Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-id4xcrItJd7V_hOCmhIeYyZ2Xk.roa
File:                     1-id4xcrItJd7V_hOCmhIeYyZ2Xk.roa (raw, json)
Hash identifier:          5JyR/FPIOWbDy54iT5HXm94pZw2Q30ZnLr3z/fsJwOE=
Subject key identifier:   FA:27:78:C5:CA:C8:B4:97:7B:57:F8:4E:0A:68:48:79:8C:99:D9:79
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019850247CFA0A814E2D65BD49F05664FE6B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-id4xcrItJd7V_hOCmhIeYyZ2Xk.roa
Signing time:             Mon 28 Jul 2025 08:27:05 +0000
ROA not before:           Mon 28 Jul 2025 08:27:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        92.71.68.0/22 maxlen: 24
                          213.201.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:24:7c:fa:0a:81:4e:2d:65:bd:49:f0:56:64:fe:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul 28 08:27:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa2778c5cac8b4977b57f84e0a6848798c99d979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f0:18:6a:f8:9c:28:63:54:44:fe:31:3d:40:
                    e7:09:89:88:0b:e6:2f:2d:c1:96:71:24:bb:8a:a2:
                    58:c1:39:42:7d:b2:9c:38:c4:08:31:e3:ca:fe:17:
                    5f:58:4e:04:c7:4d:dd:51:c1:fa:82:3c:b3:ba:73:
                    4c:ac:23:91:49:5c:24:3d:72:6c:a2:1a:79:18:c8:
                    d8:27:52:e4:52:a6:5f:0b:3b:da:a6:2f:a2:31:3a:
                    44:9e:e3:48:94:ee:9a:53:68:68:55:ad:6c:f7:6f:
                    1f:19:b8:09:b8:1d:2e:6f:97:29:02:70:03:9a:c4:
                    52:b0:ad:e5:1c:7c:70:32:87:bc:9c:98:51:c3:da:
                    a5:a1:c4:76:6f:53:25:fd:a4:cb:07:77:dd:78:b0:
                    35:15:80:ee:eb:84:ab:85:87:bc:6f:a8:0a:43:19:
                    ac:c2:01:39:bd:66:60:54:27:e4:9a:48:ff:80:2e:
                    56:0e:62:2f:b4:35:7d:4b:d5:56:36:66:8f:70:26:
                    ab:89:13:19:2f:54:69:f6:4b:e6:bf:a6:eb:6d:d7:
                    f9:0f:23:23:9e:de:cd:98:c2:b7:75:bf:63:37:aa:
                    d6:c2:b7:e4:ec:fb:90:82:f9:62:3d:08:10:7b:ef:
                    88:5b:59:e9:d3:d4:9f:d0:1f:2e:04:4e:ef:f6:4a:
                    cb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:27:78:C5:CA:C8:B4:97:7B:57:F8:4E:0A:68:48:79:8C:99:D9:79
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-id4xcrItJd7V_hOCmhIeYyZ2Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.68.0/22
                  213.201.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:45:6b:2d:91:7d:32:0d:e0:23:ae:af:ca:b4:33:17:ff:b8:
         ee:1b:d4:e3:ea:68:67:fd:9b:02:ea:2a:a1:09:48:fd:58:1d:
         b0:bf:9f:21:5e:45:41:54:44:38:81:b7:11:71:14:e6:0c:19:
         f1:db:e2:74:3a:f3:09:66:0b:d1:37:90:54:b2:51:5a:0b:bf:
         7c:57:42:bd:ee:fb:d3:77:bb:e6:fc:cb:31:3a:0f:4a:66:93:
         65:67:a9:19:69:89:81:03:f3:cb:72:5e:f6:69:4e:6a:dc:1e:
         53:49:c3:d8:fb:90:75:c9:80:f2:aa:34:07:83:8e:ae:a5:7b:
         a2:1c:92:19:e3:6f:55:05:d1:99:75:1c:4e:80:db:ef:a4:f3:
         07:ea:84:cf:a3:1b:c4:a4:49:e7:0e:b0:85:99:c3:7a:ae:ae:
         91:b0:af:e0:66:c5:8b:a7:95:13:16:1b:4a:89:8f:d3:2f:2d:
         ef:07:34:d6:08:57:8e:7d:e2:54:05:d9:0f:df:8a:ce:0e:9a:
         15:bc:55:1e:bd:0b:bc:59:17:28:b0:02:d9:6a:39:43:f8:06:
         be:eb:97:ac:1e:8c:28:1a:dd:43:4a:c3:da:96:4d:86:90:2e:
         e5:6a:14:51:50:1f:b2:1b:eb:43:d1:f4:3b:cc:87:e9:f3:99:
         e6:ce:78:f9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZhQJHz6CoFOLWW9SfBWZP5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNzI4MDgyNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI3NzhjNWNhYzhiNDk3N2I1N2Y4NGUwYTY4NDg3OThjOTlkOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/AYavicKGNURP4xPUDnCYmIC+Yv
LcGWcSS7iqJYwTlCfbKcOMQIMePK/hdfWE4Ex03dUcH6gjyzunNMrCORSVwkPXJs
ohp5GMjYJ1LkUqZfCzvapi+iMTpEnuNIlO6aU2hoVa1s928fGbgJuB0ub5cpAnAD
msRSsK3lHHxwMoe8nJhRw9qlocR2b1Ml/aTLB3fdeLA1FYDu64SrhYe8b6gKQxms
wgE5vWZgVCfkmkj/gC5WDmIvtDV9S9VWNmaPcCariRMZL1Rp9kvmv6brbdf5DyMj
nt7NmMK3db9jN6rWwrfk7PuQgvliPQgQe++IW1np09Sf0B8uBE7v9krLuwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPoneMXKyLSXe1f4TgpoSHmMmdl5MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMS1pZDR4Y3JJdEpkN1ZfaE9DbWhJZVl5WjJYay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvOWQ1NGE1LTAxMzUtNGIxOC05NjFhLTBjZjEwOTNkNDU0
OC8xL0o1Ml8zMHdndmE2TllSaFdiczUyUkU1RzBYRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAlxHRAME
AdXJ+jANBgkqhkiG9w0BAQsFAAOCAQEAH0VrLZF9Mg3gI66vyrQzF/+47hvU4+po
Z/2bAuoqoQlI/VgdsL+fIV5FQVREOIG3EXEU5gwZ8dvidDrzCWYL0TeQVLJRWgu/
fFdCve7703e75vzLMToPSmaTZWepGWmJgQPzy3Je9mlOatweU0nD2PuQdcmA8qo0
B4OOrqV7ohySGeNvVQXRmXUcToDb76TzB+qEz6MbxKRJ5w6whZnDeq6ukbCv4GbF
i6eVExYbSomP0y8t7wc01ghXjn3iVAXZD9+Kzg6aFbxVHr0LvFkXKLAC2Wo5Q/gG
vuuXrB6MKBrdQ0rD2pZNhpAu5WoUUVAfshvrQ9H0O8yH6fOZ5s54+Q==
-----END CERTIFICATE-----