Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/vnzMzh2cQHm0Lys-suLZiDHDQ8A.roa
File:                     vnzMzh2cQHm0Lys-suLZiDHDQ8A.roa (raw, json)
Hash identifier:          R9SbPATXxScQWUAkTRPu9oq7L8jHGUzOG3svKZG10/8=
Subject key identifier:   BE:7C:CC:CE:1D:9C:40:79:B4:2F:2B:3E:B2:E2:D9:88:31:C3:43:C0
Certificate issuer:       /CN=7d0ac334438a53d18ae40efc9368768b931cfac2
Certificate serial:       0198F67CE2C5111B16AC2169259BFCCA24F5
Authority key identifier: 7D:0A:C3:34:43:8A:53:D1:8A:E4:0E:FC:93:68:76:8B:93:1C:FA:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/vnzMzh2cQHm0Lys-suLZiDHDQ8A.roa
Signing time:             Fri 29 Aug 2025 15:40:36 +0000
ROA not before:           Fri 29 Aug 2025 15:40:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        45.92.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f6:7c:e2:c5:11:1b:16:ac:21:69:25:9b:fc:ca:24:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0ac334438a53d18ae40efc9368768b931cfac2
        Validity
            Not Before: Aug 29 15:40:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be7cccce1d9c4079b42f2b3eb2e2d98831c343c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:24:4a:d1:56:88:9d:6a:19:72:52:00:60:
                    ec:1b:79:1f:2f:79:fa:e1:8b:ba:52:97:77:9f:53:
                    39:fc:f3:34:cd:3c:43:09:f2:85:eb:ee:62:4f:61:
                    a8:b4:c7:e1:ea:9e:9e:04:4d:48:e8:6b:3d:aa:5f:
                    86:07:6f:b9:98:64:62:89:b8:99:fd:63:45:a4:10:
                    81:63:c8:e0:6b:a8:c2:32:25:05:98:4f:78:37:51:
                    26:96:73:e6:a7:9b:5c:db:df:71:03:12:58:be:b8:
                    bc:ef:d3:d5:43:63:07:77:de:7c:2e:f3:24:b1:17:
                    30:8a:5d:6c:4a:c4:7d:27:6f:0e:e8:bf:24:23:0c:
                    fa:3d:58:5c:d9:fc:0d:9e:fc:86:b3:00:46:fa:30:
                    f5:28:dc:1a:76:d9:9f:92:0e:a3:90:00:11:d1:03:
                    2c:46:81:fb:8c:a9:49:ed:f0:04:3f:56:9a:a3:85:
                    a0:0c:ee:8d:ff:82:5c:29:63:a1:9f:05:5f:e0:13:
                    79:fd:72:11:73:a9:7b:31:7e:28:02:5c:09:c9:4d:
                    36:e8:93:71:65:55:2d:9f:b3:37:d8:55:36:e3:e4:
                    ec:3f:d4:27:94:84:5b:6b:0c:bc:2a:f7:10:3c:6d:
                    9c:37:b4:ae:9a:35:ea:db:a2:aa:26:4a:3c:ec:8e:
                    fd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7C:CC:CE:1D:9C:40:79:B4:2F:2B:3E:B2:E2:D9:88:31:C3:43:C0
            X509v3 Authority Key Identifier:
                keyid:7D:0A:C3:34:43:8A:53:D1:8A:E4:0E:FC:93:68:76:8B:93:1C:FA:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/vnzMzh2cQHm0Lys-suLZiDHDQ8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:dd:bb:05:e2:ef:fd:86:35:22:2c:29:04:ef:de:39:43:8d:
         af:53:f4:cf:8a:9a:99:01:06:ec:19:35:93:b3:34:1e:f8:2f:
         95:07:f3:02:58:0e:07:be:b1:2e:74:6d:c4:60:2d:48:6e:f3:
         71:d8:2b:37:ac:2a:67:9b:d9:5f:f5:29:e5:95:74:00:a1:f0:
         de:2b:62:53:aa:9e:54:89:dc:35:3d:40:80:81:30:d7:04:38:
         50:6c:c0:be:8a:54:36:64:18:09:6a:d5:98:92:2a:eb:f0:7d:
         d3:1b:d8:a5:4d:cf:78:87:ac:e5:c2:92:70:ff:c5:b1:89:54:
         9e:1f:e8:d1:b7:5c:ae:8d:fa:e5:cb:08:a3:79:19:be:e0:c5:
         b8:50:2e:27:5b:52:fb:ec:cc:f1:a6:7b:ae:8e:09:07:c4:9b:
         13:a7:23:78:a9:52:83:9f:76:d0:58:aa:1b:7a:a8:98:b8:1c:
         16:2f:23:4c:0d:dc:03:9a:dc:14:af:67:df:55:1f:4b:d8:fb:
         62:ac:53:41:a7:e7:ff:e6:65:d1:e8:86:6d:4b:fb:11:f2:df:
         2c:75:81:51:90:dc:91:62:cb:6d:27:1a:96:29:d0:ef:98:83:
         cb:90:5d:c2:ee:88:f8:93:b4:fa:de:4d:b9:45:7f:b3:ed:6d:
         a6:10:eb:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj2fOLFERsWrCFpJZv8yiT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMGFjMzM0NDM4YTUzZDE4YWU0MGVmYzkzNjg3NjhiOTMx
Y2ZhYzIwHhcNMjUwODI5MTU0MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdjY2NjZTFkOWM0MDc5YjQyZjJiM2ViMmUyZDk4ODMxYzM0M2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFwkStFWiJ1qGXJSAGDsG3kfL3n6
4Yu6Upd3n1M5/PM0zTxDCfKF6+5iT2GotMfh6p6eBE1I6Gs9ql+GB2+5mGRiibiZ
/WNFpBCBY8jga6jCMiUFmE94N1EmlnPmp5tc299xAxJYvri879PVQ2MHd958LvMk
sRcwil1sSsR9J28O6L8kIwz6PVhc2fwNnvyGswBG+jD1KNwadtmfkg6jkAAR0QMs
RoH7jKlJ7fAEP1aao4WgDO6N/4JcKWOhnwVf4BN5/XIRc6l7MX4oAlwJyU026JNx
ZVUtn7M32FU24+TsP9QnlIRbawy8KvcQPG2cN7SumjXq26KqJko87I79pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL58zM4dnEB5tC8rPrLi2Ygxw0PAMB8GA1UdIwQY
MBaAFH0KwzRDilPRiuQO/JNodouTHPrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFyRE5FT0tVOUdLNUE3OGsyaDJpNU1jLXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9mMjZmZDEtYjM3NS00MjZjLWFmNzkt
YjUxOWIxMzFiZjg1LzEvdm56TXpoMmNRSG0wTHlzLXN1TFppREhEUThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9mMjZmZDEtYjM3NS00MjZjLWFmNzktYjUxOWIxMzFiZjg1
LzEvZlFyRE5FT0tVOUdLNUE3OGsyaDJpNU1jLXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVyIMA0G
CSqGSIb3DQEBCwUAA4IBAQCc3bsF4u/9hjUiLCkE7945Q42vU/TPipqZAQbsGTWT
szQe+C+VB/MCWA4HvrEudG3EYC1IbvNx2Cs3rCpnm9lf9SnllXQAofDeK2JTqp5U
idw1PUCAgTDXBDhQbMC+ilQ2ZBgJatWYkirr8H3TG9ilTc94h6zlwpJw/8WxiVSe
H+jRt1yujfrlywijeRm+4MW4UC4nW1L77MzxpnuujgkHxJsTpyN4qVKDn3bQWKob
eqiYuBwWLyNMDdwDmtwUr2ffVR9L2PtirFNBp+f/5mXR6IZtS/sR8t8sdYFRkNyR
YsttJxqWKdDvmIPLkF3C7oj4k7T63k25RX+z7W2mEOtH
-----END CERTIFICATE-----