Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/t74IIjbKINA8KWETbMX1Yua90lo.roa
File:                     t74IIjbKINA8KWETbMX1Yua90lo.roa (raw, json)
Hash identifier:          g1G25OsuDaHKu2krUemJKYVo40kgh5xmhUKpIWtaI5M=
Subject key identifier:   B7:BE:08:22:36:CA:20:D0:3C:29:61:13:6C:C5:F5:62:E6:BD:D2:5A
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01966B7B62736515A752C2628B10D87B7017
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/t74IIjbKINA8KWETbMX1Yua90lo.roa
Signing time:             Fri 25 Apr 2025 05:46:10 +0000
ROA not before:           Fri 25 Apr 2025 05:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6693
IP address blocks:        92.87.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:7b:62:73:65:15:a7:52:c2:62:8b:10:d8:7b:70:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Apr 25 05:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7be082236ca20d03c2961136cc5f562e6bdd25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:44:af:0e:d9:2d:f2:58:d2:15:fc:6f:98:1b:
                    bf:53:40:2e:a3:35:75:92:d5:19:4f:da:12:e5:cd:
                    f3:7b:fb:af:69:af:83:21:5e:6c:5e:a6:fb:72:38:
                    a1:a9:8e:a9:b1:f1:19:93:bc:c2:1c:4f:63:f2:a2:
                    2d:70:c5:35:c3:60:bd:6d:39:c3:b1:2e:60:ec:d3:
                    5c:11:0d:18:71:e6:72:ba:da:9e:3b:94:e1:68:c7:
                    97:a3:3e:62:d1:22:34:4f:f2:aa:5a:7c:77:16:36:
                    a9:9e:bb:ed:5b:f4:4e:28:39:83:b5:01:c6:f6:fb:
                    8c:cb:e6:e4:f3:0d:94:f8:fe:4f:f3:ed:e4:7e:10:
                    11:db:be:18:83:2b:8c:1f:fe:58:7f:d3:da:50:2d:
                    c6:05:9b:00:19:50:38:a3:c1:58:d5:33:ab:5d:bb:
                    7b:1e:2b:c2:e1:1f:d8:6b:dc:c4:99:80:55:f2:56:
                    f5:b7:a7:54:56:9a:ac:d3:e0:b8:d0:ac:ec:a9:ed:
                    b4:8f:5a:b0:6d:54:0e:23:16:4e:60:76:4d:a4:aa:
                    19:87:87:32:ad:f5:b9:03:b5:27:cf:30:74:b0:b0:
                    2b:16:06:5f:49:1c:ff:07:b2:2e:89:90:c0:87:07:
                    68:0d:38:76:23:2f:f0:47:e0:e3:84:9e:42:e7:8a:
                    cb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BE:08:22:36:CA:20:D0:3C:29:61:13:6C:C5:F5:62:E6:BD:D2:5A
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/t74IIjbKINA8KWETbMX1Yua90lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.87.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:2c:33:e4:71:6e:4d:f6:bb:08:b5:29:35:fa:ad:f5:9c:23:
         06:de:5c:8c:81:b7:6c:1d:62:82:5d:1c:6e:1d:0c:11:7f:1d:
         98:31:1f:1f:d7:f1:d6:32:f2:71:08:98:7d:e8:99:d3:79:71:
         6d:47:ec:0d:02:bf:db:80:06:77:c4:b8:05:6e:95:0a:c9:eb:
         32:cb:38:56:70:55:a8:34:d3:ee:4a:d4:c3:95:59:35:5a:b4:
         c3:df:2c:7c:74:f9:1a:6c:ba:1c:d5:99:7e:8b:1a:a3:1b:62:
         42:82:31:6c:3e:b9:61:d7:5e:49:4e:f8:22:5b:8d:53:93:b6:
         74:ff:99:4d:e5:e8:4c:ab:fa:77:b0:2a:64:d6:34:9e:0a:6e:
         68:35:47:e7:14:d2:89:9c:bb:6f:10:de:d7:d7:4a:bc:09:70:
         16:cb:bf:02:5a:f5:0f:23:bd:54:ee:62:db:78:e6:08:9d:9e:
         ca:76:8b:56:ee:19:c3:6d:6e:a0:60:86:13:0d:36:36:6e:5e:
         31:5c:4a:80:c5:53:42:6e:91:e5:68:f4:3e:f4:4a:9f:42:a9:
         83:9b:83:65:30:d5:6d:97:21:51:ee:9e:9c:05:93:e9:47:fc:
         88:79:dd:91:1f:be:f9:bb:a2:fa:1f:73:e1:d6:3d:27:7a:43:
         2b:f3:47:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZre2JzZRWnUsJiixDYe3AXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjUwNDI1MDU0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JlMDgyMjM2Y2EyMGQwM2MyOTYxMTM2Y2M1ZjU2MmU2YmRkMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0SvDtkt8ljSFfxvmBu/U0AuozV1
ktUZT9oS5c3ze/uvaa+DIV5sXqb7cjihqY6psfEZk7zCHE9j8qItcMU1w2C9bTnD
sS5g7NNcEQ0YceZyutqeO5ThaMeXoz5i0SI0T/KqWnx3FjapnrvtW/ROKDmDtQHG
9vuMy+bk8w2U+P5P8+3kfhAR274YgyuMH/5Yf9PaUC3GBZsAGVA4o8FY1TOrXbt7
HivC4R/Ya9zEmYBV8lb1t6dUVpqs0+C40Kzsqe20j1qwbVQOIxZOYHZNpKoZh4cy
rfW5A7UnzzB0sLArFgZfSRz/B7IuiZDAhwdoDTh2Iy/wR+DjhJ5C54rLRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe+CCI2yiDQPClhE2zF9WLmvdJaMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvdDc0SUlqYktJTkE4S1dFVGJNWDFZdWE5MGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXFfMMA0G
CSqGSIb3DQEBCwUAA4IBAQCYLDPkcW5N9rsItSk1+q31nCMG3lyMgbdsHWKCXRxu
HQwRfx2YMR8f1/HWMvJxCJh96JnTeXFtR+wNAr/bgAZ3xLgFbpUKyesyyzhWcFWo
NNPuStTDlVk1WrTD3yx8dPkabLoc1Zl+ixqjG2JCgjFsPrlh115JTvgiW41Tk7Z0
/5lN5ehMq/p3sCpk1jSeCm5oNUfnFNKJnLtvEN7X10q8CXAWy78CWvUPI71U7mLb
eOYInZ7KdotW7hnDbW6gYIYTDTY2bl4xXEqAxVNCbpHlaPQ+9EqfQqmDm4NlMNVt
lyFR7p6cBZPpR/yIed2RH775u6L6H3Ph1j0nekMr80fp
-----END CERTIFICATE-----