Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MT58lg9eWKgrSTzgyOlCfNMYS3I.roa
File:                     MT58lg9eWKgrSTzgyOlCfNMYS3I.roa (raw, json)
Hash identifier:          Fxt/dM6FQs/0yDS2SZuJGJvWozr/ryCiCNJN6T2UU6E=
Subject key identifier:   31:3E:7C:96:0F:5E:58:A8:2B:49:3C:E0:C8:E9:42:7C:D3:18:4B:72
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019EB14A37F252901BE0D766BF7575CCB072
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MT58lg9eWKgrSTzgyOlCfNMYS3I.roa
Signing time:             Wed 10 Jun 2026 11:28:11 +0000
ROA not before:           Wed 10 Jun 2026 11:28:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        92.62.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:4a:37:f2:52:90:1b:e0:d7:66:bf:75:75:cc:b0:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jun 10 11:28:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=313e7c960f5e58a82b493ce0c8e9427cd3184b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0c:49:8d:5a:99:e5:f3:1d:90:4e:69:1e:20:
                    4c:0b:73:c6:5a:24:3c:b1:84:d7:78:ed:62:7a:ab:
                    8a:61:dd:f7:04:06:8b:46:3d:21:c0:df:2e:56:a3:
                    48:a4:09:a5:bd:1e:48:11:52:e9:a4:92:08:26:b5:
                    8e:7e:d7:d3:7e:c6:64:04:c6:63:de:02:6b:b6:52:
                    d3:d5:85:e8:83:a2:26:80:9f:5d:24:85:7b:e4:29:
                    ee:a8:70:8c:71:eb:9f:fb:83:71:d0:54:27:6d:7a:
                    a7:aa:52:78:c2:85:04:a1:fa:f8:28:f7:80:28:02:
                    45:99:b2:00:ec:02:65:77:a4:8a:b7:08:f3:d2:fa:
                    ca:63:a8:62:5d:52:a3:ff:05:dc:ad:0b:50:40:6a:
                    02:4b:51:35:36:38:30:04:d5:2d:f6:15:b9:80:46:
                    8d:61:1c:79:01:5c:6a:2a:7f:d2:39:3d:1e:b9:33:
                    e0:b5:cd:a1:40:a2:35:ac:2b:de:82:24:ad:74:e9:
                    b1:a3:d3:45:eb:31:4f:f1:7d:8a:94:76:7d:07:28:
                    d2:5a:e5:58:0d:5f:4d:d6:b2:95:19:2f:c6:28:0d:
                    cd:8c:d1:d1:f3:fe:f1:34:26:a4:9e:0c:37:48:67:
                    54:c8:f6:00:10:8e:9b:cd:66:31:ad:0c:a8:ac:4c:
                    12:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:3E:7C:96:0F:5E:58:A8:2B:49:3C:E0:C8:E9:42:7C:D3:18:4B:72
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MT58lg9eWKgrSTzgyOlCfNMYS3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:3c:c8:07:67:a1:d8:d5:40:88:00:43:9b:27:25:d8:27:8f:
         40:a0:ff:0b:aa:28:3f:e4:97:f2:49:d9:c3:fe:df:09:9c:ef:
         c1:9f:52:4c:8c:6a:7e:a3:b7:74:4b:55:ee:8b:f3:a8:0c:f9:
         30:1d:f4:60:51:27:a8:0d:55:d3:cb:83:d7:62:ff:ae:e9:33:
         97:06:99:a0:ec:f7:17:bd:b9:21:ef:53:74:5c:35:53:c0:9d:
         05:71:40:90:68:a4:7c:2e:45:eb:26:47:1b:0b:93:df:8b:65:
         19:81:3b:5d:04:3a:02:3f:5e:b3:19:95:04:52:f5:b9:5b:1e:
         08:e5:14:77:eb:2a:87:83:7f:71:5d:63:b5:a8:ae:86:69:a1:
         1d:68:5c:7d:52:e3:2b:11:e5:01:42:e0:15:de:64:15:82:be:
         e1:7e:e8:54:b1:1e:74:43:2e:75:e2:cb:e5:63:6b:18:4a:97:
         8b:7c:ad:51:6e:cd:a1:82:8d:0d:6b:5d:6f:25:d2:f4:7d:38:
         b3:6c:3c:19:42:69:4c:31:4c:d6:9e:3d:7c:de:ed:76:18:83:
         66:0a:e0:c7:40:eb:67:f5:aa:16:2d:66:b4:62:66:d8:d7:c1:
         6d:e5:5b:6d:96:ac:ff:77:18:d1:9f:e6:52:65:5c:14:35:79:
         1c:31:6a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xSjfyUpAb4Ndmv3V1zLByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNjEwMTEyODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTNlN2M5NjBmNWU1OGE4MmI0OTNjZTBjOGU5NDI3Y2QzMTg0YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwxJjVqZ5fMdkE5pHiBMC3PGWiQ8
sYTXeO1iequKYd33BAaLRj0hwN8uVqNIpAmlvR5IEVLppJIIJrWOftfTfsZkBMZj
3gJrtlLT1YXog6ImgJ9dJIV75CnuqHCMceuf+4Nx0FQnbXqnqlJ4woUEofr4KPeA
KAJFmbIA7AJld6SKtwjz0vrKY6hiXVKj/wXcrQtQQGoCS1E1NjgwBNUt9hW5gEaN
YRx5AVxqKn/SOT0euTPgtc2hQKI1rCvegiStdOmxo9NF6zFP8X2KlHZ9ByjSWuVY
DV9N1rKVGS/GKA3NjNHR8/7xNCakngw3SGdUyPYAEI6bzWYxrQyorEwSZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE+fJYPXlioK0k84MjpQnzTGEtyMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvTVQ1OGxnOWVXS2dyU1R6Z3lPbENmTk1ZUzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD7+MA0G
CSqGSIb3DQEBCwUAA4IBAQC/PMgHZ6HY1UCIAEObJyXYJ49AoP8Lqig/5JfySdnD
/t8JnO/Bn1JMjGp+o7d0S1Xui/OoDPkwHfRgUSeoDVXTy4PXYv+u6TOXBpmg7PcX
vbkh71N0XDVTwJ0FcUCQaKR8LkXrJkcbC5Pfi2UZgTtdBDoCP16zGZUEUvW5Wx4I
5RR36yqHg39xXWO1qK6GaaEdaFx9UuMrEeUBQuAV3mQVgr7hfuhUsR50Qy514svl
Y2sYSpeLfK1Rbs2hgo0Na11vJdL0fTizbDwZQmlMMUzWnj183u12GINmCuDHQOtn
9aoWLWa0YmbY18Ft5Vttlqz/dxjRn+ZSZVwUNXkcMWo7
-----END CERTIFICATE-----