Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QCXTUG3eerVtOiEmL38Jx8M_RSs.roa
File:                     QCXTUG3eerVtOiEmL38Jx8M_RSs.roa (raw, json)
Hash identifier:          w0UBcH+wksFH8XO7NzAW4fTOcYFnvlNyjffqNhzzYnw=
Subject key identifier:   40:25:D3:50:6D:DE:7A:B5:6D:3A:21:26:2F:7F:09:C7:C3:3F:45:2B
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01913A8B78A87E4FFD3F4D5F59E40AF0A28B
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QCXTUG3eerVtOiEmL38Jx8M_RSs.roa
Signing time:             Sat 10 Aug 2024 04:28:24 +0000
ROA not before:           Sat 10 Aug 2024 04:28:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        85.239.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3a:8b:78:a8:7e:4f:fd:3f:4d:5f:59:e4:0a:f0:a2:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug 10 04:28:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4025d3506dde7ab56d3a21262f7f09c7c33f452b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5e:0b:9f:d2:29:db:a8:03:af:36:89:75:f1:
                    89:ad:04:79:6a:e6:0f:7c:82:0f:b3:4c:b6:85:53:
                    e1:a9:c3:7f:ba:70:d6:03:9a:0a:63:38:45:53:12:
                    21:5f:89:af:9a:3c:12:ea:8b:ee:77:ee:6a:70:fc:
                    67:fb:bb:db:14:68:5c:4a:6e:30:9e:3b:14:73:d5:
                    5a:42:0a:83:ee:63:7a:0c:1f:fe:d4:a7:1e:b9:65:
                    be:a6:b7:32:b5:1a:76:b8:ca:50:2e:e8:ca:21:10:
                    28:27:9b:34:c3:55:dd:f8:69:db:91:5e:70:49:6d:
                    97:17:b3:ea:ce:0b:75:40:6a:a2:93:2c:dc:d1:15:
                    83:f3:15:62:40:d8:41:58:2d:8b:d9:d5:0d:6d:62:
                    cf:fe:3b:bb:c2:e7:1c:92:da:7c:f6:8e:b9:73:e2:
                    cf:a5:14:42:d2:50:ff:93:99:c4:92:70:33:f2:b1:
                    ba:2f:93:84:dd:06:2f:20:03:75:af:db:7b:e6:52:
                    ee:df:6b:06:e3:ec:d1:62:bd:4d:f8:80:01:fa:e3:
                    7d:cc:ff:4c:87:13:2e:b1:0b:ed:5a:80:3f:fd:2d:
                    8a:b5:5a:4b:1a:40:ba:ac:ac:26:3d:af:08:3c:cc:
                    b7:35:ef:c0:e1:cc:1f:b3:f2:d3:e6:08:a7:1b:68:
                    2a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:25:D3:50:6D:DE:7A:B5:6D:3A:21:26:2F:7F:09:C7:C3:3F:45:2B
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/QCXTUG3eerVtOiEmL38Jx8M_RSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:0d:f4:22:84:bf:29:a2:a1:16:3e:42:47:e6:1c:6a:9d:0e:
         ba:57:6e:bb:e9:f7:9a:27:08:d4:bb:e0:ef:11:eb:bd:39:bf:
         4f:6a:c5:7f:36:2a:ae:48:1a:bc:b2:0b:33:c3:ad:56:52:96:
         0b:d8:c3:d9:87:42:38:96:e6:0f:01:9e:ca:c6:1b:8c:6f:9a:
         82:1d:6b:11:e5:9d:39:59:ef:bc:42:af:ab:37:fc:81:de:a2:
         af:5b:3f:95:f9:f1:e8:f1:9e:ed:e7:31:c5:6d:19:20:b4:0a:
         bb:ca:7d:83:4a:c6:c2:c0:5e:83:66:ff:c3:7a:d8:ee:52:8e:
         27:da:3c:1c:f2:e6:21:8e:cc:3d:87:33:68:bd:f5:c8:3f:b1:
         aa:b4:fc:83:35:70:c7:69:65:13:8f:90:77:c7:89:35:fc:9a:
         47:cb:64:e0:09:8f:7c:1e:c9:3a:8e:44:8a:48:4c:9f:4d:41:
         91:d2:1b:0c:7b:38:a2:77:95:3a:fa:4a:ec:e6:1b:bc:ad:ea:
         07:a2:cc:b8:f7:ab:3b:8d:57:d8:eb:1a:d3:ad:24:24:be:c6:
         37:f9:c9:21:5a:40:4f:b6:5e:ab:cc:72:65:59:a0:89:3f:e0:
         f5:5a:79:ad:c0:5c:a6:07:64:06:9e:a9:1b:7c:e7:ca:91:20:
         e8:2b:8d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE6i3iofk/9P01fWeQK8KKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQwODEwMDQyODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI1ZDM1MDZkZGU3YWI1NmQzYTIxMjYyZjdmMDljN2MzM2Y0NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV4Ln9Ip26gDrzaJdfGJrQR5auYP
fIIPs0y2hVPhqcN/unDWA5oKYzhFUxIhX4mvmjwS6ovud+5qcPxn+7vbFGhcSm4w
njsUc9VaQgqD7mN6DB/+1KceuWW+prcytRp2uMpQLujKIRAoJ5s0w1Xd+GnbkV5w
SW2XF7Pqzgt1QGqikyzc0RWD8xViQNhBWC2L2dUNbWLP/ju7wuccktp89o65c+LP
pRRC0lD/k5nEknAz8rG6L5OE3QYvIAN1r9t75lLu32sG4+zRYr1N+IAB+uN9zP9M
hxMusQvtWoA//S2KtVpLGkC6rKwmPa8IPMy3Ne/A4cwfs/LT5ginG2gqmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAl01Bt3nq1bTohJi9/CcfDP0UrMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUUNYVFVHM2VlclZ0T2lFbUwzOEp4OE1fUlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+RMA0G
CSqGSIb3DQEBCwUAA4IBAQApDfQihL8poqEWPkJH5hxqnQ66V2676feaJwjUu+Dv
Eeu9Ob9PasV/NiquSBq8sgszw61WUpYL2MPZh0I4luYPAZ7KxhuMb5qCHWsR5Z05
We+8Qq+rN/yB3qKvWz+V+fHo8Z7t5zHFbRkgtAq7yn2DSsbCwF6DZv/DetjuUo4n
2jwc8uYhjsw9hzNovfXIP7GqtPyDNXDHaWUTj5B3x4k1/JpHy2TgCY98Hsk6jkSK
SEyfTUGR0hsMeziid5U6+krs5hu8reoHosy496s7jVfY6xrTrSQkvsY3+ckhWkBP
tl6rzHJlWaCJP+D1WnmtwFymB2QGnqkbfOfKkSDoK43h
-----END CERTIFICATE-----