Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/02wqSv6S3QfGQclsARr7QXNvdWI.roa
File:                     02wqSv6S3QfGQclsARr7QXNvdWI.roa (raw, json)
Hash identifier:          blfoT2HbR+GD9/4BT0/OCiD+iemp7TQrPXABrjQFnJw=
Subject key identifier:   D3:6C:2A:4A:FE:92:DD:07:C6:41:C9:6C:01:1A:FB:41:73:6F:75:62
Certificate issuer:       /CN=5f08dc10218ac6db79430ae7c44515590417d605
Certificate serial:       01991ED2EDC5E146386599088BC03C7C64B1
Authority key identifier: 5F:08:DC:10:21:8A:C6:DB:79:43:0A:E7:C4:45:15:59:04:17:D6:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwjcECGKxtt5QwrnxEUVWQQX1gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/02wqSv6S3QfGQclsARr7QXNvdWI.roa
Signing time:             Sat 06 Sep 2025 11:39:23 +0000
ROA not before:           Sat 06 Sep 2025 11:39:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49207
IP address blocks:        92.249.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/XwjcECGKxtt5QwrnxEUVWQQX1gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/XwjcECGKxtt5QwrnxEUVWQQX1gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwjcECGKxtt5QwrnxEUVWQQX1gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1e:d2:ed:c5:e1:46:38:65:99:08:8b:c0:3c:7c:64:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f08dc10218ac6db79430ae7c44515590417d605
        Validity
            Not Before: Sep  6 11:39:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d36c2a4afe92dd07c641c96c011afb41736f7562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:b2:45:f1:7f:85:b2:f2:6d:c4:12:e9:90:
                    e2:fe:52:1c:da:84:81:ab:a2:68:54:3d:74:64:6f:
                    93:69:fd:9a:0f:44:2a:1b:9d:11:18:14:2a:f8:42:
                    2b:b5:1c:20:7d:f5:e2:15:6e:88:08:29:57:a6:a7:
                    6f:3b:0d:eb:05:07:84:98:50:aa:8a:8c:eb:2f:fe:
                    83:3d:b6:b2:16:60:d5:f7:e9:0c:2d:b5:07:6f:85:
                    5a:b0:d8:16:2b:60:69:78:aa:ff:b9:64:fa:89:4b:
                    81:a6:47:5f:89:f6:b5:d6:a0:ec:8d:61:c7:45:36:
                    a0:4b:7a:b9:62:80:26:8a:37:b7:54:1e:6c:08:f7:
                    7f:b0:29:3f:35:63:e6:36:e4:19:0b:63:63:87:0d:
                    0d:e9:39:d6:bf:30:40:63:3e:2a:39:e8:c9:6d:17:
                    e2:6c:6d:7a:9b:d0:be:e5:eb:b6:fe:2f:dc:a8:ad:
                    76:b5:50:55:b4:92:a2:2c:97:0a:2c:fe:9e:43:e2:
                    a9:8d:5a:f1:35:af:90:75:0c:40:fb:0b:af:13:86:
                    0a:8b:28:61:54:16:de:71:59:bc:58:dc:d4:be:a6:
                    e1:b8:01:8d:27:6c:2f:9a:f1:f8:39:30:07:1b:87:
                    5e:00:f9:12:c4:d9:92:ef:e1:d7:73:80:90:39:02:
                    dd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6C:2A:4A:FE:92:DD:07:C6:41:C9:6C:01:1A:FB:41:73:6F:75:62
            X509v3 Authority Key Identifier:
                keyid:5F:08:DC:10:21:8A:C6:DB:79:43:0A:E7:C4:45:15:59:04:17:D6:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwjcECGKxtt5QwrnxEUVWQQX1gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/02wqSv6S3QfGQclsARr7QXNvdWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/XwjcECGKxtt5QwrnxEUVWQQX1gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:8b:78:3c:4e:09:3d:a7:2e:2e:20:72:d2:3f:db:38:34:09:
         3b:41:76:66:13:0a:f5:c5:9f:16:42:6c:54:a4:54:a7:6c:f0:
         f1:3e:6c:64:b9:8f:57:e3:35:26:3d:d2:d9:27:86:26:a3:e6:
         24:67:1a:d0:86:37:0a:0f:0f:22:c6:45:17:00:a1:e2:69:0b:
         bd:fd:d2:6c:3a:7d:51:b2:fc:ba:93:47:e9:d4:2a:c2:a7:c5:
         5d:a2:64:2f:74:6d:e3:c2:1f:e8:a6:5f:34:21:cf:2b:23:ec:
         6c:3c:55:ec:df:1a:06:60:4b:3a:66:7f:67:e4:97:ce:97:da:
         8c:91:b3:a6:d8:46:18:80:48:42:31:58:51:9c:f5:fa:58:b7:
         fe:04:9e:d1:03:21:59:7e:8b:46:87:49:c0:fb:9d:ff:0b:0d:
         36:cd:2c:d3:73:b8:c9:f5:21:6e:0d:a0:a1:67:c1:d3:27:d8:
         af:f3:7f:3c:84:27:0b:81:5c:2f:4e:1c:6a:62:69:45:c9:c4:
         f9:0f:8f:c5:85:d7:b3:fb:ac:b1:b8:ce:c4:63:cb:d2:64:21:
         69:8f:f8:74:10:5d:f0:cf:cc:3a:ea:82:9c:6a:1a:6d:7b:10:
         79:37:57:2a:02:fa:fc:52:40:ef:12:33:48:ee:44:58:6d:94:
         d8:a9:7a:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZke0u3F4UY4ZZkIi8A8fGSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDhkYzEwMjE4YWM2ZGI3OTQzMGFlN2M0NDUxNTU5MDQx
N2Q2MDUwHhcNMjUwOTA2MTEzOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZjMmE0YWZlOTJkZDA3YzY0MWM5NmMwMTFhZmI0MTczNmY3NTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmyyRfF/hbLybcQS6ZDi/lIc2oSB
q6JoVD10ZG+Taf2aD0QqG50RGBQq+EIrtRwgffXiFW6ICClXpqdvOw3rBQeEmFCq
iozrL/6DPbayFmDV9+kMLbUHb4VasNgWK2BpeKr/uWT6iUuBpkdfifa11qDsjWHH
RTagS3q5YoAmije3VB5sCPd/sCk/NWPmNuQZC2Njhw0N6TnWvzBAYz4qOejJbRfi
bG16m9C+5eu2/i/cqK12tVBVtJKiLJcKLP6eQ+KpjVrxNa+QdQxA+wuvE4YKiyhh
VBbecVm8WNzUvqbhuAGNJ2wvmvH4OTAHG4deAPkSxNmS7+HXc4CQOQLdtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNsKkr+kt0HxkHJbAEa+0Fzb3ViMB8GA1UdIwQY
MBaAFF8I3BAhisbbeUMK58RFFVkEF9YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdqY0VDR0t4dHQ1UXdybnhFVVZXUVFYMWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9kODE3NDUtNjU4ZC00YTc0LTkyZjct
NWQzYTQyMWEwZjEwLzEvMDJ3cVN2NlMzUWZHUWNsc0FScjdRWE52ZFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9kODE3NDUtNjU4ZC00YTc0LTkyZjctNWQzYTQyMWEwZjEw
LzEvWHdqY0VDR0t4dHQ1UXdybnhFVVZXUVFYMWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAKi3g8Tgk9py4uIHLSP9s4NAk7QXZmEwr1xZ8WQmxU
pFSnbPDxPmxkuY9X4zUmPdLZJ4Ymo+YkZxrQhjcKDw8ixkUXAKHiaQu9/dJsOn1R
svy6k0fp1CrCp8VdomQvdG3jwh/opl80Ic8rI+xsPFXs3xoGYEs6Zn9n5JfOl9qM
kbOm2EYYgEhCMVhRnPX6WLf+BJ7RAyFZfotGh0nA+53/Cw02zSzTc7jJ9SFuDaCh
Z8HTJ9iv8388hCcLgVwvThxqYmlFycT5D4/Fhdez+6yxuM7EY8vSZCFpj/h0EF3w
z8w66oKcahptexB5N1cqAvr8UkDvEjNI7kRYbZTYqXrB
-----END CERTIFICATE-----