Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M8bMB2QKSM425kLjRVO2Mv1OLJ0.roa
File:                     M8bMB2QKSM425kLjRVO2Mv1OLJ0.roa (raw, json)
Hash identifier:          p7RpCCMMldWNLmjHFuK8nMdCoRWEH97iMYohSON6X1g=
Subject key identifier:   33:C6:CC:07:64:0A:48:CE:36:E6:42:E3:45:53:B6:32:FD:4E:2C:9D
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01973F48B14D9FBED42C41F1A5E50E8B8FDD
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M8bMB2QKSM425kLjRVO2Mv1OLJ0.roa
Signing time:             Thu 05 Jun 2025 08:50:18 +0000
ROA not before:           Thu 05 Jun 2025 08:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30456
IP address blocks:        92.62.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:48:b1:4d:9f:be:d4:2c:41:f1:a5:e5:0e:8b:8f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jun  5 08:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33c6cc07640a48ce36e642e34553b632fd4e2c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ab:cf:c3:47:0e:35:be:32:0f:6d:d2:04:78:
                    10:7b:06:ba:75:16:44:b9:a4:03:00:fd:8b:95:48:
                    79:61:06:c2:3f:cc:1b:05:b2:a9:87:80:59:f0:8f:
                    6d:a9:eb:66:3f:28:04:48:bb:03:4a:28:c2:af:1c:
                    1e:54:58:7a:5c:6c:db:54:73:bb:3a:c9:f1:0a:88:
                    89:76:18:2e:48:be:73:53:53:1b:21:7c:6c:0c:8e:
                    69:77:d8:9c:4b:c1:28:5c:c7:22:77:9c:45:0d:d4:
                    6e:a0:3e:b5:4f:a7:56:11:98:71:23:a7:94:25:44:
                    32:d8:9d:0e:1e:b8:5b:8d:dd:1a:07:61:55:4e:41:
                    61:e8:92:5e:5f:89:83:d4:b8:70:a6:b1:d9:60:a3:
                    36:79:b6:ae:0d:aa:f3:1c:84:2a:c5:ad:ad:78:c0:
                    59:ea:a8:93:cb:72:0c:9a:fa:96:d6:35:b1:6f:73:
                    a7:fc:b5:18:bf:e2:32:ff:09:23:9e:07:c9:2d:98:
                    f2:0b:01:09:5f:a9:0b:2a:a9:15:8b:c3:8c:7c:9b:
                    5d:be:18:48:a0:14:c7:d9:87:e9:1f:a0:f1:a8:41:
                    3e:e8:fc:d6:73:9c:99:67:bc:17:ff:95:2c:1c:2f:
                    a6:b2:33:bd:a2:56:7b:fa:91:6e:38:50:1b:25:d6:
                    f9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C6:CC:07:64:0A:48:CE:36:E6:42:E3:45:53:B6:32:FD:4E:2C:9D
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M8bMB2QKSM425kLjRVO2Mv1OLJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:fc:3f:0e:73:9c:8c:7b:6d:6a:83:e3:40:0f:00:7e:ef:0c:
         08:c8:1c:ef:25:0a:3a:ba:9f:47:f6:1f:2d:72:f0:1c:3d:c5:
         16:ba:8d:47:56:8b:85:65:ad:17:30:66:a9:3b:66:3c:44:bb:
         d5:94:88:6a:71:d7:89:da:17:00:8a:eb:b8:7a:b7:d0:ee:75:
         0b:8f:86:02:04:6a:1c:15:95:49:a6:a8:56:db:62:63:58:a6:
         db:a8:05:20:5a:33:c1:ed:f6:c3:e1:99:3b:39:3a:5c:0b:5d:
         d8:27:65:ec:99:78:0e:54:f6:28:fa:ff:1b:a3:34:45:9e:b7:
         2f:43:c5:8e:f9:7c:9a:4d:47:fa:86:64:b5:60:f3:1d:6c:5f:
         c2:f6:b7:96:b4:c8:ee:03:23:57:af:5d:3f:a5:e6:01:ea:cb:
         28:dc:b6:74:3b:c0:97:c5:dc:54:c4:c6:62:9c:09:37:30:18:
         8e:cf:82:97:36:47:70:7a:45:de:39:f5:68:01:d2:34:57:86:
         3d:2e:a6:54:46:16:79:6b:a2:48:a0:ef:70:f7:ec:33:66:d9:
         2e:eb:e5:62:72:f6:ef:e7:f8:a7:f8:46:ab:07:c6:6c:f2:2b:
         f3:1b:7f:97:41:ed:27:ed:1f:4a:68:88:d1:9e:e6:c8:b5:af:
         9f:8f:c8:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/SLFNn77ULEHxpeUOi4/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNjA1MDg1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2M2Y2MwNzY0MGE0OGNlMzZlNjQyZTM0NTUzYjYzMmZkNGUyYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkavPw0cONb4yD23SBHgQewa6dRZE
uaQDAP2LlUh5YQbCP8wbBbKph4BZ8I9tqetmPygESLsDSijCrxweVFh6XGzbVHO7
OsnxCoiJdhguSL5zU1MbIXxsDI5pd9icS8EoXMcid5xFDdRuoD61T6dWEZhxI6eU
JUQy2J0OHrhbjd0aB2FVTkFh6JJeX4mD1LhwprHZYKM2ebauDarzHIQqxa2teMBZ
6qiTy3IMmvqW1jWxb3On/LUYv+Iy/wkjngfJLZjyCwEJX6kLKqkVi8OMfJtdvhhI
oBTH2YfpH6DxqEE+6PzWc5yZZ7wX/5UsHC+msjO9olZ7+pFuOFAbJdb5UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPGzAdkCkjONuZC40VTtjL9TiydMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvTThiTUIyUUtTTTQyNWtMalJWTzJNdjFPTEowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD73MA0G
CSqGSIb3DQEBCwUAA4IBAQAj/D8Oc5yMe21qg+NADwB+7wwIyBzvJQo6up9H9h8t
cvAcPcUWuo1HVouFZa0XMGapO2Y8RLvVlIhqcdeJ2hcAiuu4erfQ7nULj4YCBGoc
FZVJpqhW22JjWKbbqAUgWjPB7fbD4Zk7OTpcC13YJ2XsmXgOVPYo+v8bozRFnrcv
Q8WO+XyaTUf6hmS1YPMdbF/C9reWtMjuAyNXr10/peYB6sso3LZ0O8CXxdxUxMZi
nAk3MBiOz4KXNkdwekXeOfVoAdI0V4Y9LqZURhZ5a6JIoO9w9+wzZtku6+Vicvbv
5/in+EarB8Zs8ivzG3+XQe0n7R9KaIjRnubIta+fj8ik
-----END CERTIFICATE-----