Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/5PNj7gNAiL3aJZBztBIerafH1Fg.roa
File:                     5PNj7gNAiL3aJZBztBIerafH1Fg.roa (raw, json)
Hash identifier:          FrTg71eIR2m7NaZISZU5x7mh470vnoLZc6VjRMUOXfE=
Subject key identifier:   E4:F3:63:EE:03:40:88:BD:DA:25:90:73:B4:12:1E:AD:A7:C7:D4:58
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0199157AA8A193D6A179C9E73E6828D0D18F
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/5PNj7gNAiL3aJZBztBIerafH1Fg.roa
Signing time:             Thu 04 Sep 2025 16:06:24 +0000
ROA not before:           Thu 04 Sep 2025 16:06:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        85.239.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:7a:a8:a1:93:d6:a1:79:c9:e7:3e:68:28:d0:d1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Sep  4 16:06:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4f363ee034088bdda259073b4121eada7c7d458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b2:3b:04:3b:76:d4:57:83:e1:d8:c1:8b:61:
                    59:0e:e9:ea:84:f2:39:d6:3f:80:95:6a:d9:aa:9b:
                    6a:37:11:9c:24:04:2d:a6:a8:cf:fc:70:d9:08:f3:
                    a0:ed:ee:a9:a4:7b:c0:4f:c5:fd:2a:02:0c:06:31:
                    eb:cc:f3:b0:34:1f:0c:9f:f5:81:4e:eb:4c:e8:10:
                    e8:b2:6e:65:c6:26:07:db:04:50:81:5e:b7:ae:ec:
                    ca:10:b6:7f:aa:0c:d7:fa:e5:87:01:4e:78:83:6f:
                    21:9b:b4:0c:81:4f:7a:3e:db:f8:b1:2c:7f:27:dc:
                    df:56:ee:15:c3:38:7a:b8:8f:4a:60:93:f2:5b:c9:
                    6a:85:78:6b:7e:28:d4:fe:dc:9b:80:e6:33:4b:cc:
                    0c:ce:ce:6f:7e:f3:5b:d8:b2:d5:67:aa:8b:db:cb:
                    76:83:65:d5:09:33:cb:13:b2:b1:c4:b1:95:7c:1b:
                    6c:25:ce:ec:3c:9d:69:88:eb:0c:23:70:b4:5a:10:
                    2a:5e:3f:43:80:40:43:24:06:ca:d4:0d:30:f2:60:
                    4f:f5:e9:30:a4:9c:6d:de:86:4b:e3:ae:a5:eb:b2:
                    cd:26:8d:18:60:38:e7:14:a3:08:3a:3a:8e:28:ef:
                    c3:4f:65:4a:4e:04:c0:86:b7:dd:4f:f2:f3:63:4b:
                    6e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F3:63:EE:03:40:88:BD:DA:25:90:73:B4:12:1E:AD:A7:C7:D4:58
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/5PNj7gNAiL3aJZBztBIerafH1Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:62:97:6d:00:45:0f:a8:05:94:13:ef:cf:c9:36:5f:43:4d:
         51:6b:5f:eb:4d:42:b6:40:f0:06:49:3c:92:1c:e6:d2:cb:3c:
         4a:d3:e8:51:60:2c:c6:fd:0b:d1:99:80:84:26:f8:52:f8:cf:
         2d:43:ff:f7:2f:17:eb:14:ec:31:6a:04:5d:d1:47:e9:42:03:
         b7:a1:3c:aa:ce:8e:bb:4f:53:aa:59:62:71:b9:30:c5:55:e9:
         35:43:a0:0c:64:6a:3a:14:3a:37:b5:f1:30:7d:33:3c:7e:3e:
         20:ee:dc:07:7c:25:d1:56:94:b2:75:62:5f:e6:7f:9d:be:2c:
         c3:5a:a8:ba:77:32:c1:e0:97:80:68:83:b3:f8:1f:a6:e1:da:
         ab:79:b1:be:ce:0a:b1:e8:48:da:e9:26:57:e2:b9:ec:e3:39:
         9a:df:df:a5:9c:fc:21:a7:6b:15:f6:8c:75:19:0d:62:6b:92:
         73:26:44:7c:5a:62:a2:d7:a6:15:eb:ea:e4:3e:80:75:54:58:
         5e:dc:f3:94:c2:83:a2:a7:37:16:62:ec:52:72:c7:7a:82:4f:
         30:46:e3:be:26:e1:65:51:59:76:ed:2f:07:c9:47:d8:74:be:
         86:13:53:4f:e2:8e:93:33:b7:0b:5f:a1:4a:61:3b:30:48:bf:
         dd:bf:c0:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVeqihk9ahecnnPmgo0NGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwOTA0MTYwNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYzNjNlZTAzNDA4OGJkZGEyNTkwNzNiNDEyMWVhZGE3YzdkNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rI7BDt21FeD4djBi2FZDunqhPI5
1j+AlWrZqptqNxGcJAQtpqjP/HDZCPOg7e6ppHvAT8X9KgIMBjHrzPOwNB8Mn/WB
TutM6BDosm5lxiYH2wRQgV63ruzKELZ/qgzX+uWHAU54g28hm7QMgU96Ptv4sSx/
J9zfVu4Vwzh6uI9KYJPyW8lqhXhrfijU/tybgOYzS8wMzs5vfvNb2LLVZ6qL28t2
g2XVCTPLE7KxxLGVfBtsJc7sPJ1piOsMI3C0WhAqXj9DgEBDJAbK1A0w8mBP9ekw
pJxt3oZL466l67LNJo0YYDjnFKMIOjqOKO/DT2VKTgTAhrfdT/LzY0tu5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTzY+4DQIi92iWQc7QSHq2nx9RYMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvNVBOajdnTkFpTDNhSlpCenRCSWVyYWZIMUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+RMA0G
CSqGSIb3DQEBCwUAA4IBAQAyYpdtAEUPqAWUE+/PyTZfQ01Ra1/rTUK2QPAGSTyS
HObSyzxK0+hRYCzG/QvRmYCEJvhS+M8tQ//3LxfrFOwxagRd0UfpQgO3oTyqzo67
T1OqWWJxuTDFVek1Q6AMZGo6FDo3tfEwfTM8fj4g7twHfCXRVpSydWJf5n+dvizD
Wqi6dzLB4JeAaIOz+B+m4dqrebG+zgqx6Eja6SZX4rns4zma39+lnPwhp2sV9ox1
GQ1ia5JzJkR8WmKi16YV6+rkPoB1VFhe3POUwoOipzcWYuxScsd6gk8wRuO+JuFl
UVl27S8HyUfYdL6GE1NP4o6TM7cLX6FKYTswSL/dv8CZ
-----END CERTIFICATE-----