpd8OPfGc9RaxCE7YA6i3diAxgHqyEKSyCD
eVwA9ieR7r2BpNbfCgj0bYbrxiGrS4e+0BKQVlWwb7zXgKTMm0M/DLYFzUgEWOQq
zCxTrJ+j3trzKwoWvuKhscYuGfE+560WR+Ug088eZn8klROEbahbu+MWPEZPF3Qr
dYpDTdZg0Em38gUnTH9mNsCgl7Xjg/pGBqG/y//ydxtOenSERMRO1aEUS6zqm6pE
P62ImodIfHgmivw+Tw5O/gMi7qRNdgYcmhK3XRjMXH062Jg+oAD8yo2NIiYrgtqe
JegFUGYTFRCGPgt7H6B/j6hlFmg/qNMTrkioumtkN6Pi
-----END CERTIFICATE-----