Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/92bun2tsOlqTzcyAib4vRWOWAJI.roa
File:                     92bun2tsOlqTzcyAib4vRWOWAJI.roa (raw, json)
Hash identifier:          qog6NgchB+Qp5J4zX/jN9xXAIWVyWEQCgqHENX4xl4I=
Subject key identifier:   F7:66:EE:9F:6B:6C:3A:5A:93:CD:CC:80:89:BE:2F:45:63:96:00:92
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       0198FA37C76B349388DCD2176F47B6800997
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/92bun2tsOlqTzcyAib4vRWOWAJI.roa
Signing time:             Sat 30 Aug 2025 09:03:36 +0000
ROA not before:           Sat 30 Aug 2025 09:03:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203162
IP address blocks:        146.19.104.0/24 maxlen: 24
                          185.229.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 15:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fa:37:c7:6b:34:93:88:dc:d2:17:6f:47:b6:80:09:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Aug 30 09:03:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f766ee9f6b6c3a5a93cdcc8089be2f4563960092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:03:17:c0:f3:2d:15:91:2a:76:5d:7d:db:f0:
                    37:15:a4:db:cf:45:6f:d2:f1:fb:4d:f1:e9:49:dc:
                    6e:4b:00:27:af:d8:b6:61:c3:cc:ba:79:db:7b:b0:
                    46:bc:80:e9:77:10:0c:dc:05:c1:c9:3a:5b:dd:22:
                    4a:f3:16:a7:cb:24:ca:a7:a9:e5:ca:12:98:7e:99:
                    71:31:fe:15:3c:75:55:90:46:b4:a1:c8:6d:ed:3b:
                    94:0c:36:22:b2:59:01:20:d4:05:8f:16:7e:79:b4:
                    6f:5f:b2:74:61:74:7d:0c:c0:37:0b:15:3a:9a:45:
                    d5:9e:f6:8f:14:be:0a:bf:62:28:66:0b:25:8c:13:
                    c6:a9:30:b0:49:bf:3e:a7:e9:8c:b2:d5:d5:65:35:
                    1c:41:19:00:08:1b:0e:9f:bf:15:8b:8d:52:cc:e6:
                    fd:27:96:c0:0e:3a:84:a0:3b:4d:99:a0:73:76:1d:
                    fe:32:3b:15:ad:54:65:96:7e:ed:60:bb:cd:8a:28:
                    b1:51:69:5a:b4:7a:4f:56:01:6a:d8:e0:a6:23:e0:
                    ed:13:23:4c:60:f8:9d:5c:2b:1c:ee:d9:db:a0:a7:
                    c9:7f:42:69:20:11:64:95:2c:aa:2e:94:dc:62:67:
                    38:7a:28:9c:36:4c:2f:76:9c:df:dd:85:7f:b4:71:
                    86:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:66:EE:9F:6B:6C:3A:5A:93:CD:CC:80:89:BE:2F:45:63:96:00:92
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/92bun2tsOlqTzcyAib4vRWOWAJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.104.0/24
                  185.229.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:83:d2:c0:85:67:7f:08:86:a8:89:7d:71:9e:db:2b:04:e0:
         d6:a7:90:06:f9:dc:7e:cb:15:f1:b9:ce:ea:95:15:21:0e:f4:
         cb:39:62:55:38:77:f5:11:a1:c9:2e:0b:d5:b7:b0:b9:09:cf:
         26:5a:10:5d:ff:23:7d:ce:54:ab:37:7a:ba:de:74:10:d6:95:
         33:98:b1:90:6a:c2:d9:f1:23:c1:b5:69:a2:a2:45:68:02:f3:
         fd:b1:76:21:b9:4a:6e:06:90:2a:59:fd:a0:72:07:a0:66:c2:
         a6:cd:db:7c:9c:a1:ae:33:21:b3:f2:e7:f6:f6:8b:e2:a2:89:
         4d:01:91:01:5b:7c:f3:0f:b3:c4:13:84:c9:27:a1:8c:bd:5a:
         13:8c:a2:5c:1d:df:09:05:4d:62:84:28:a3:bb:55:e0:de:fa:
         a2:15:8e:0e:a5:e4:06:6c:78:8a:45:ca:26:37:51:dc:37:cc:
         6f:9b:95:ea:a8:dd:b5:14:79:a5:a5:a5:c7:11:0e:23:b2:36:
         e2:c0:5b:0b:80:51:0b:0e:da:8a:e5:aa:9f:21:35:f0:04:cb:
         da:e3:6b:95:7a:c5:ec:29:e3:3f:f9:15:b2:96:f4:da:18:39:
         72:43:d9:90:6e:66:bc:c3:75:dd:62:f5:cf:35:17:46:8b:72:
         c1:c9:4e:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj6N8drNJOI3NIXb0e2gAmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjUwODMwMDkwMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzY2ZWU5ZjZiNmMzYTVhOTNjZGNjODA4OWJlMmY0NTYzOTYwMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwMXwPMtFZEqdl192/A3FaTbz0Vv
0vH7TfHpSdxuSwAnr9i2YcPMunnbe7BGvIDpdxAM3AXByTpb3SJK8xanyyTKp6nl
yhKYfplxMf4VPHVVkEa0ocht7TuUDDYislkBINQFjxZ+ebRvX7J0YXR9DMA3CxU6
mkXVnvaPFL4Kv2IoZgsljBPGqTCwSb8+p+mMstXVZTUcQRkACBsOn78Vi41SzOb9
J5bADjqEoDtNmaBzdh3+MjsVrVRlln7tYLvNiiixUWlatHpPVgFq2OCmI+DtEyNM
YPidXCsc7tnboKfJf0JpIBFklSyqLpTcYmc4eiicNkwvdpzf3YV/tHGGzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPdm7p9rbDpak83MgIm+L0VjlgCSMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvOTJidW4ydHNPbHFUemN5QWliNHZSV09XQUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhNoAwQA
ueWHMA0GCSqGSIb3DQEBCwUAA4IBAQA5g9LAhWd/CIaoiX1xntsrBODWp5AG+dx+
yxXxuc7qlRUhDvTLOWJVOHf1EaHJLgvVt7C5Cc8mWhBd/yN9zlSrN3q63nQQ1pUz
mLGQasLZ8SPBtWmiokVoAvP9sXYhuUpuBpAqWf2gcgegZsKmzdt8nKGuMyGz8uf2
9ovioolNAZEBW3zzD7PEE4TJJ6GMvVoTjKJcHd8JBU1ihCiju1Xg3vqiFY4OpeQG
bHiKRcomN1HcN8xvm5XqqN21FHmlpaXHEQ4jsjbiwFsLgFELDtqK5aqfITXwBMva
42uVesXsKeM/+RWylvTaGDlyQ9mQbma8w3XdYvXPNRdGi3LByU4O
-----END CERTIFICATE-----