Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7NPy0TBib6YqodXS4FSZaSq2MCA.roa
File:                     7NPy0TBib6YqodXS4FSZaSq2MCA.roa (raw, json)
Hash identifier:          NstP8eF9MZEZ3PL1jwqIfbgq+K85Z6YS/Wp/NqX+HU8=
Subject key identifier:   EC:D3:F2:D1:30:62:6F:A6:2A:A1:D5:D2:E0:54:99:69:2A:B6:30:20
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197258139C947F75A5BDC6660C1D2DAA33E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7NPy0TBib6YqodXS4FSZaSq2MCA.roa
Signing time:             Sat 31 May 2025 08:41:55 +0000
ROA not before:           Sat 31 May 2025 08:41:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     266757
IP address blocks:        92.118.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:25:81:39:c9:47:f7:5a:5b:dc:66:60:c1:d2:da:a3:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 31 08:41:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecd3f2d130626fa62aa1d5d2e05499692ab63020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f0:4e:30:50:28:c7:7f:44:05:bb:8b:c3:18:
                    0e:87:67:ef:e9:8b:42:ca:0d:82:fa:a3:1e:41:c2:
                    1f:81:52:20:d4:a4:44:f3:e5:b4:1d:53:25:91:c6:
                    02:ee:73:3e:f7:42:f4:d4:7c:11:aa:a6:cf:eb:6c:
                    22:83:1d:e8:11:2e:ab:49:bf:2d:07:0d:96:ba:e1:
                    c1:2d:5e:ee:70:f8:ba:95:bf:1b:53:af:02:8a:43:
                    e3:a2:4a:98:53:f7:76:c0:e5:1f:e7:ec:27:ab:12:
                    51:aa:df:2c:e2:b8:3d:c7:4b:70:e0:1f:bb:1e:4d:
                    4e:a8:74:49:4c:6c:24:c8:a1:5f:1e:42:da:c1:a7:
                    5b:6f:a8:a4:bc:47:c7:97:40:ce:92:35:36:60:00:
                    05:9e:b9:bd:52:d1:d2:fb:f2:b6:09:e1:dd:26:1b:
                    19:41:00:c6:9f:4a:02:5a:8c:75:4e:8c:11:d7:ce:
                    8e:4a:26:d8:af:24:97:38:e5:81:dc:d2:93:e1:02:
                    32:56:7d:9d:de:ca:bd:17:8e:6a:df:17:cb:db:cd:
                    ae:fa:19:41:45:30:b6:4f:15:d1:d0:f6:c5:31:a9:
                    18:e1:53:96:0c:8e:fd:07:4b:15:8f:da:29:07:fc:
                    c2:cc:09:ec:c8:b1:f1:73:b1:94:24:6f:59:7b:8f:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D3:F2:D1:30:62:6F:A6:2A:A1:D5:D2:E0:54:99:69:2A:B6:30:20
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7NPy0TBib6YqodXS4FSZaSq2MCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f3:07:d9:9c:8f:e1:b5:5a:cb:d1:13:a0:89:58:8c:6c:2f:
         71:c8:07:09:39:f7:63:2b:14:d3:64:e3:b6:e5:0f:ff:ea:09:
         bf:14:e0:cb:d0:de:8f:19:44:8c:b2:9c:ea:06:e2:07:52:40:
         ce:bd:2c:23:a4:48:72:83:30:68:aa:d6:08:28:25:b9:20:01:
         59:50:55:16:aa:01:00:26:04:f7:55:06:48:a2:48:83:07:bb:
         1f:b8:f8:46:87:b8:3f:0c:7d:14:e1:b9:96:02:a1:38:ec:97:
         60:15:fe:97:c6:41:87:99:cf:5c:a7:4f:57:e6:0c:5a:cc:05:
         f5:a3:56:df:06:af:3b:0a:e1:ca:84:e2:a4:92:70:6c:ab:4c:
         b8:2e:cf:1d:82:ca:f9:54:2d:6b:05:22:0e:56:a5:d5:4b:37:
         f7:76:cc:7a:49:d1:1b:3a:ee:ec:84:0a:49:cc:2e:1b:d5:7c:
         66:47:eb:79:6c:88:b8:c8:9c:b4:45:ad:f2:66:5c:33:ad:7b:
         ec:93:47:49:dd:52:d1:44:3e:51:70:92:32:c0:68:71:65:25:
         b3:5f:9c:5e:fa:5f:1a:33:0e:f0:27:c3:59:42:90:e3:fc:bf:
         9a:96:0a:e1:7c:2d:de:07:8e:70:2b:ef:2e:92:b4:cb:c8:b4:
         70:f8:e2:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZclgTnJR/daW9xmYMHS2qM+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTMxMDg0MTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2QzZjJkMTMwNjI2ZmE2MmFhMWQ1ZDJlMDU0OTk2OTJhYjYzMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/BOMFAox39EBbuLwxgOh2fv6YtC
yg2C+qMeQcIfgVIg1KRE8+W0HVMlkcYC7nM+90L01HwRqqbP62wigx3oES6rSb8t
Bw2WuuHBLV7ucPi6lb8bU68CikPjokqYU/d2wOUf5+wnqxJRqt8s4rg9x0tw4B+7
Hk1OqHRJTGwkyKFfHkLawadbb6ikvEfHl0DOkjU2YAAFnrm9UtHS+/K2CeHdJhsZ
QQDGn0oCWox1TowR186OSibYrySXOOWB3NKT4QIyVn2d3sq9F45q3xfL282u+hlB
RTC2TxXR0PbFMakY4VOWDI79B0sVj9opB/zCzAnsyLHxc7GUJG9Ze4/f/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzT8tEwYm+mKqHV0uBUmWkqtjAgMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvN05QeTBUQmliNllxb2RYUzRGU1phU3EyTUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHa1MA0G
CSqGSIb3DQEBCwUAA4IBAQCA8wfZnI/htVrL0ROgiViMbC9xyAcJOfdjKxTTZOO2
5Q//6gm/FODL0N6PGUSMspzqBuIHUkDOvSwjpEhygzBoqtYIKCW5IAFZUFUWqgEA
JgT3VQZIokiDB7sfuPhGh7g/DH0U4bmWAqE47JdgFf6XxkGHmc9cp09X5gxazAX1
o1bfBq87CuHKhOKkknBsq0y4Ls8dgsr5VC1rBSIOVqXVSzf3dsx6SdEbOu7shApJ
zC4b1XxmR+t5bIi4yJy0Ra3yZlwzrXvsk0dJ3VLRRD5RcJIywGhxZSWzX5xe+l8a
Mw7wJ8NZQpDj/L+algrhfC3eB45wK+8ukrTLyLRw+OI0
-----END CERTIFICATE-----