Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/onT2MkF29XmtrGx1gO1FbJGGd64.roa
File:                     onT2MkF29XmtrGx1gO1FbJGGd64.roa (raw, json)
Hash identifier:          9BBTl4rWlge/62o6XB7LJ3UfJ89LN7a5QNMStDRgw1U=
Subject key identifier:   A2:74:F6:32:41:76:F5:79:AD:AC:6C:75:80:ED:45:6C:91:86:77:AE
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019A4D937E9288A4E8883F1C3D3D48E5A1A8
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/onT2MkF29XmtrGx1gO1FbJGGd64.roa
Signing time:             Tue 04 Nov 2025 06:35:03 +0000
ROA not before:           Tue 04 Nov 2025 06:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213622
IP address blocks:        92.62.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:93:7e:92:88:a4:e8:88:3f:1c:3d:3d:48:e5:a1:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Nov  4 06:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a274f6324176f579adac6c7580ed456c918677ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:13:17:81:0f:02:79:0c:9d:88:4d:f3:36:52:
                    1f:fb:46:25:99:86:78:61:7a:8f:93:1f:f2:95:ef:
                    74:f8:b4:30:38:e4:87:2f:ff:b5:91:77:db:08:d3:
                    b6:9a:fe:19:3c:d7:b3:7b:ec:f9:61:0a:cc:8e:b4:
                    ae:89:d1:bc:ce:a2:2e:78:e3:1c:12:6f:34:71:b5:
                    62:b7:6f:b8:0c:a0:a3:8c:2a:17:b6:19:02:c6:c7:
                    78:d3:0d:af:4a:c7:48:b0:c9:a4:80:5a:4b:04:25:
                    f4:23:04:86:bc:01:2b:21:08:5b:5e:81:b0:ba:b6:
                    8d:71:2f:a3:ee:dd:a1:3c:f5:14:f5:e9:84:8e:95:
                    a0:35:9f:47:fe:32:9b:e0:e7:c0:3b:f4:c5:91:06:
                    85:a6:78:84:5f:7c:65:99:1d:c6:ba:f9:ee:24:d0:
                    bc:28:49:5a:69:21:18:2b:fe:f8:fd:c5:1c:2d:eb:
                    e2:d6:43:b5:00:88:74:e9:26:8c:1b:dc:58:4e:80:
                    da:08:0c:2c:32:5e:f7:e8:7e:a3:d3:1d:f2:14:38:
                    38:11:ea:1a:7d:a6:7d:bc:be:e2:ad:a4:aa:4f:87:
                    20:e0:c5:80:41:d7:b6:1c:f6:5c:1b:22:65:e1:44:
                    65:93:d0:43:5b:c1:cc:98:7a:e1:c1:35:64:fc:aa:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:74:F6:32:41:76:F5:79:AD:AC:6C:75:80:ED:45:6C:91:86:77:AE
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/onT2MkF29XmtrGx1gO1FbJGGd64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.62.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:15:ae:3d:0f:de:19:93:61:a7:5b:df:7a:1f:82:ae:8b:b2:
         4f:31:fa:40:3a:af:e4:4b:e7:48:34:a5:e5:21:3f:2b:bd:b6:
         40:06:33:67:3f:b0:0f:67:6a:22:6b:30:93:c9:7a:56:be:4b:
         be:42:e6:0e:7c:ec:0c:65:f2:49:69:bf:64:56:72:6b:68:fe:
         c3:9f:51:18:97:4e:50:f4:50:9d:0e:a1:51:7c:9e:29:79:2b:
         41:9b:42:6d:26:fd:c5:78:80:a1:be:d4:54:bb:0a:4b:91:f8:
         82:d3:d4:14:79:54:57:e7:09:91:f3:c1:c9:16:dc:8f:38:07:
         b0:c9:f0:99:14:c0:36:41:f6:98:a5:2c:29:56:33:b1:aa:e4:
         29:70:a5:1c:fd:6b:fb:29:3a:4e:3e:fe:17:68:1c:b1:e3:c0:
         e0:34:3a:b8:ab:96:2d:14:cf:d7:af:21:bf:22:35:62:94:fd:
         e8:42:93:4b:93:47:7f:72:09:61:5d:2f:3b:50:35:63:49:11:
         7d:0e:e0:67:4c:3e:09:49:f1:c9:63:07:94:35:9e:4f:8f:de:
         46:97:c8:aa:81:3b:ae:04:d7:65:26:e7:81:e3:5f:ce:05:8b:
         95:2c:7d:f6:32:75:6e:68:1d:88:b4:4c:da:4c:40:a2:f2:b4:
         a8:c6:43:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpNk36SiKToiD8cPT1I5aGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUxMTA0MDYzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc0ZjYzMjQxNzZmNTc5YWRhYzZjNzU4MGVkNDU2YzkxODY3N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBMXgQ8CeQydiE3zNlIf+0YlmYZ4
YXqPkx/yle90+LQwOOSHL/+1kXfbCNO2mv4ZPNeze+z5YQrMjrSuidG8zqIueOMc
Em80cbVit2+4DKCjjCoXthkCxsd40w2vSsdIsMmkgFpLBCX0IwSGvAErIQhbXoGw
uraNcS+j7t2hPPUU9emEjpWgNZ9H/jKb4OfAO/TFkQaFpniEX3xlmR3GuvnuJNC8
KElaaSEYK/74/cUcLevi1kO1AIh06SaMG9xYToDaCAwsMl736H6j0x3yFDg4Eeoa
faZ9vL7iraSqT4cg4MWAQde2HPZcGyJl4URlk9BDW8HMmHrhwTVk/KpJxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJ09jJBdvV5raxsdYDtRWyRhneuMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvb25UMk1rRjI5WG10ckd4MWdPMUZiSkdHZDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD73MA0G
CSqGSIb3DQEBCwUAA4IBAQDEFa49D94Zk2GnW996H4Kui7JPMfpAOq/kS+dINKXl
IT8rvbZABjNnP7APZ2oiazCTyXpWvku+QuYOfOwMZfJJab9kVnJraP7Dn1EYl05Q
9FCdDqFRfJ4peStBm0JtJv3FeIChvtRUuwpLkfiC09QUeVRX5wmR88HJFtyPOAew
yfCZFMA2QfaYpSwpVjOxquQpcKUc/Wv7KTpOPv4XaByx48DgNDq4q5YtFM/XryG/
IjVilP3oQpNLk0d/cglhXS87UDVjSRF9DuBnTD4JSfHJYweUNZ5Pj95Gl8iqgTuu
BNdlJueB41/OBYuVLH32MnVuaB2ItEzaTECi8rSoxkN6
-----END CERTIFICATE-----