Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Vyp1FNRXbyrbg0MCQAZO2to90_A.roa
File:                     Vyp1FNRXbyrbg0MCQAZO2to90_A.roa (raw, json)
Hash identifier:          bgZbcI3I/GTUjLPM77pX7mSC/es1o3DQ/C1VOjxQjbA=
Subject key identifier:   57:2A:75:14:D4:57:6F:2A:DB:83:43:02:40:06:4E:DA:DA:3D:D3:F0
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01982168B0D2BA6809A0A4F053D4E3E435F4
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Vyp1FNRXbyrbg0MCQAZO2to90_A.roa
Signing time:             Sat 19 Jul 2025 06:39:25 +0000
ROA not before:           Sat 19 Jul 2025 06:39:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329007
IP address blocks:        178.239.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:21:68:b0:d2:ba:68:09:a0:a4:f0:53:d4:e3:e4:35:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jul 19 06:39:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=572a7514d4576f2adb83430240064edada3dd3f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5d:a0:d9:0e:88:82:1e:42:4e:fd:16:8c:af:
                    df:be:8d:31:96:87:fd:87:95:02:b9:6a:fe:70:93:
                    14:c4:87:1b:31:e9:91:3c:f2:ea:75:eb:10:27:86:
                    d5:b1:76:76:2e:e0:ce:38:0c:cd:40:0b:b8:6a:09:
                    b2:5e:6c:61:ac:55:3e:13:60:f1:dc:a6:22:d5:45:
                    c0:b5:a3:18:6f:3e:24:6c:89:d2:67:58:30:1e:5e:
                    41:57:08:24:44:ff:dd:c9:f3:08:3e:d1:d6:cb:79:
                    52:1b:22:a0:30:36:ad:be:4a:49:53:fd:e4:04:1f:
                    e7:04:79:59:93:55:0b:ad:64:05:17:80:dc:39:cc:
                    0a:48:71:47:55:d5:0b:23:5f:7c:e5:01:9a:01:07:
                    4d:7d:da:bc:4b:c8:a1:38:b7:60:f3:4f:38:cd:2c:
                    f2:bb:6c:ef:42:41:0b:3e:20:f8:a4:09:ef:33:7e:
                    88:fe:80:22:f4:80:40:89:68:94:fb:5d:d8:43:d6:
                    e8:03:22:7c:a9:c7:96:6d:a5:47:85:2f:50:bc:12:
                    64:92:91:fe:13:a5:18:ff:26:78:6b:74:3b:1b:82:
                    62:28:0d:8b:da:7e:79:e4:89:71:9f:df:4b:30:13:
                    4e:fa:7c:e2:7c:44:84:96:34:16:2c:91:c4:39:73:
                    3f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2A:75:14:D4:57:6F:2A:DB:83:43:02:40:06:4E:DA:DA:3D:D3:F0
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Vyp1FNRXbyrbg0MCQAZO2to90_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:65:4b:1f:7b:9b:ef:1e:fd:0e:4d:1c:a6:18:9b:3d:12:b1:
         c4:18:4e:75:55:45:39:dc:79:23:9b:88:18:70:f1:51:2e:e7:
         df:f6:ff:ca:35:86:71:a2:68:0b:14:5a:c5:48:9b:19:13:a9:
         7a:05:b6:98:d2:96:a5:8d:67:5d:cb:f1:57:c1:59:15:8e:44:
         5b:9c:38:71:ff:a8:91:ab:a2:37:99:d4:1f:fb:62:bc:96:4d:
         66:8d:0e:ee:db:96:d0:cf:37:5e:00:cd:38:40:ea:d4:03:79:
         04:a0:d3:e5:fb:59:fa:b9:ff:31:1f:95:cf:a0:96:fd:71:e1:
         cf:a9:19:3f:49:fc:1f:f1:3a:45:1a:38:1e:15:e9:86:69:15:
         30:a7:6d:7c:68:96:ab:48:2d:1b:c2:f7:0d:13:d4:5d:45:17:
         78:47:77:cd:1b:77:f4:93:a5:0b:fd:8d:87:a1:38:e4:da:9f:
         23:7e:93:e5:f9:71:91:7d:f4:fd:e4:bb:1e:12:e0:d3:56:03:
         85:54:80:ce:ea:b5:3e:f8:fe:e1:a4:fd:d7:8b:75:fe:e3:05:
         65:60:f5:1f:ab:89:8b:46:07:e2:8d:40:fa:da:c1:40:83:c4:
         ae:a8:67:9a:11:5c:89:c1:fe:79:be:23:82:da:f9:37:d5:d5:
         a7:c5:16:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZghaLDSumgJoKTwU9Tj5DX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNzE5MDYzOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzJhNzUxNGQ0NTc2ZjJhZGI4MzQzMDI0MDA2NGVkYWRhM2RkM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5V2g2Q6Igh5CTv0WjK/fvo0xlof9
h5UCuWr+cJMUxIcbMemRPPLqdesQJ4bVsXZ2LuDOOAzNQAu4agmyXmxhrFU+E2Dx
3KYi1UXAtaMYbz4kbInSZ1gwHl5BVwgkRP/dyfMIPtHWy3lSGyKgMDatvkpJU/3k
BB/nBHlZk1ULrWQFF4DcOcwKSHFHVdULI1985QGaAQdNfdq8S8ihOLdg8084zSzy
u2zvQkELPiD4pAnvM36I/oAi9IBAiWiU+13YQ9boAyJ8qceWbaVHhS9QvBJkkpH+
E6UY/yZ4a3Q7G4JiKA2L2n555Ilxn99LMBNO+nzifESEljQWLJHEOXM/PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcqdRTUV28q24NDAkAGTtraPdPwMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvVnlwMUZOUlhieXJiZzBNQ1FBWk8ydG85MF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu90MA0G
CSqGSIb3DQEBCwUAA4IBAQAYZUsfe5vvHv0OTRymGJs9ErHEGE51VUU53Hkjm4gY
cPFRLuff9v/KNYZxomgLFFrFSJsZE6l6BbaY0paljWddy/FXwVkVjkRbnDhx/6iR
q6I3mdQf+2K8lk1mjQ7u25bQzzdeAM04QOrUA3kEoNPl+1n6uf8xH5XPoJb9ceHP
qRk/Sfwf8TpFGjgeFemGaRUwp218aJarSC0bwvcNE9RdRRd4R3fNG3f0k6UL/Y2H
oTjk2p8jfpPl+XGRffT95LseEuDTVgOFVIDO6rU++P7hpP3Xi3X+4wVlYPUfq4mL
RgfijUD62sFAg8SuqGeaEVyJwf55viOC2vk31dWnxRZ7
-----END CERTIFICATE-----