Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/18CbUvKYWO6PYu_t92D214_TJes.roa
File:                     18CbUvKYWO6PYu_t92D214_TJes.roa (raw, json)
Hash identifier:          gxubaEnhi8atyxnwW/VBZzNjtAflWsy9V6S18PdX27o=
Subject key identifier:   D7:C0:9B:52:F2:98:58:EE:8F:62:EF:ED:F7:60:F6:D7:8F:D3:25:EB
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0197EAF5864EDCD9402B06F3C5EF9B6F5733
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/18CbUvKYWO6PYu_t92D214_TJes.roa
Signing time:             Tue 08 Jul 2025 16:54:08 +0000
ROA not before:           Tue 08 Jul 2025 16:54:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61003
IP address blocks:        178.239.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 09:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ea:f5:86:4e:dc:d9:40:2b:06:f3:c5:ef:9b:6f:57:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jul  8 16:54:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7c09b52f29858ee8f62efedf760f6d78fd325eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:61:92:87:03:2a:1c:db:ec:c9:d2:43:b3:15:
                    37:76:a1:75:a0:2d:cd:96:27:7d:f1:e8:4a:38:0b:
                    8e:ee:2f:53:fb:35:30:c7:8b:75:b2:fc:86:27:68:
                    bc:d2:22:58:24:2f:58:3c:35:f1:2e:9c:71:76:a8:
                    9d:69:58:35:9c:9d:bd:31:89:0a:fb:ca:04:b7:4e:
                    6c:39:2a:c7:18:82:5b:f2:35:b3:27:da:6c:93:8a:
                    10:80:b1:1c:ed:76:78:0f:38:3b:7e:1b:74:33:96:
                    7d:7c:a7:c8:29:5c:0a:b5:3e:2a:fb:16:ff:08:cc:
                    57:01:7e:3b:a4:9b:42:5d:68:fd:09:38:d4:e1:57:
                    be:a4:5e:73:61:97:ee:fa:5d:11:44:04:49:51:3e:
                    47:8f:2b:e0:44:08:c8:47:fd:3d:e9:f3:3b:15:6e:
                    3a:80:9e:78:29:24:0c:10:a9:79:fb:6e:45:2c:7e:
                    12:5b:4c:94:c5:ba:61:fc:49:b4:f2:5f:cc:e5:3e:
                    72:e6:e1:cd:a8:7c:22:44:ea:12:78:55:42:ba:3f:
                    da:a7:d5:d9:e0:4f:5e:dd:d7:b0:1b:50:1c:0e:f3:
                    ec:1a:73:40:22:45:7d:dc:2a:5e:93:13:7c:57:1b:
                    21:64:38:8c:37:0c:d0:76:ca:28:a6:86:5b:71:bc:
                    a7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C0:9B:52:F2:98:58:EE:8F:62:EF:ED:F7:60:F6:D7:8F:D3:25:EB
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/18CbUvKYWO6PYu_t92D214_TJes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:2b:90:53:16:31:e7:ab:3a:1e:d0:b7:17:74:88:b0:61:78:
         07:1b:bd:7b:c7:db:7b:dc:3f:8c:81:4b:89:7a:c3:0f:44:98:
         ec:0d:8d:36:c2:a3:2a:7e:eb:a9:1d:32:a9:97:c0:74:1a:a0:
         dd:84:97:99:71:2c:ca:eb:0a:43:41:0e:42:02:0d:43:4c:ae:
         f0:b2:5b:57:75:bc:39:68:45:25:e7:bf:97:cd:be:33:a4:a8:
         9e:a4:89:8e:ce:70:fa:88:a6:cd:8f:ec:9c:b5:8f:d8:89:02:
         07:08:6a:b1:a4:27:d4:9f:6a:a0:a5:0f:b7:8a:bd:13:14:db:
         88:07:0d:f7:ed:0b:88:17:62:36:b6:72:7a:dd:e1:5d:fb:0e:
         1f:80:fc:7d:bd:e8:21:b3:58:46:74:86:c2:8a:eb:98:17:e3:
         a4:53:91:20:4d:4d:53:b9:98:c8:06:46:32:fc:e1:01:77:0d:
         6e:5a:1d:e6:d7:b7:3f:d0:05:54:59:71:e3:51:11:cc:02:00:
         31:20:30:52:af:0d:5e:d3:8f:0c:78:cc:77:8e:2c:6b:ed:7b:
         e8:5f:d0:29:72:21:e7:57:3e:eb:8c:69:71:22:67:7c:18:d2:
         d8:c8:59:59:12:84:61:04:d7:0f:d1:0c:b5:b7:bf:bc:46:37:
         76:2a:51:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfq9YZO3NlAKwbzxe+bb1czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNzA4MTY1NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MwOWI1MmYyOTg1OGVlOGY2MmVmZWRmNzYwZjZkNzhmZDMyNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGGShwMqHNvsydJDsxU3dqF1oC3N
lid98ehKOAuO7i9T+zUwx4t1svyGJ2i80iJYJC9YPDXxLpxxdqidaVg1nJ29MYkK
+8oEt05sOSrHGIJb8jWzJ9psk4oQgLEc7XZ4Dzg7fht0M5Z9fKfIKVwKtT4q+xb/
CMxXAX47pJtCXWj9CTjU4Ve+pF5zYZfu+l0RRARJUT5HjyvgRAjIR/096fM7FW46
gJ54KSQMEKl5+25FLH4SW0yUxbph/Em08l/M5T5y5uHNqHwiROoSeFVCuj/ap9XZ
4E9e3dewG1AcDvPsGnNAIkV93CpekxN8VxshZDiMNwzQdsoopoZbcbynIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfAm1LymFjuj2Lv7fdg9teP0yXrMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvMThDYlV2S1lXTzZQWXVfdDkyRDIxNF9USmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu9wMA0G
CSqGSIb3DQEBCwUAA4IBAQCUK5BTFjHnqzoe0LcXdIiwYXgHG717x9t73D+MgUuJ
esMPRJjsDY02wqMqfuupHTKpl8B0GqDdhJeZcSzK6wpDQQ5CAg1DTK7wsltXdbw5
aEUl57+Xzb4zpKiepImOznD6iKbNj+yctY/YiQIHCGqxpCfUn2qgpQ+3ir0TFNuI
Bw337QuIF2I2tnJ63eFd+w4fgPx9veghs1hGdIbCiuuYF+OkU5EgTU1TuZjIBkYy
/OEBdw1uWh3m17c/0AVUWXHjURHMAgAxIDBSrw1e048MeMx3jixr7XvoX9ApciHn
Vz7rjGlxImd8GNLYyFlZEoRhBNcP0Qy1t7+8Rjd2KlG8
-----END CERTIFICATE-----