Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/EyJIl9GgE7NEizESEZnZ9ODAHzw.roa
File:                     EyJIl9GgE7NEizESEZnZ9ODAHzw.roa (raw, json)
Hash identifier:          TDhr2Br5ELeOUc6goo8nbxisdzgPRnJxdfCh2qX9VlY=
Subject key identifier:   13:22:48:97:D1:A0:13:B3:44:8B:31:12:11:99:D9:F4:E0:C0:1F:3C
Certificate issuer:       /CN=865b07c289df6bc9c762db4329ba0ce3c529fecb
Certificate serial:       0198663C3D00FB2E035FFD3F65015EC224AE
Authority key identifier: 86:5B:07:C2:89:DF:6B:C9:C7:62:DB:43:29:BA:0C:E3:C5:29:FE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/EyJIl9GgE7NEizESEZnZ9ODAHzw.roa
Signing time:             Fri 01 Aug 2025 15:24:40 +0000
ROA not before:           Fri 01 Aug 2025 15:24:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49592
IP address blocks:        92.42.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:3c:3d:00:fb:2e:03:5f:fd:3f:65:01:5e:c2:24:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=865b07c289df6bc9c762db4329ba0ce3c529fecb
        Validity
            Not Before: Aug  1 15:24:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13224897d1a013b3448b31121199d9f4e0c01f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:74:2b:8f:a8:61:a7:bd:b2:b5:68:78:46:fd:
                    8c:92:7c:b0:1f:1a:dd:f3:70:a5:8b:d6:09:15:92:
                    e0:b3:bb:ba:40:d1:03:f4:21:f2:59:15:99:cb:4b:
                    8c:39:42:56:62:36:bf:f1:71:6b:7a:b9:cf:48:de:
                    e7:22:3b:bf:e9:be:d4:ea:14:00:44:c8:ce:3b:77:
                    ff:39:3d:ee:10:60:f6:31:4c:cf:f1:2d:9b:33:46:
                    25:46:ac:59:3a:5f:60:72:5a:f5:d4:6e:4f:ed:15:
                    4a:c2:2b:a9:f5:5a:27:b9:d0:eb:e0:cd:d3:19:b9:
                    9e:49:33:2f:89:72:b0:34:ac:58:a3:83:cc:3a:bf:
                    6a:6b:8c:1b:4d:10:8d:20:1a:73:3f:7b:35:3f:14:
                    7e:1b:5a:a5:6f:bd:12:92:a9:e0:bb:60:28:56:91:
                    f5:22:04:41:07:11:e6:ee:97:80:af:da:6a:e7:34:
                    25:7c:af:5d:2d:fc:c5:ed:c7:41:d8:52:d1:44:27:
                    ef:0c:bb:a3:ae:50:0f:f7:d9:23:65:ab:4e:2a:56:
                    9e:61:5e:ed:ce:c2:bd:d2:0f:51:05:a2:f8:96:c8:
                    ec:25:4e:7c:56:f8:b7:1d:31:de:1e:5d:6e:19:94:
                    a9:50:82:33:b8:b6:ee:0c:65:46:3d:e1:8c:b7:05:
                    f5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:22:48:97:D1:A0:13:B3:44:8B:31:12:11:99:D9:F4:E0:C0:1F:3C
            X509v3 Authority Key Identifier:
                keyid:86:5B:07:C2:89:DF:6B:C9:C7:62:DB:43:29:BA:0C:E3:C5:29:FE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/EyJIl9GgE7NEizESEZnZ9ODAHzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:34:f1:3f:2f:bf:f4:3f:a4:79:d8:9f:c1:11:c1:c4:77:c9:
         2f:a9:00:5f:b5:87:c4:0c:98:00:e0:fe:33:04:c3:70:52:ac:
         2d:f9:38:f4:c9:71:82:b8:1e:ed:b9:e8:2a:70:ec:2c:5c:e0:
         2f:17:ae:27:6b:04:5b:ac:bd:06:3c:11:c2:65:f1:c6:01:54:
         71:09:5d:de:24:5f:55:08:cb:ae:73:1e:08:89:3c:c0:63:9d:
         4e:82:eb:e6:84:51:ec:3c:73:88:ee:28:31:af:b4:e0:22:9c:
         b6:7f:92:1d:91:4f:41:40:dc:da:89:53:e5:39:9a:cf:ee:7f:
         17:3b:17:6e:32:64:dc:0a:0a:cc:3c:f5:7a:ea:76:0a:1f:d8:
         06:19:7c:10:b2:0a:51:97:97:6c:3a:d4:45:46:3d:23:2e:3a:
         90:06:d5:4d:54:8c:34:ce:9f:e5:16:4b:01:2d:9f:05:9b:25:
         e5:f8:37:3f:6f:20:5f:d3:26:1b:f4:6c:73:21:11:6d:f6:eb:
         88:e3:26:ed:6d:2c:15:70:30:2d:68:4c:bc:cc:2f:2f:cb:79:
         ce:9e:14:39:f9:5b:08:48:eb:d6:42:d7:2d:fc:c7:e5:28:8a:
         82:de:af:77:94:4a:0f:aa:5a:2b:c6:89:23:9b:83:0e:e1:b8:
         1d:b6:c5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhmPD0A+y4DX/0/ZQFewiSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NWIwN2MyODlkZjZiYzljNzYyZGI0MzI5YmEwY2UzYzUy
OWZlY2IwHhcNMjUwODAxMTUyNDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzIyNDg5N2QxYTAxM2IzNDQ4YjMxMTIxMTk5ZDlmNGUwYzAxZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHQrj6hhp72ytWh4Rv2MknywHxrd
83Cli9YJFZLgs7u6QNED9CHyWRWZy0uMOUJWYja/8XFrernPSN7nIju/6b7U6hQA
RMjOO3f/OT3uEGD2MUzP8S2bM0YlRqxZOl9gclr11G5P7RVKwiup9VonudDr4M3T
GbmeSTMviXKwNKxYo4PMOr9qa4wbTRCNIBpzP3s1PxR+G1qlb70Skqngu2AoVpH1
IgRBBxHm7peAr9pq5zQlfK9dLfzF7cdB2FLRRCfvDLujrlAP99kjZatOKlaeYV7t
zsK90g9RBaL4lsjsJU58Vvi3HTHeHl1uGZSpUIIzuLbuDGVGPeGMtwX1ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMiSJfRoBOzRIsxEhGZ2fTgwB88MB8GA1UdIwQY
MBaAFIZbB8KJ32vJx2LbQym6DOPFKf7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGxzSHdvbmZhOG5IWXR0REtib000OFVwX3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi80ZDFhYjYtNDY1Yi00Mjc2LWJjNGEt
MmFmYTMwM2U0OTVkLzEvRXlKSWw5R2dFN05FaXpFU0Vablo5T0RBSHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi80ZDFhYjYtNDY1Yi00Mjc2LWJjNGEtMmFmYTMwM2U0OTVk
LzEvaGxzSHdvbmZhOG5IWXR0REtib000OFVwX3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrJMA0G
CSqGSIb3DQEBCwUAA4IBAQBaNPE/L7/0P6R52J/BEcHEd8kvqQBftYfEDJgA4P4z
BMNwUqwt+Tj0yXGCuB7tuegqcOwsXOAvF64nawRbrL0GPBHCZfHGAVRxCV3eJF9V
CMuucx4IiTzAY51OguvmhFHsPHOI7igxr7TgIpy2f5IdkU9BQNzaiVPlOZrP7n8X
OxduMmTcCgrMPPV66nYKH9gGGXwQsgpRl5dsOtRFRj0jLjqQBtVNVIw0zp/lFksB
LZ8FmyXl+Dc/byBf0yYb9GxzIRFt9uuI4ybtbSwVcDAtaEy8zC8vy3nOnhQ5+VsI
SOvWQtct/MflKIqC3q93lEoPqlorxokjm4MO4bgdtsVO
-----END CERTIFICATE-----