Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3qP8CYLQLArKhUt9WLXpexidX9s.roa
File:                     3qP8CYLQLArKhUt9WLXpexidX9s.roa (raw, json)
Hash identifier:          fJwq5Z3pf4stIhUvf/rKCUyniRyWeBrZT0wpMhdvrnY=
Subject key identifier:   DE:A3:FC:09:82:D0:2C:0A:CA:85:4B:7D:58:B5:E9:7B:18:9D:5F:DB
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019425218C53532AC3D068EA401F3FB9854F
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3qP8CYLQLArKhUt9WLXpexidX9s.roa
Signing time:             Thu 02 Jan 2025 03:49:03 +0000
ROA not before:           Thu 02 Jan 2025 03:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        85.239.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8c:53:53:2a:c3:d0:68:ea:40:1f:3f:b9:85:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan  2 03:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dea3fc0982d02c0aca854b7d58b5e97b189d5fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:57:39:77:82:4f:b1:48:3b:80:8b:65:bc:36:
                    50:6c:12:9e:b1:f0:7d:08:3e:fa:13:ae:fc:96:b1:
                    ce:12:e8:fe:67:37:f1:cf:a5:b2:64:33:02:e7:5c:
                    11:3b:24:ae:43:64:17:a0:34:28:4c:a4:4f:d2:ce:
                    53:d9:a2:9c:c3:68:4f:14:96:36:cc:b2:40:2d:08:
                    dd:34:1e:de:eb:2d:a4:b1:c4:9f:c7:8e:3c:12:6b:
                    f5:56:75:9e:db:9a:77:7e:fb:0c:d2:ee:28:77:0f:
                    8d:e4:f3:e9:26:bb:c9:7a:3d:74:0f:d1:5c:da:4e:
                    4f:de:79:98:db:89:84:3c:9f:6a:ec:96:46:4d:8a:
                    67:e6:ae:c5:71:d3:b5:05:d7:7e:6c:63:e9:cd:2b:
                    e4:d0:31:a1:cb:f3:25:5d:19:fd:c5:38:31:2d:5a:
                    d5:7f:08:17:c7:99:2d:7e:7f:4d:d6:b5:f5:ef:a9:
                    d4:51:35:bb:91:a6:52:be:ec:d6:b6:33:92:c0:ac:
                    88:51:19:61:70:df:e7:6a:27:37:79:13:e5:f9:09:
                    53:d2:07:a4:6a:97:2b:f4:10:32:9f:cb:30:19:1e:
                    3c:92:0a:01:ef:ac:97:a7:3f:e5:0b:24:d1:7b:eb:
                    5f:70:84:46:5e:86:29:c9:98:53:2a:d6:6f:e3:98:
                    c2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A3:FC:09:82:D0:2C:0A:CA:85:4B:7D:58:B5:E9:7B:18:9D:5F:DB
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/3qP8CYLQLArKhUt9WLXpexidX9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:83:a8:92:63:f0:5b:8e:47:2f:8f:e2:a9:55:39:76:af:c6:
         40:d2:c7:3d:8a:3d:56:51:c3:a0:91:c3:97:c8:64:10:8b:e0:
         84:7a:05:6e:7a:35:a7:0a:10:1d:7e:49:7a:19:e4:3c:0c:7b:
         25:ab:fe:ed:bb:63:0d:5f:4c:65:f1:2d:78:24:d2:97:90:f5:
         f9:43:e2:72:8a:90:77:90:1b:5b:8d:6b:23:9f:b7:f5:0e:a9:
         e5:9f:1e:c8:83:16:b6:8c:b1:48:75:85:fe:4d:09:aa:58:b7:
         64:96:f8:b3:3b:5f:a1:71:08:13:68:3b:02:4a:a1:72:22:3f:
         c3:2f:d1:9b:4f:76:d4:1b:82:cc:a0:fa:30:79:00:33:5f:26:
         3f:b7:f4:85:b3:f1:e6:d0:dc:ec:6f:9e:82:67:a1:7d:39:ec:
         4f:6e:86:b1:cb:34:7b:b3:80:2a:c5:e8:e6:97:bb:a3:4f:40:
         7e:69:fc:55:be:39:fb:7f:dd:57:05:af:81:92:d6:ca:82:b2:
         d0:7b:ae:40:67:6b:99:06:f5:4a:ed:db:eb:7e:66:71:53:87:
         62:86:ea:df:76:62:68:8b:02:21:a9:16:a4:df:4d:e5:92:34:
         28:9b:db:43:e4:3e:e5:ae:c2:c0:10:b7:2e:83:29:23:86:a2:
         19:11:2e:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYxTUyrD0GjqQB8/uYVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWEzZmMwOTgyZDAyYzBhY2E4NTRiN2Q1OGI1ZTk3YjE4OWQ1ZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFc5d4JPsUg7gItlvDZQbBKesfB9
CD76E678lrHOEuj+Zzfxz6WyZDMC51wROySuQ2QXoDQoTKRP0s5T2aKcw2hPFJY2
zLJALQjdNB7e6y2kscSfx448Emv1VnWe25p3fvsM0u4odw+N5PPpJrvJej10D9Fc
2k5P3nmY24mEPJ9q7JZGTYpn5q7FcdO1Bdd+bGPpzSvk0DGhy/MlXRn9xTgxLVrV
fwgXx5ktfn9N1rX176nUUTW7kaZSvuzWtjOSwKyIURlhcN/naic3eRPl+QlT0gek
apcr9BAyn8swGR48kgoB76yXpz/lCyTRe+tfcIRGXoYpyZhTKtZv45jCXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6j/AmC0CwKyoVLfVi16XsYnV/bMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvM3FQOENZTFFMQXJLaFV0OVdMWHBleGlkWDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+RMA0G
CSqGSIb3DQEBCwUAA4IBAQBhg6iSY/Bbjkcvj+KpVTl2r8ZA0sc9ij1WUcOgkcOX
yGQQi+CEegVuejWnChAdfkl6GeQ8DHslq/7tu2MNX0xl8S14JNKXkPX5Q+JyipB3
kBtbjWsjn7f1Dqnlnx7Igxa2jLFIdYX+TQmqWLdklvizO1+hcQgTaDsCSqFyIj/D
L9GbT3bUG4LMoPoweQAzXyY/t/SFs/Hm0Nzsb56CZ6F9OexPboaxyzR7s4Aqxejm
l7ujT0B+afxVvjn7f91XBa+BktbKgrLQe65AZ2uZBvVK7dvrfmZxU4dihurfdmJo
iwIhqRak303lkjQom9tD5D7lrsLAELcugykjhqIZES5c
-----END CERTIFICATE-----