Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/eTi8UpoWA4LfDVEf3bLuS7NirDI.roa
File:                     eTi8UpoWA4LfDVEf3bLuS7NirDI.roa (raw, json)
Hash identifier:          Z0eV/Pg39iwPdoJ1Rvmo2nij3tl4qAnx8wWUmqcdIPk=
Subject key identifier:   79:38:BC:52:9A:16:03:82:DF:0D:51:1F:DD:B2:EE:4B:B3:62:AC:32
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0197FF18DD621D7AC594C1D29226623B10F2
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/eTi8UpoWA4LfDVEf3bLuS7NirDI.roa
Signing time:             Sat 12 Jul 2025 14:45:08 +0000
ROA not before:           Sat 12 Jul 2025 14:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.95.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 09:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ff:18:dd:62:1d:7a:c5:94:c1:d2:92:26:62:3b:10:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jul 12 14:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7938bc529a160382df0d511fddb2ee4bb362ac32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:25:0c:37:3b:e4:56:a6:df:f1:c1:c1:ee:7b:
                    7c:e5:dd:08:9a:9b:32:f5:46:94:d9:57:8e:7b:87:
                    71:b5:d7:e4:c6:c4:e1:fa:7a:7c:9f:1c:fa:ad:49:
                    3e:17:bd:5e:a4:9c:2a:f1:3b:41:3b:ed:c4:d7:b5:
                    ce:e4:d0:a9:b9:9a:65:1b:7e:32:e7:7a:6e:47:90:
                    eb:be:30:ba:c5:4f:ac:e7:46:5f:5d:d3:c1:e3:9f:
                    e6:a5:7f:26:c9:4a:0b:6c:7d:9b:1f:ad:fd:56:6c:
                    24:36:64:bb:5f:8b:2e:f5:50:24:8f:bc:da:32:4c:
                    d8:7c:b5:fa:61:cf:57:f4:66:97:65:e0:5e:ea:24:
                    2d:dc:a6:e4:0a:f2:c4:e3:c9:14:97:39:49:26:82:
                    61:62:49:76:12:b6:a5:ed:9e:62:39:5c:ad:6e:10:
                    fe:03:9d:b5:3a:e8:8a:3d:4d:1c:64:32:1b:f4:1e:
                    84:db:0c:75:8e:30:8b:8c:ad:2f:77:54:1a:e1:ee:
                    03:94:7d:89:f4:cd:fc:ff:e3:a2:ba:e1:92:fe:63:
                    70:72:9b:60:4b:cc:07:25:a4:43:33:df:da:31:e1:
                    0d:82:a3:a1:4f:3f:b6:49:15:04:f1:4e:32:cd:e8:
                    fe:f2:18:86:b6:b7:ab:cf:26:78:31:79:79:a7:7b:
                    04:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:38:BC:52:9A:16:03:82:DF:0D:51:1F:DD:B2:EE:4B:B3:62:AC:32
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/eTi8UpoWA4LfDVEf3bLuS7NirDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:b6:73:8e:bd:30:4e:6f:16:3e:b5:a4:0b:e1:b4:da:fb:23:
         c3:57:b3:3b:34:92:97:b2:a2:39:0f:1c:04:07:4d:38:a5:c3:
         9c:16:c6:37:ca:15:52:3c:6d:03:a4:77:fa:b6:5a:a4:df:c2:
         59:96:38:21:bb:ae:44:45:e3:41:cb:7c:64:44:dd:0c:81:3c:
         fd:67:11:7c:ec:70:f9:31:c0:6c:92:62:a3:78:39:9a:ec:a8:
         98:f3:88:b2:5a:a3:e3:e5:8b:5e:9e:9d:f5:bf:8d:27:61:db:
         7c:02:8f:c9:a3:c3:67:77:9f:48:07:0c:15:30:85:11:a3:a0:
         2d:e8:f6:76:07:a0:d5:4e:56:d0:e6:58:14:d1:c0:1a:05:ea:
         98:a1:cc:9a:2c:ec:b9:0d:09:f4:84:3c:e4:dc:e5:01:62:45:
         81:89:8f:95:87:57:63:4d:b8:35:9c:a3:86:6b:ec:c2:f8:7f:
         83:3c:cc:e8:9a:58:43:23:ab:fa:d7:a1:90:30:91:7f:b7:89:
         a6:8f:ba:0b:65:1c:52:9a:e5:9c:d8:42:61:32:79:02:cb:6d:
         f1:7a:8c:99:99:88:89:eb:6f:e7:5a:21:15:34:7b:e9:02:ca:
         7f:1d:e8:28:18:e0:07:7f:d1:00:66:c0:9c:c4:ea:47:7f:77:
         5c:dc:23:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf/GN1iHXrFlMHSkiZiOxDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNzEyMTQ0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTM4YmM1MjlhMTYwMzgyZGYwZDUxMWZkZGIyZWU0YmIzNjJhYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iUMNzvkVqbf8cHB7nt85d0Impsy
9UaU2VeOe4dxtdfkxsTh+np8nxz6rUk+F71epJwq8TtBO+3E17XO5NCpuZplG34y
53puR5DrvjC6xU+s50ZfXdPB45/mpX8myUoLbH2bH639VmwkNmS7X4su9VAkj7za
MkzYfLX6Yc9X9GaXZeBe6iQt3KbkCvLE48kUlzlJJoJhYkl2Eral7Z5iOVytbhD+
A521OuiKPU0cZDIb9B6E2wx1jjCLjK0vd1Qa4e4DlH2J9M38/+OiuuGS/mNwcptg
S8wHJaRDM9/aMeENgqOhTz+2SRUE8U4yzej+8hiGtrerzyZ4MXl5p3sEXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHk4vFKaFgOC3w1RH92y7kuzYqwyMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvZVRpOFVwb1dBNExmRFZFZjNiTHVTN05pckRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+dMA0G
CSqGSIb3DQEBCwUAA4IBAQAktnOOvTBObxY+taQL4bTa+yPDV7M7NJKXsqI5DxwE
B004pcOcFsY3yhVSPG0DpHf6tlqk38JZljghu65EReNBy3xkRN0MgTz9ZxF87HD5
McBskmKjeDma7KiY84iyWqPj5Ytenp31v40nYdt8Ao/Jo8Nnd59IBwwVMIURo6At
6PZ2B6DVTlbQ5lgU0cAaBeqYocyaLOy5DQn0hDzk3OUBYkWBiY+Vh1djTbg1nKOG
a+zC+H+DPMzomlhDI6v616GQMJF/t4mmj7oLZRxSmuWc2EJhMnkCy23xeoyZmYiJ
62/nWiEVNHvpAsp/HegoGOAHf9EAZsCcxOpHf3dc3COL
-----END CERTIFICATE-----