Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RPKuIuiwLUOTopNmIn4BOJGs7i0.roa
File:                     RPKuIuiwLUOTopNmIn4BOJGs7i0.roa (raw, json)
Hash identifier:          lIg6TqObzFxbqNZ5fchVzBYqOiLD6H6xqfkDU6vs6XY=
Subject key identifier:   44:F2:AE:22:E8:B0:2D:43:93:A2:93:66:22:7E:01:38:91:AC:EE:2D
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019598B3B8605FC73E0ACD08FFD57A7B9407
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RPKuIuiwLUOTopNmIn4BOJGs7i0.roa
Signing time:             Sat 15 Mar 2025 07:27:49 +0000
ROA not before:           Sat 15 Mar 2025 07:27:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        85.239.156.0/24 maxlen: 24
                          85.239.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:03:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:98:b3:b8:60:5f:c7:3e:0a:cd:08:ff:d5:7a:7b:94:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar 15 07:27:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44f2ae22e8b02d4393a29366227e013891acee2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0d:75:9f:12:6d:42:81:2b:11:7d:22:45:f4:
                    65:ef:49:f0:bf:dd:38:36:16:57:d2:2d:6c:50:e7:
                    dd:e5:22:39:57:28:16:46:79:ff:1f:de:23:7a:9d:
                    ab:88:db:85:85:1b:50:12:82:85:e1:0a:d3:28:fe:
                    65:65:d5:ba:19:3b:c5:ef:04:0d:d4:e5:5c:ee:ef:
                    89:af:b6:16:de:c0:15:96:fc:10:9f:04:52:1f:16:
                    ad:6a:e6:39:1d:89:d5:91:27:d9:a6:24:0f:e6:50:
                    15:7a:ba:34:d6:13:04:f8:a6:c5:96:fa:70:de:73:
                    53:c3:7b:22:0e:9e:06:31:16:9e:c9:50:e1:fc:4c:
                    9a:00:a9:d2:c9:d4:7e:5e:10:fd:25:31:5a:41:47:
                    57:7c:5b:1d:ab:e3:1a:af:7b:99:49:92:1c:52:85:
                    5e:58:1e:f0:de:35:99:ce:d6:e1:10:3a:e0:f0:92:
                    bc:73:e8:f0:bd:94:9d:f1:ea:7b:cd:b2:35:48:0e:
                    e8:12:65:8a:90:43:f4:19:10:c1:82:ac:0a:1e:49:
                    28:5b:1c:f1:b7:b0:70:21:b9:02:3c:62:2e:f0:3f:
                    3a:dc:9e:2a:d8:0c:5e:82:35:b8:53:52:6a:62:b2:
                    aa:7d:57:7b:ee:24:10:0c:b9:26:fc:44:85:d4:34:
                    54:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F2:AE:22:E8:B0:2D:43:93:A2:93:66:22:7E:01:38:91:AC:EE:2D
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/RPKuIuiwLUOTopNmIn4BOJGs7i0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.156.0/24
                  85.239.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:27:81:93:00:f7:5f:c9:89:82:a9:e8:a9:8e:13:66:d1:f9:
         53:3f:63:c1:56:f6:0f:ba:53:67:84:e6:90:da:b1:e2:5c:fc:
         bc:b4:79:8a:56:c5:fe:a9:09:73:6e:03:41:c6:45:7c:d7:a4:
         12:0e:28:4a:23:8c:c4:16:ad:51:64:0f:f8:dc:bb:01:89:51:
         ef:13:58:af:f8:98:de:d5:46:c3:ce:7f:5e:70:72:de:54:79:
         5c:18:fc:80:a5:9b:dc:c2:15:5d:7a:dd:72:a8:84:b4:1f:21:
         42:41:0c:74:1d:79:68:70:42:ad:55:a5:bc:19:60:f8:a3:1b:
         ed:01:00:9c:35:d4:bf:04:f3:8b:35:40:5f:65:76:1e:9f:4d:
         f0:f2:88:a7:d3:d7:1c:d1:5c:ad:d8:c5:22:81:19:c5:58:53:
         5f:fa:a5:dd:d9:b4:c9:64:a6:1e:d1:b4:bf:db:28:00:9f:ea:
         7f:93:2c:a3:ce:c8:78:9d:78:a6:b7:3f:f1:a9:96:cd:fe:af:
         25:fb:a1:8e:92:f1:84:26:43:f9:bd:0f:71:83:c4:16:93:7c:
         e9:e0:0d:9f:1b:18:12:32:25:8c:32:9d:02:e6:9a:0a:e1:69:
         ca:dd:d4:6d:8e:68:0c:ac:ab:d3:dc:36:1a:2b:9e:40:ee:80:
         43:08:bb:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWYs7hgX8c+Cs0I/9V6e5QHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMzE1MDcyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGYyYWUyMmU4YjAyZDQzOTNhMjkzNjYyMjdlMDEzODkxYWNlZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzA11nxJtQoErEX0iRfRl70nwv904
NhZX0i1sUOfd5SI5VygWRnn/H94jep2riNuFhRtQEoKF4QrTKP5lZdW6GTvF7wQN
1OVc7u+Jr7YW3sAVlvwQnwRSHxatauY5HYnVkSfZpiQP5lAVero01hME+KbFlvpw
3nNTw3siDp4GMRaeyVDh/EyaAKnSydR+XhD9JTFaQUdXfFsdq+Mar3uZSZIcUoVe
WB7w3jWZztbhEDrg8JK8c+jwvZSd8ep7zbI1SA7oEmWKkEP0GRDBgqwKHkkoWxzx
t7BwIbkCPGIu8D863J4q2AxegjW4U1JqYrKqfVd77iQQDLkm/ESF1DRUBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFETyriLosC1Dk6KTZiJ+ATiRrO4tMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUlBLdUl1aXdMVU9Ub3BObUluNEJPSkdzN2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVe+cAwQA
Ve+eMA0GCSqGSIb3DQEBCwUAA4IBAQATJ4GTAPdfyYmCqeipjhNm0flTP2PBVvYP
ulNnhOaQ2rHiXPy8tHmKVsX+qQlzbgNBxkV816QSDihKI4zEFq1RZA/43LsBiVHv
E1iv+Jje1UbDzn9ecHLeVHlcGPyApZvcwhVdet1yqIS0HyFCQQx0HXlocEKtVaW8
GWD4oxvtAQCcNdS/BPOLNUBfZXYen03w8oin09cc0Vyt2MUigRnFWFNf+qXd2bTJ
ZKYe0bS/2ygAn+p/kyyjzsh4nXimtz/xqZbN/q8l+6GOkvGEJkP5vQ9xg8QWk3zp
4A2fGxgSMiWMMp0C5poK4WnK3dRtjmgMrKvT3DYaK55A7oBDCLtX
-----END CERTIFICATE-----