Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k-Z6mm2ktoYvyiqpdU7oc7SBCMQ.roa
File:                     k-Z6mm2ktoYvyiqpdU7oc7SBCMQ.roa (raw, json)
Hash identifier:          VbraxVVbxZWxGZdpUaK0JF6rJUJyv6K09p8cRPSqCmU=
Subject key identifier:   93:E6:7A:9A:6D:A4:B6:86:2F:CA:2A:A9:75:4E:E8:73:B4:81:08:C4
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019735BC3ED0F678EDA5D5160D92B3272C3B
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k-Z6mm2ktoYvyiqpdU7oc7SBCMQ.roa
Signing time:             Tue 03 Jun 2025 12:20:18 +0000
ROA not before:           Tue 03 Jun 2025 12:20:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        185.92.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:bc:3e:d0:f6:78:ed:a5:d5:16:0d:92:b3:27:2c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jun  3 12:20:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93e67a9a6da4b6862fca2aa9754ee873b48108c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:82:4c:ff:40:7e:07:86:7e:43:6a:d8:83:38:
                    1e:98:d1:bb:2a:0f:7a:d4:cb:ee:e8:73:07:4b:b5:
                    e6:78:cd:68:e5:0f:a4:f2:cb:b4:e7:6d:77:7b:ab:
                    60:ae:2f:b9:85:17:82:75:b5:da:a7:c0:33:7f:5b:
                    5e:75:24:d0:e4:7d:3b:18:66:b1:78:a0:25:f1:68:
                    86:9b:44:93:eb:5a:7b:0b:6f:b6:25:ca:30:f1:de:
                    36:84:5a:b8:f2:35:7d:54:12:36:64:40:d8:ac:16:
                    49:af:3a:81:f0:b6:93:38:f7:a3:e1:1e:60:bb:af:
                    90:db:a6:70:da:50:ff:ff:14:27:fe:a5:86:71:c7:
                    a7:49:7b:d4:29:b3:a3:97:43:9f:ba:68:f3:ce:cd:
                    62:4e:03:ca:f0:72:cc:59:e7:98:4e:61:13:ec:18:
                    a2:5c:4e:b5:8d:59:42:1e:17:2b:53:b6:d3:9a:92:
                    a3:a2:80:ec:58:c8:b5:61:b3:4e:6e:d8:a4:30:36:
                    f3:64:b1:85:bd:36:9c:56:ba:83:8c:87:a1:7e:5d:
                    22:1e:9d:d3:34:cf:ec:9f:91:d1:00:5a:fb:83:69:
                    b2:18:c7:9f:a1:bd:a1:c7:65:40:d9:f5:1a:34:43:
                    a5:12:81:39:47:ce:51:f6:f2:30:a3:ec:a2:b8:29:
                    e6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:E6:7A:9A:6D:A4:B6:86:2F:CA:2A:A9:75:4E:E8:73:B4:81:08:C4
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/k-Z6mm2ktoYvyiqpdU7oc7SBCMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ca:33:a2:e5:ec:9b:82:ad:9c:1c:d2:77:cb:3e:70:25:d6:
         af:6a:28:bb:e3:e2:c0:3d:84:7c:ae:93:a0:39:42:5b:a0:9d:
         9a:1f:b9:46:83:77:2b:19:6f:7a:d7:b5:e3:9e:e7:a1:36:a9:
         38:98:79:68:36:18:f4:b8:ee:2b:88:46:d6:6a:26:d8:2e:de:
         42:16:ae:7b:77:4a:be:b1:38:43:7f:a3:d3:cb:16:e0:5d:3c:
         73:49:c3:12:b3:93:88:42:d5:7e:75:88:50:4e:b1:2c:24:57:
         17:c3:11:86:7c:b8:11:64:87:af:65:d4:5e:b0:d1:bd:f9:0f:
         fd:77:05:1c:86:73:cc:e8:41:d3:69:2f:5a:ed:df:1f:5b:cc:
         3f:81:4e:22:3f:89:34:98:e3:14:37:25:2f:5f:70:18:0c:9f:
         87:99:b0:6d:1f:8d:9f:7d:ed:60:79:c1:ad:90:cc:fd:d1:d7:
         62:64:35:ab:b5:c0:37:d4:e8:17:0f:0d:b3:94:a0:cf:a6:20:
         ff:27:0f:09:08:58:ac:89:3d:1b:5d:e2:2d:5a:8e:62:1b:36:
         f2:86:92:dc:81:77:67:0f:90:20:30:88:84:74:a1:4f:7f:93:
         e4:2c:7d:31:60:75:aa:1d:85:14:dd:41:d4:d2:e8:b8:cf:24:
         cf:f4:27:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1vD7Q9njtpdUWDZKzJyw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNjAzMTIyMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2U2N2E5YTZkYTRiNjg2MmZjYTJhYTk3NTRlZTg3M2I0ODEwOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4JM/0B+B4Z+Q2rYgzgemNG7Kg96
1Mvu6HMHS7XmeM1o5Q+k8su05213e6tgri+5hReCdbXap8Azf1tedSTQ5H07GGax
eKAl8WiGm0ST61p7C2+2Jcow8d42hFq48jV9VBI2ZEDYrBZJrzqB8LaTOPej4R5g
u6+Q26Zw2lD//xQn/qWGccenSXvUKbOjl0Ofumjzzs1iTgPK8HLMWeeYTmET7Bii
XE61jVlCHhcrU7bTmpKjooDsWMi1YbNObtikMDbzZLGFvTacVrqDjIehfl0iHp3T
NM/sn5HRAFr7g2myGMefob2hx2VA2fUaNEOlEoE5R85R9vIwo+yiuCnmaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPmepptpLaGL8oqqXVO6HO0gQjEMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvay1aNm1tMmt0b1l2eWlxcGRVN29jN1NCQ01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwsMA0G
CSqGSIb3DQEBCwUAA4IBAQALyjOi5eybgq2cHNJ3yz5wJdavaii74+LAPYR8rpOg
OUJboJ2aH7lGg3crGW9617XjnuehNqk4mHloNhj0uO4riEbWaibYLt5CFq57d0q+
sThDf6PTyxbgXTxzScMSs5OIQtV+dYhQTrEsJFcXwxGGfLgRZIevZdResNG9+Q/9
dwUchnPM6EHTaS9a7d8fW8w/gU4iP4k0mOMUNyUvX3AYDJ+HmbBtH42ffe1gecGt
kMz90ddiZDWrtcA31OgXDw2zlKDPpiD/Jw8JCFisiT0bXeItWo5iGzbyhpLcgXdn
D5AgMIiEdKFPf5PkLH0xYHWqHYUU3UHU0ui4zyTP9Cfu
-----END CERTIFICATE-----