Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/IqfYIzlv9tSOLjBO29wjSPGgm9k.roa
File:                     IqfYIzlv9tSOLjBO29wjSPGgm9k.roa (raw, json)
Hash identifier:          Ruia2gPByc9AoUath3+WUWMFKonyFU90I/aPuiikJtc=
Subject key identifier:   22:A7:D8:23:39:6F:F6:D4:8E:2E:30:4E:DB:DC:23:48:F1:A0:9B:D9
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019744CC6E9DA1E15D5C17028781CD802667
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/IqfYIzlv9tSOLjBO29wjSPGgm9k.roa
Signing time:             Fri 06 Jun 2025 10:32:17 +0000
ROA not before:           Fri 06 Jun 2025 10:32:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        92.62.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:cc:6e:9d:a1:e1:5d:5c:17:02:87:81:cd:80:26:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jun  6 10:32:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22a7d823396ff6d48e2e304edbdc2348f1a09bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:73:78:b4:44:4e:7b:65:5e:bd:58:a5:0a:
                    e6:8e:1b:42:4a:2a:65:fd:c1:97:b5:f6:ce:ef:4d:
                    f8:b2:e5:78:b5:7a:f8:45:4e:f6:1b:ec:c9:29:b7:
                    69:3f:ff:7f:bc:61:72:33:1a:ab:0c:40:f8:70:d8:
                    32:61:9b:84:25:15:a9:75:32:1b:02:d8:9b:f5:bb:
                    23:b3:a9:fb:ab:a1:ac:be:5e:97:a2:76:84:49:80:
                    65:38:ad:08:6f:88:4c:c9:57:17:6f:62:ef:24:d3:
                    3f:89:6d:54:1b:eb:db:60:73:a6:5a:94:4e:8e:2f:
                    59:ab:ca:4c:08:34:5f:64:ab:98:e1:b3:1c:05:0c:
                    d6:41:1f:7e:ea:b6:ea:bc:37:41:80:81:ff:11:fa:
                    90:7a:11:db:d7:71:fd:c4:c7:0e:6f:c0:84:6d:f4:
                    56:01:e2:e7:d4:09:84:05:b6:26:eb:1e:0a:77:05:
                    35:33:e8:21:07:13:d0:9b:e4:48:75:0c:6c:25:2f:
                    c1:12:3d:e5:bd:53:62:d8:0c:a2:2a:d0:62:34:2d:
                    f4:ce:86:41:06:fe:0a:22:a0:59:8d:84:ec:f3:8e:
                    a2:fa:91:c5:82:11:72:db:ee:a6:08:f3:a1:dc:07:
                    94:05:07:9f:b6:cd:f2:df:93:19:fd:1d:8b:82:6b:
                    fb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A7:D8:23:39:6F:F6:D4:8E:2E:30:4E:DB:DC:23:48:F1:A0:9B:D9
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/IqfYIzlv9tSOLjBO29wjSPGgm9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:9c:d8:1a:54:a6:1a:d0:13:f2:8d:aa:0f:70:43:5c:2d:7e:
         77:7c:28:26:9e:50:86:2d:27:67:5e:00:72:a2:be:7d:a1:17:
         cf:1c:f3:e7:7c:0a:e6:8c:34:27:57:d0:79:66:19:16:73:3f:
         95:0e:b9:ec:e2:77:ce:0b:4a:d2:20:5a:6c:72:e5:95:41:b9:
         57:fe:3c:86:e7:fd:31:99:1d:98:f5:97:d7:4d:73:1d:b4:41:
         95:3b:a7:2d:b2:f3:7b:a8:85:c8:8c:fc:8e:2b:7a:26:12:af:
         66:aa:77:85:0e:9b:b1:9d:06:d5:e3:fd:95:8f:fb:12:a8:71:
         04:1f:0f:16:69:3b:45:3e:4b:5b:86:d0:13:c8:78:d7:b6:58:
         70:ea:5d:05:0b:1f:c0:f6:78:b3:46:80:05:39:1f:ef:7a:2b:
         a0:a2:ca:7c:61:2f:30:dc:4e:89:7a:70:94:ee:be:45:62:7e:
         ea:2e:7d:b6:ed:d4:10:94:bb:d7:63:e9:9b:60:6c:df:ba:58:
         99:0f:c9:64:7a:fe:16:ed:75:fb:8e:f8:23:9b:ce:4b:86:b1:
         23:02:09:16:38:68:2b:73:70:36:d4:c3:9a:e8:13:2f:33:3a:
         dc:9c:44:1d:0e:62:4f:03:ad:14:ae:b0:0f:69:22:5b:ab:28:
         b2:4c:53:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdEzG6doeFdXBcCh4HNgCZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNjA2MTAzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE3ZDgyMzM5NmZmNmQ0OGUyZTMwNGVkYmRjMjM0OGYxYTA5YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/5zeLRETntlXr1YpQrmjhtCSipl
/cGXtfbO7034suV4tXr4RU72G+zJKbdpP/9/vGFyMxqrDED4cNgyYZuEJRWpdTIb
Atib9bsjs6n7q6Gsvl6XonaESYBlOK0Ib4hMyVcXb2LvJNM/iW1UG+vbYHOmWpRO
ji9Zq8pMCDRfZKuY4bMcBQzWQR9+6rbqvDdBgIH/EfqQehHb13H9xMcOb8CEbfRW
AeLn1AmEBbYm6x4KdwU1M+ghBxPQm+RIdQxsJS/BEj3lvVNi2AyiKtBiNC30zoZB
Bv4KIqBZjYTs846i+pHFghFy2+6mCPOh3AeUBQefts3y35MZ/R2Lgmv70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKn2CM5b/bUji4wTtvcI0jxoJvZMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvSXFmWUl6bHY5dFNPTGpCTzI5d2pTUEdnbTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD72MA0G
CSqGSIb3DQEBCwUAA4IBAQBWnNgaVKYa0BPyjaoPcENcLX53fCgmnlCGLSdnXgBy
or59oRfPHPPnfArmjDQnV9B5ZhkWcz+VDrns4nfOC0rSIFpscuWVQblX/jyG5/0x
mR2Y9ZfXTXMdtEGVO6ctsvN7qIXIjPyOK3omEq9mqneFDpuxnQbV4/2Vj/sSqHEE
Hw8WaTtFPktbhtATyHjXtlhw6l0FCx/A9nizRoAFOR/veiugosp8YS8w3E6JenCU
7r5FYn7qLn227dQQlLvXY+mbYGzfuliZD8lkev4W7XX7jvgjm85LhrEjAgkWOGgr
c3A21MOa6BMvMzrcnEQdDmJPA60UrrAPaSJbqyiyTFOq
-----END CERTIFICATE-----