Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/d5-pkB3Ay6XEnASQ842eqa4zFQk.roa
File:                     d5-pkB3Ay6XEnASQ842eqa4zFQk.roa (raw, json)
Hash identifier:          L45Bt9lWf+G6vwKrnrElP/rJXXbR6PzfYe43SPRGryg=
Subject key identifier:   77:9F:A9:90:1D:C0:CB:A5:C4:9C:04:90:F3:8D:9E:A9:AE:33:15:09
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       019A5882CA3A634B3820DFC3D33F56AD9D1F
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/d5-pkB3Ay6XEnASQ842eqa4zFQk.roa
Signing time:             Thu 06 Nov 2025 09:32:37 +0000
ROA not before:           Thu 06 Nov 2025 09:32:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205031
IP address blocks:        92.235.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:58:82:ca:3a:63:4b:38:20:df:c3:d3:3f:56:ad:9d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Nov  6 09:32:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=779fa9901dc0cba5c49c0490f38d9ea9ae331509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e3:57:af:d1:b1:00:76:aa:e3:52:6b:9f:bd:
                    3b:4f:c6:3a:22:53:28:0f:41:10:0d:f6:49:0c:81:
                    20:ca:60:db:97:ef:dd:52:8e:47:20:b3:0a:7d:c0:
                    38:39:c2:9e:60:d1:9f:51:b9:d3:0b:12:a7:50:e9:
                    2d:ca:56:77:d7:aa:27:84:0b:4d:56:47:7e:95:f5:
                    85:5f:7b:2e:4b:f7:b8:58:4c:c5:13:d4:33:4b:21:
                    be:46:14:98:ba:98:b2:63:df:89:04:49:f0:90:38:
                    1e:ab:24:c4:b0:df:69:0e:f9:09:e7:75:18:ab:2f:
                    65:93:80:3a:5c:90:52:33:09:7c:07:44:3f:bf:28:
                    bc:05:8d:c1:f3:b8:f4:c3:e9:17:69:23:ce:c0:9f:
                    b1:52:20:7a:ff:7a:45:12:79:0b:34:d3:96:ca:b1:
                    06:b8:15:b1:61:28:9a:c3:5f:3b:ad:a4:29:c6:79:
                    68:be:0d:c4:b0:bf:7a:5c:d1:84:f3:10:10:c0:df:
                    62:d5:89:20:c8:9a:40:ef:94:21:ef:24:50:81:24:
                    04:3a:20:f5:6f:04:ce:b6:91:c5:eb:39:c8:ae:ce:
                    57:fc:b9:d8:76:7a:92:20:0a:2f:3e:ac:35:16:71:
                    87:85:62:4f:a1:75:ce:98:32:69:47:68:7c:dc:89:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9F:A9:90:1D:C0:CB:A5:C4:9C:04:90:F3:8D:9E:A9:AE:33:15:09
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/d5-pkB3Ay6XEnASQ842eqa4zFQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.235.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:5d:fb:de:54:a5:1c:38:9f:db:d4:ea:0f:d5:81:2d:53:98:
         e9:67:a8:66:d4:8a:f0:60:54:1a:52:fb:d9:c0:c6:ff:3e:00:
         3f:27:45:20:7d:53:04:ff:c0:a5:3c:91:e7:39:d1:52:ce:97:
         d5:3f:d3:d2:b6:f4:4a:70:cb:15:e2:37:4a:0d:e8:00:9b:d4:
         0c:aa:cb:4c:27:25:a3:c7:dc:fe:3b:a2:42:ac:78:05:80:0d:
         39:57:40:3b:b0:24:5c:f0:6e:21:ee:31:51:4b:f1:e9:2a:ee:
         a0:31:bd:56:3e:55:23:79:a2:23:b6:f2:a5:11:12:fb:07:ef:
         3e:68:97:58:85:39:6e:b1:f5:32:f9:9d:29:54:cf:8b:1b:39:
         5a:01:37:cf:a4:d3:c4:98:96:6c:d3:ad:28:cf:4c:b3:74:2e:
         5f:17:d7:23:8a:8f:61:64:b2:d7:0f:8f:b8:48:01:16:58:cd:
         7a:cd:44:8b:eb:1a:07:8d:0c:a8:94:44:09:54:f0:d5:14:ea:
         16:02:10:e6:00:74:94:01:e1:ac:c5:43:a6:34:70:01:c7:18:
         8d:c6:32:34:88:c6:cd:da:f5:3b:f7:ed:e8:bc:d1:8d:65:6e:
         39:1c:61:d7:72:7a:45:b2:49:1f:48:df:ec:8d:bf:88:72:98:
         58:69:74:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpYgso6Y0s4IN/D0z9WrZ0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjUxMTA2MDkzMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzlmYTk5MDFkYzBjYmE1YzQ5YzA0OTBmMzhkOWVhOWFlMzMxNTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruNXr9GxAHaq41Jrn707T8Y6IlMo
D0EQDfZJDIEgymDbl+/dUo5HILMKfcA4OcKeYNGfUbnTCxKnUOktylZ316onhAtN
Vkd+lfWFX3suS/e4WEzFE9QzSyG+RhSYupiyY9+JBEnwkDgeqyTEsN9pDvkJ53UY
qy9lk4A6XJBSMwl8B0Q/vyi8BY3B87j0w+kXaSPOwJ+xUiB6/3pFEnkLNNOWyrEG
uBWxYSiaw187raQpxnlovg3EsL96XNGE8xAQwN9i1YkgyJpA75Qh7yRQgSQEOiD1
bwTOtpHF6znIrs5X/LnYdnqSIAovPqw1FnGHhWJPoXXOmDJpR2h83InB0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHefqZAdwMulxJwEkPONnqmuMxUJMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvZDUtcGtCM0F5NlhFbkFTUTg0MmVxYTR6RlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXOswMA0G
CSqGSIb3DQEBCwUAA4IBAQByXfveVKUcOJ/b1OoP1YEtU5jpZ6hm1IrwYFQaUvvZ
wMb/PgA/J0UgfVME/8ClPJHnOdFSzpfVP9PStvRKcMsV4jdKDegAm9QMqstMJyWj
x9z+O6JCrHgFgA05V0A7sCRc8G4h7jFRS/HpKu6gMb1WPlUjeaIjtvKlERL7B+8+
aJdYhTlusfUy+Z0pVM+LGzlaATfPpNPEmJZs060oz0yzdC5fF9cjio9hZLLXD4+4
SAEWWM16zUSL6xoHjQyolEQJVPDVFOoWAhDmAHSUAeGsxUOmNHABxxiNxjI0iMbN
2vU79+3ovNGNZW45HGHXcnpFskkfSN/sjb+IcphYaXT6
-----END CERTIFICATE-----