Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ZreaaSzvj0F5FavpUXWG2Nvv2Pk.roa
File:                     ZreaaSzvj0F5FavpUXWG2Nvv2Pk.roa (raw, json)
Hash identifier:          1Qh4e1SS86x/OjiBlUymOG3z5N1ty2+63wfpNrmVAAs=
Subject key identifier:   66:B7:9A:69:2C:EF:8F:41:79:15:AB:E9:51:75:86:D8:DB:EF:D8:F9
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019A5074F0BC9016485D7B0E1D0211A63257
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ZreaaSzvj0F5FavpUXWG2Nvv2Pk.roa
Signing time:             Tue 04 Nov 2025 20:00:32 +0000
ROA not before:           Tue 04 Nov 2025 20:00:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206226
IP address blocks:        92.62.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:74:f0:bc:90:16:48:5d:7b:0e:1d:02:11:a6:32:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Nov  4 20:00:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66b79a692cef8f417915abe9517586d8dbefd8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:0f:c1:fe:53:53:00:4d:03:46:cb:0a:91:
                    4a:e8:c6:28:4c:c4:6a:07:ea:33:4a:9c:3b:44:58:
                    9f:6c:af:43:1a:75:4e:97:f8:6b:ce:b5:a7:46:18:
                    c8:6b:d7:68:73:a8:91:13:bf:d7:5f:79:5a:b9:61:
                    0f:7c:f7:c9:37:1e:ea:1a:d1:d2:7a:28:29:fd:ff:
                    6e:35:98:69:3d:fc:37:45:db:ec:31:b8:18:dc:ea:
                    05:97:fa:3e:54:46:26:f7:ce:ee:96:6e:f0:3f:54:
                    e8:be:d8:3a:1d:67:ac:7a:54:92:14:58:01:02:fb:
                    ad:4c:6d:da:c7:06:66:17:2b:76:85:33:9c:74:cc:
                    ba:cc:16:89:b1:91:6d:de:90:c8:9a:12:3f:e2:19:
                    41:68:8c:1c:33:15:b1:2f:bb:38:5b:1c:10:31:f6:
                    40:c1:93:90:df:a6:f9:fd:a9:68:3a:5f:d9:f1:44:
                    24:d9:de:eb:51:57:fa:f0:0b:ec:76:84:f0:fc:f3:
                    9a:ae:d6:26:71:19:20:6e:4a:7a:30:27:4b:87:3c:
                    ff:61:69:d5:66:48:01:02:c0:c0:b7:81:0c:a1:f6:
                    36:8f:7f:e0:ee:b9:c2:02:19:21:7c:2e:41:72:73:
                    90:67:41:fb:ee:4d:0f:12:80:e2:6a:ba:bd:a9:6f:
                    85:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B7:9A:69:2C:EF:8F:41:79:15:AB:E9:51:75:86:D8:DB:EF:D8:F9
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ZreaaSzvj0F5FavpUXWG2Nvv2Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:dd:fb:34:c2:ae:1d:94:1b:81:eb:7a:7c:cb:1a:ea:f3:b3:
         c4:df:63:4e:06:ff:7d:c6:ee:94:e6:01:55:44:ab:67:8a:f0:
         93:9e:df:b5:ed:19:5c:41:af:ed:e0:db:72:12:19:1f:28:f1:
         ff:90:da:83:09:d4:03:e4:85:09:8f:27:fc:2e:7d:ae:12:24:
         dc:f7:a1:02:79:94:0e:21:c2:b2:58:a2:6c:2e:9b:6b:3f:17:
         f7:87:21:7e:71:b6:eb:4e:c1:bd:ee:d8:0f:59:fc:97:bf:af:
         02:ce:b6:0a:4b:8a:e5:f4:16:d6:23:2e:10:73:3a:b4:39:b4:
         46:f1:3c:7f:84:fe:f0:de:9a:ac:12:d1:ec:22:33:86:c8:c9:
         10:d2:8e:ed:bc:d1:eb:ee:4b:c3:9b:6d:b8:78:d8:fa:86:c9:
         25:97:2d:56:d5:0e:4f:ac:19:87:6c:8b:fb:16:9e:67:bb:5d:
         c1:4c:e1:af:3a:ca:c4:0c:2b:dd:42:b2:99:2b:e8:6c:d1:e8:
         41:3a:7e:dc:47:ce:a7:e2:31:46:09:0b:65:9f:cf:7f:90:73:
         1c:b7:bb:ca:29:7f:87:85:0e:08:52:aa:24:3e:94:b5:7d:cd:
         a7:a3:26:7e:00:e6:8a:b1:ba:0b:60:55:1a:3f:ca:aa:98:f2:
         29:5d:c3:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpQdPC8kBZIXXsOHQIRpjJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUxMTA0MjAwMDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmI3OWE2OTJjZWY4ZjQxNzkxNWFiZTk1MTc1ODZkOGRiZWZkOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY0Pwf5TUwBNA0bLCpFK6MYoTMRq
B+ozSpw7RFifbK9DGnVOl/hrzrWnRhjIa9doc6iRE7/XX3lauWEPfPfJNx7qGtHS
eigp/f9uNZhpPfw3RdvsMbgY3OoFl/o+VEYm987ulm7wP1Tovtg6HWeselSSFFgB
AvutTG3axwZmFyt2hTOcdMy6zBaJsZFt3pDImhI/4hlBaIwcMxWxL7s4WxwQMfZA
wZOQ36b5/aloOl/Z8UQk2d7rUVf68AvsdoTw/POartYmcRkgbkp6MCdLhzz/YWnV
ZkgBAsDAt4EMofY2j3/g7rnCAhkhfC5BcnOQZ0H77k0PEoDiarq9qW+FawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa3mmks749BeRWr6VF1htjb79j5MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvWnJlYWFTenZqMEY1RmF2cFVYV0cyTnZ2MlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD73MA0G
CSqGSIb3DQEBCwUAA4IBAQAu3fs0wq4dlBuB63p8yxrq87PE32NOBv99xu6U5gFV
RKtnivCTnt+17RlcQa/t4NtyEhkfKPH/kNqDCdQD5IUJjyf8Ln2uEiTc96ECeZQO
IcKyWKJsLptrPxf3hyF+cbbrTsG97tgPWfyXv68CzrYKS4rl9BbWIy4Qczq0ObRG
8Tx/hP7w3pqsEtHsIjOGyMkQ0o7tvNHr7kvDm224eNj6hsklly1W1Q5PrBmHbIv7
Fp5nu13BTOGvOsrEDCvdQrKZK+hs0ehBOn7cR86n4jFGCQtln89/kHMct7vKKX+H
hQ4IUqokPpS1fc2noyZ+AOaKsboLYFUaP8qqmPIpXcPA
-----END CERTIFICATE-----