Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/B9bjJc5Oae9PEKPXIiXsKsSs9WQ.roa
File:                     B9bjJc5Oae9PEKPXIiXsKsSs9WQ.roa (raw, json)
Hash identifier:          KKshRszJ3ZpgC0vij+vjmzbzFw7agfxG++MlKjyF07Y=
Subject key identifier:   07:D6:E3:25:CE:4E:69:EF:4F:10:A3:D7:22:25:EC:2A:C4:AC:F5:64
Certificate issuer:       /CN=47f863014c6033f1d89242b3e5e9561489f9c26a
Certificate serial:       01989394E171738EB6B04C7A447B1BBCFFE7
Authority key identifier: 47:F8:63:01:4C:60:33:F1:D8:92:42:B3:E5:E9:56:14:89:F9:C2:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R_hjAUxgM_HYkkKz5elWFIn5wmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/B9bjJc5Oae9PEKPXIiXsKsSs9WQ.roa
Signing time:             Sun 10 Aug 2025 10:44:24 +0000
ROA not before:           Sun 10 Aug 2025 10:44:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211408
IP address blocks:        92.42.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/R_hjAUxgM_HYkkKz5elWFIn5wmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/R_hjAUxgM_HYkkKz5elWFIn5wmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R_hjAUxgM_HYkkKz5elWFIn5wmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:93:94:e1:71:73:8e:b6:b0:4c:7a:44:7b:1b:bc:ff:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47f863014c6033f1d89242b3e5e9561489f9c26a
        Validity
            Not Before: Aug 10 10:44:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07d6e325ce4e69ef4f10a3d72225ec2ac4acf564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:52:5c:c5:c2:45:ba:3f:0d:ab:be:8b:44:a6:
                    ae:98:2d:65:df:80:45:82:5b:e8:1a:88:88:ac:70:
                    01:3f:a2:bc:6c:25:40:36:5b:fa:2b:b3:1f:aa:4e:
                    5f:f1:d4:7d:97:d6:c6:58:c4:08:6e:0d:f4:68:0f:
                    f2:dc:a8:28:77:d7:85:97:8a:14:70:59:4c:bc:e5:
                    e7:4b:62:f2:01:14:76:32:4c:fa:8a:5b:a5:40:97:
                    82:75:b0:60:38:b9:28:cd:20:3b:05:9d:84:04:b2:
                    0a:0d:ca:ac:88:29:be:ff:c6:b9:fa:86:61:76:ff:
                    b1:98:dc:a2:be:4c:06:66:5e:e1:e1:db:bf:06:60:
                    83:3a:93:72:78:51:6c:14:ed:5a:de:d9:d7:fd:7e:
                    24:9f:33:15:56:a8:25:0d:a1:b9:54:1e:72:23:1a:
                    a5:93:1f:87:88:50:0e:13:b0:29:31:fb:4c:d0:e8:
                    81:aa:88:0a:fb:1f:ce:2d:da:65:2a:8b:4d:40:e9:
                    f3:10:4f:ec:6c:b9:11:40:a8:60:09:21:4a:9e:07:
                    1e:f3:09:8d:7d:e5:74:e6:54:40:90:34:27:88:58:
                    7c:cc:ca:4b:db:3e:98:e4:be:34:0c:e5:ac:9a:fa:
                    69:00:53:49:75:d8:f9:e6:40:23:0b:d4:2b:a4:c1:
                    af:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D6:E3:25:CE:4E:69:EF:4F:10:A3:D7:22:25:EC:2A:C4:AC:F5:64
            X509v3 Authority Key Identifier:
                keyid:47:F8:63:01:4C:60:33:F1:D8:92:42:B3:E5:E9:56:14:89:F9:C2:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R_hjAUxgM_HYkkKz5elWFIn5wmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/B9bjJc5Oae9PEKPXIiXsKsSs9WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/78ec89-bbd7-4403-8325-983dec34be4b/1/R_hjAUxgM_HYkkKz5elWFIn5wmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:5b:2d:8b:a4:05:80:f7:33:61:bd:2a:8b:58:9a:f9:15:c4:
         23:85:72:b8:49:ac:6e:60:e1:d7:af:e0:14:a8:d0:07:db:69:
         4d:45:8a:05:b8:91:e9:bd:d4:d5:35:4a:69:da:aa:7f:76:2e:
         c6:f6:c9:5e:dd:ff:0c:d0:f6:5c:23:92:70:82:5e:bf:1c:1c:
         b7:ba:24:90:8d:39:c3:4d:95:9e:3a:1c:70:f9:4d:2a:43:ff:
         a2:b7:36:68:83:b2:0f:12:1a:a5:b8:ad:3d:2e:93:14:64:ea:
         75:45:f6:e8:f5:69:07:0f:8d:93:4a:2a:10:32:b9:6e:94:a0:
         b0:9a:57:3d:9c:5f:78:29:bb:26:4d:44:8c:71:c0:5a:b8:27:
         c6:ea:73:99:f3:00:73:d4:48:44:38:67:3f:6f:ee:3f:9b:db:
         f6:80:23:03:64:9b:bd:cd:1c:49:22:be:14:34:f2:6e:33:fb:
         7c:1b:2a:83:9b:96:4d:44:d0:70:49:55:6c:02:aa:64:16:f9:
         34:c7:72:dd:a4:be:fb:62:1a:1e:01:1c:c3:db:fb:15:79:c6:
         6f:d4:e5:df:e2:ec:a5:b8:2c:5d:39:a9:47:03:bf:b3:5b:a2:
         20:c5:67:b8:69:78:f7:2f:6f:32:0f:72:eb:de:a5:c7:d5:75:
         a2:1d:5f:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiTlOFxc462sEx6RHsbvP/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Zjg2MzAxNGM2MDMzZjFkODkyNDJiM2U1ZTk1NjE0ODlm
OWMyNmEwHhcNMjUwODEwMTA0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Q2ZTMyNWNlNGU2OWVmNGYxMGEzZDcyMjI1ZWMyYWM0YWNmNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1JcxcJFuj8Nq76LRKaumC1l34BF
glvoGoiIrHABP6K8bCVANlv6K7Mfqk5f8dR9l9bGWMQIbg30aA/y3Kgod9eFl4oU
cFlMvOXnS2LyARR2Mkz6ilulQJeCdbBgOLkozSA7BZ2EBLIKDcqsiCm+/8a5+oZh
dv+xmNyivkwGZl7h4du/BmCDOpNyeFFsFO1a3tnX/X4knzMVVqglDaG5VB5yIxql
kx+HiFAOE7ApMftM0OiBqogK+x/OLdplKotNQOnzEE/sbLkRQKhgCSFKngce8wmN
feV05lRAkDQniFh8zMpL2z6Y5L40DOWsmvppAFNJddj55kAjC9QrpMGvCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfW4yXOTmnvTxCj1yIl7CrErPVkMB8GA1UdIwQY
MBaAFEf4YwFMYDPx2JJCs+XpVhSJ+cJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUl9oakFVeGdNX0hZa2tLejVlbFdGSW41d21vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy83OGVjODktYmJkNy00NDAzLTgzMjUt
OTgzZGVjMzRiZTRiLzEvQjliakpjNU9hZTlQRUtQWElpWHNLc1NzOVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy83OGVjODktYmJkNy00NDAzLTgzMjUtOTgzZGVjMzRiZTRi
LzEvUl9oakFVeGdNX0hZa2tLejVlbFdGSW41d21vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrNMA0G
CSqGSIb3DQEBCwUAA4IBAQABWy2LpAWA9zNhvSqLWJr5FcQjhXK4SaxuYOHXr+AU
qNAH22lNRYoFuJHpvdTVNUpp2qp/di7G9sle3f8M0PZcI5Jwgl6/HBy3uiSQjTnD
TZWeOhxw+U0qQ/+itzZog7IPEhqluK09LpMUZOp1Rfbo9WkHD42TSioQMrlulKCw
mlc9nF94KbsmTUSMccBauCfG6nOZ8wBz1EhEOGc/b+4/m9v2gCMDZJu9zRxJIr4U
NPJuM/t8GyqDm5ZNRNBwSVVsAqpkFvk0x3LdpL77YhoeARzD2/sVecZv1OXf4uyl
uCxdOalHA7+zW6IgxWe4aXj3L28yD3Lr3qXH1XWiHV++
-----END CERTIFICATE-----