Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/F0WoFeFUhet7PzeJdUZ_-e5kl8g.roa
File:                     F0WoFeFUhet7PzeJdUZ_-e5kl8g.roa (raw, json)
Hash identifier:          0IxHHvZ+5DjhteAx99x4ED/uef2xLasftfHN8FmKIFg=
Subject key identifier:   17:45:A8:15:E1:54:85:EB:7B:3F:37:89:75:46:7F:F9:EE:64:97:C8
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0194252190019F5707C2222428A3719F2607
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/F0WoFeFUhet7PzeJdUZ_-e5kl8g.roa
Signing time:             Thu 02 Jan 2025 03:49:03 +0000
ROA not before:           Thu 02 Jan 2025 03:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        85.239.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:90:01:9f:57:07:c2:22:24:28:a3:71:9f:26:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan  2 03:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1745a815e15485eb7b3f378975467ff9ee6497c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:47:c7:aa:74:54:81:14:22:bf:3a:da:ad:10:
                    da:17:46:5a:43:5a:17:dd:51:6a:2a:ed:57:92:f9:
                    73:83:e7:9b:07:49:85:35:d2:bf:ed:c1:42:a0:1e:
                    ae:8c:16:53:be:2b:7a:21:90:98:5d:21:62:81:b4:
                    7b:d0:a8:c0:73:79:3e:94:c2:d1:cb:58:9b:eb:28:
                    ce:b4:08:81:97:2f:58:e7:aa:fd:3e:7c:1e:a1:0d:
                    2d:e7:ec:62:1a:9b:d4:ac:58:7d:b1:4e:98:cd:72:
                    11:35:6f:77:ab:8c:31:2c:7f:44:72:6c:d1:ca:d7:
                    e1:bc:20:d0:84:f7:51:93:42:3a:46:1a:7d:07:3f:
                    46:e1:2f:cf:98:7e:0d:8d:18:b9:8f:46:2b:34:d6:
                    e5:35:91:6d:5b:13:57:48:aa:c5:62:3e:ef:1c:19:
                    54:18:fb:e5:9a:7e:9d:6b:6c:59:d4:cb:2d:c4:53:
                    29:45:22:01:42:30:f6:69:b3:2f:e5:39:e7:d1:b1:
                    48:40:89:f5:2b:28:d1:78:71:4a:1e:16:43:7a:c5:
                    71:f7:b4:77:4f:6a:64:b4:6e:98:6b:ce:36:be:54:
                    a4:cb:10:7c:62:d9:2c:fd:96:8b:87:e1:8a:21:97:
                    62:77:31:2d:ea:c9:bc:a7:ad:db:78:54:e2:ae:fc:
                    84:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:45:A8:15:E1:54:85:EB:7B:3F:37:89:75:46:7F:F9:EE:64:97:C8
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/F0WoFeFUhet7PzeJdUZ_-e5kl8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:8a:83:19:47:ab:2d:8f:5a:be:0a:88:0d:56:4e:fe:0a:e7:
         f0:19:13:1a:ec:1d:f6:1d:51:53:e0:d4:73:b4:88:d8:4b:3f:
         1a:bf:90:e6:34:d4:25:1a:fd:79:55:2b:75:d6:1e:cb:28:e5:
         b0:67:d1:f0:94:7c:20:e7:c9:01:66:eb:6b:4a:f4:d2:f9:52:
         cd:bc:91:a8:83:f0:f6:ad:b8:8f:11:b5:85:b9:a8:86:bc:8c:
         5b:38:c0:a6:52:eb:e6:3d:ef:84:d0:0a:42:fc:f1:39:81:de:
         04:26:fa:45:3a:51:78:bc:62:b0:4e:55:a3:dc:8c:56:cc:43:
         da:cf:b5:a7:e8:a3:42:b0:60:bd:2a:00:68:10:10:b0:f0:e4:
         72:3a:9a:7d:7c:86:c8:4d:c7:d3:22:a9:65:8c:05:1e:7e:67:
         23:74:d0:c3:6f:66:3f:81:32:b5:df:4d:fe:b5:a7:4a:4e:09:
         d4:40:05:34:12:5c:a5:30:d9:fc:e0:14:4e:2b:fb:dd:c6:13:
         9d:4f:68:80:8b:49:65:1f:d9:13:4a:48:95:c4:30:29:90:20:
         df:a7:a1:c8:70:f5:b9:55:1f:36:8d:7e:8d:08:b9:b7:48:11:
         9f:44:84:0b:00:7d:0d:73:bc:a7:ff:c9:11:1b:cb:82:77:33:
         c2:8f:80:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZABn1cHwiIkKKNxnyYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzQ1YTgxNWUxNTQ4NWViN2IzZjM3ODk3NTQ2N2ZmOWVlNjQ5N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EfHqnRUgRQivzrarRDaF0ZaQ1oX
3VFqKu1Xkvlzg+ebB0mFNdK/7cFCoB6ujBZTvit6IZCYXSFigbR70KjAc3k+lMLR
y1ib6yjOtAiBly9Y56r9PnweoQ0t5+xiGpvUrFh9sU6YzXIRNW93q4wxLH9EcmzR
ytfhvCDQhPdRk0I6Rhp9Bz9G4S/PmH4NjRi5j0YrNNblNZFtWxNXSKrFYj7vHBlU
GPvlmn6da2xZ1MstxFMpRSIBQjD2abMv5Tnn0bFIQIn1KyjReHFKHhZDesVx97R3
T2pktG6Ya842vlSkyxB8Ytks/ZaLh+GKIZdidzEt6sm8p63beFTirvyEpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdFqBXhVIXrez83iXVGf/nuZJfIMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvRjBXb0ZlRlVoZXQ3UHplSmRVWl8tZTVrbDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+UMA0G
CSqGSIb3DQEBCwUAA4IBAQBQioMZR6stj1q+CogNVk7+CufwGRMa7B32HVFT4NRz
tIjYSz8av5DmNNQlGv15VSt11h7LKOWwZ9HwlHwg58kBZutrSvTS+VLNvJGog/D2
rbiPEbWFuaiGvIxbOMCmUuvmPe+E0ApC/PE5gd4EJvpFOlF4vGKwTlWj3IxWzEPa
z7Wn6KNCsGC9KgBoEBCw8ORyOpp9fIbITcfTIqlljAUefmcjdNDDb2Y/gTK1303+
tadKTgnUQAU0ElylMNn84BROK/vdxhOdT2iAi0llH9kTSkiVxDApkCDfp6HIcPW5
VR82jX6NCLm3SBGfRIQLAH0Nc7yn/8kRG8uCdzPCj4B+
-----END CERTIFICATE-----