Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/0b5iGIeuo2DKMNvHl9YT-o9ecPk.roa
File:                     0b5iGIeuo2DKMNvHl9YT-o9ecPk.roa (raw, json)
Hash identifier:          /wSlkj/hp/zdqNdystfvelHxMMMnIXaQ57KuV+lO360=
Subject key identifier:   D1:BE:62:18:87:AE:A3:60:CA:30:DB:C7:97:D6:13:FA:8F:5E:70:F9
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       01982CAE6E352107FC39329BCEEBAC6862F3
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/0b5iGIeuo2DKMNvHl9YT-o9ecPk.roa
Signing time:             Mon 21 Jul 2025 11:11:25 +0000
ROA not before:           Mon 21 Jul 2025 11:11:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59796
IP address blocks:        92.242.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:ae:6e:35:21:07:fc:39:32:9b:ce:eb:ac:68:62:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Jul 21 11:11:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1be621887aea360ca30dbc797d613fa8f5e70f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:82:09:5d:d4:da:b5:6d:ae:15:0a:23:02:4f:
                    82:fd:2d:2a:2e:17:f5:06:af:6b:76:22:95:28:08:
                    61:23:77:81:a7:6f:a0:94:b8:6e:fe:b8:56:23:a4:
                    c2:87:26:ab:68:03:3f:9d:5f:98:e7:20:ed:e4:df:
                    87:33:01:0e:7c:60:73:09:49:55:f7:02:9a:bf:54:
                    5d:d8:58:f5:c3:c5:23:b0:15:99:9c:ea:38:61:38:
                    17:8c:9e:81:4f:d0:de:0d:4d:90:a3:46:7f:ec:16:
                    f3:6a:15:a7:4b:9c:44:db:97:94:1d:99:55:b4:c6:
                    5f:f8:98:5d:ab:a9:50:69:a7:87:19:f9:c9:c0:c9:
                    2c:18:dd:f5:68:19:e1:93:28:fd:92:88:1c:aa:1b:
                    05:d3:48:1d:3f:31:ac:9a:d1:86:2d:47:ca:b7:02:
                    08:82:95:45:a7:c8:d0:91:bc:f1:4e:bf:05:9c:eb:
                    2c:f0:dc:1a:dc:65:28:7f:1b:13:97:20:7b:49:f0:
                    cc:48:51:db:8b:3e:ab:1d:da:ee:67:b3:c1:8e:da:
                    99:60:2c:cd:c3:45:e7:4f:6b:73:75:a2:f7:56:86:
                    97:42:ae:05:97:ac:96:33:83:4e:9c:7a:03:f9:29:
                    d5:0d:df:ef:30:23:d1:2b:0e:3c:36:c9:13:8f:57:
                    aa:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BE:62:18:87:AE:A3:60:CA:30:DB:C7:97:D6:13:FA:8F:5E:70:F9
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/0b5iGIeuo2DKMNvHl9YT-o9ecPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a2:fd:24:53:2c:55:6d:42:fc:71:1a:60:9e:1c:4e:1e:57:
         4f:f8:31:88:b6:7b:b8:ab:a3:94:db:21:cb:43:fd:7c:df:96:
         a2:f6:60:83:ce:05:f9:98:a4:b0:4b:8e:53:26:4a:01:1d:d5:
         ee:bd:7d:a2:dd:e9:3a:b3:60:ec:aa:d2:84:ca:a7:f4:9e:c6:
         8e:b9:04:73:f8:1a:08:71:8c:3a:47:ca:10:c2:de:4a:24:c4:
         11:39:ef:ca:ba:3c:e3:7e:26:1d:87:83:b9:8d:44:95:46:f6:
         cb:c6:fc:f9:6e:12:64:d9:a1:0c:6b:03:c9:78:1c:f4:cb:e8:
         88:cc:ad:b3:4a:34:d6:92:d2:51:5a:6f:4d:b6:ed:59:49:0a:
         c7:5f:c4:e1:01:f4:12:b7:e2:f5:6c:fa:f8:01:a1:ce:c9:2b:
         dc:d9:b2:2b:14:41:82:c6:69:fa:53:41:c0:cf:9a:db:90:36:
         54:0a:2d:12:3c:30:c8:ff:be:3b:57:95:5f:7c:c6:3e:66:4a:
         56:46:9a:61:55:e6:a4:9c:a4:0f:4b:73:68:26:3e:86:e9:a6:
         64:dc:83:5d:d9:43:39:06:00:da:f5:30:51:69:e3:d8:1e:bf:
         af:1d:d8:15:51:8e:93:25:bd:2a:98:11:14:2f:e0:c4:3a:d8:
         0b:06:23:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgsrm41IQf8OTKbzuusaGLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjUwNzIxMTExMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWJlNjIxODg3YWVhMzYwY2EzMGRiYzc5N2Q2MTNmYThmNWU3MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIIJXdTatW2uFQojAk+C/S0qLhf1
Bq9rdiKVKAhhI3eBp2+glLhu/rhWI6TChyaraAM/nV+Y5yDt5N+HMwEOfGBzCUlV
9wKav1Rd2Fj1w8UjsBWZnOo4YTgXjJ6BT9DeDU2Qo0Z/7BbzahWnS5xE25eUHZlV
tMZf+Jhdq6lQaaeHGfnJwMksGN31aBnhkyj9kogcqhsF00gdPzGsmtGGLUfKtwII
gpVFp8jQkbzxTr8FnOss8Nwa3GUofxsTlyB7SfDMSFHbiz6rHdruZ7PBjtqZYCzN
w0XnT2tzdaL3VoaXQq4Fl6yWM4NOnHoD+SnVDd/vMCPRKw48NskTj1eqFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNG+YhiHrqNgyjDbx5fWE/qPXnD5MB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvMGI1aUdJZXVvMkRLTU52SGw5WVQtbzllY1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKlMA0G
CSqGSIb3DQEBCwUAA4IBAQAhov0kUyxVbUL8cRpgnhxOHldP+DGItnu4q6OU2yHL
Q/1835ai9mCDzgX5mKSwS45TJkoBHdXuvX2i3ek6s2DsqtKEyqf0nsaOuQRz+BoI
cYw6R8oQwt5KJMQROe/KujzjfiYdh4O5jUSVRvbLxvz5bhJk2aEMawPJeBz0y+iI
zK2zSjTWktJRWm9Ntu1ZSQrHX8ThAfQSt+L1bPr4AaHOySvc2bIrFEGCxmn6U0HA
z5rbkDZUCi0SPDDI/747V5VffMY+ZkpWRpphVeaknKQPS3NoJj6G6aZk3INd2UM5
BgDa9TBRaePYHr+vHdgVUY6TJb0qmBEUL+DEOtgLBiNd
-----END CERTIFICATE-----