Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/AdxM9ZKkKPKR7EjA2YBYrTec8bg.roa
File:                     AdxM9ZKkKPKR7EjA2YBYrTec8bg.roa (raw, json)
Hash identifier:          1HBe1ouNMa2yvgRc/WzrRWR3XWQK4AiJ68uOCqwE+Pw=
Subject key identifier:   01:DC:4C:F5:92:A4:28:F2:91:EC:48:C0:D9:80:58:AD:37:9C:F1:B8
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01920413A311984F74EF4E9196B1BA03E912
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/AdxM9ZKkKPKR7EjA2YBYrTec8bg.roa
Signing time:             Wed 18 Sep 2024 07:40:48 +0000
ROA not before:           Wed 18 Sep 2024 07:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        85.239.146.0/24 maxlen: 24
                          85.239.147.0/24 maxlen: 24
                          185.95.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:04:13:a3:11:98:4f:74:ef:4e:91:96:b1:ba:03:e9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Sep 18 07:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01dc4cf592a428f291ec48c0d98058ad379cf1b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:56:26:0f:d9:1d:d6:6a:ca:ea:7a:dd:6c:78:
                    15:35:d3:c1:dc:3e:11:92:bf:23:9b:25:28:d0:4f:
                    22:6a:63:33:55:39:eb:09:d0:ba:35:69:f4:44:62:
                    8b:5e:a1:ac:b2:48:0a:44:0a:d1:0a:57:4d:e1:91:
                    53:ea:aa:4b:6c:e3:99:f8:5e:b2:dd:98:0e:f0:ea:
                    49:00:ca:5d:a7:b7:fc:37:03:d9:86:70:1f:73:f4:
                    fc:00:97:cd:e5:ad:58:5c:c1:c6:ff:86:b8:34:d6:
                    1b:ea:1c:0a:74:01:ee:cb:c3:1a:0e:f9:32:e9:74:
                    46:a9:64:8d:85:a0:d3:32:b2:aa:ae:8a:e0:11:17:
                    3d:60:8d:3c:7d:0e:da:64:27:d6:51:31:87:dd:0a:
                    16:33:55:51:9b:54:f5:9d:30:bd:9e:bf:ab:80:7b:
                    59:dc:94:b1:88:9c:15:ff:6b:7d:dc:2a:1d:f2:d6:
                    fa:7c:4e:18:79:14:5c:2a:69:5e:4b:6d:f4:4f:96:
                    4c:2e:b3:9d:de:2d:ba:c3:4f:0a:62:b7:0f:18:60:
                    8c:26:06:41:3c:11:41:b1:36:6f:c5:68:00:96:86:
                    19:b6:fa:ad:64:3c:ef:a4:a8:92:46:4f:b5:87:3a:
                    ef:10:1b:12:fa:0b:2a:b9:f8:e1:05:d2:cc:b7:d9:
                    4b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:DC:4C:F5:92:A4:28:F2:91:EC:48:C0:D9:80:58:AD:37:9C:F1:B8
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/AdxM9ZKkKPKR7EjA2YBYrTec8bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.146.0/23
                  185.95.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:93:59:02:a0:5e:e7:e2:5c:df:8a:9e:18:9e:20:29:59:bf:
         80:1b:22:4b:2a:dd:ef:ce:fa:37:70:37:80:0c:65:16:8e:a6:
         83:b9:76:db:8b:e9:8d:e7:59:49:f0:2d:cf:98:71:65:0a:e5:
         a9:6d:28:59:b2:29:13:2d:e6:c1:9b:41:99:12:ff:00:78:0e:
         d6:d8:b8:dc:df:76:a9:e1:56:08:f0:63:2a:16:1f:cf:28:95:
         d9:a5:64:7c:f0:7a:68:94:a2:8e:12:23:d8:29:e0:6f:e7:c5:
         94:c7:9d:60:a0:77:ea:55:ae:a1:75:65:60:3a:0e:f0:22:d2:
         ba:6d:2e:03:bf:f0:ed:07:cd:6b:59:3b:8c:42:70:8f:fa:5d:
         ef:fc:f1:52:a0:17:9e:1e:3b:32:1d:76:03:15:a5:c9:87:69:
         47:ff:10:a8:4d:49:c7:58:56:01:42:bf:8a:3f:53:25:2d:3b:
         3e:8c:9d:59:a1:b2:69:85:ec:02:c5:5e:e4:9f:0c:56:6e:e3:
         8c:24:e9:5e:ec:5e:75:43:69:81:46:79:7a:5c:da:44:e2:3a:
         83:d1:7a:97:30:79:78:18:43:15:97:16:28:ef:e9:d7:dd:2a:
         31:15:38:b6:4d:f7:97:68:9b:31:5f:76:c4:e7:4b:b9:ce:a8:
         d5:2e:df:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIEE6MRmE90706RlrG6A+kSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQwOTE4MDc0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWRjNGNmNTkyYTQyOGYyOTFlYzQ4YzBkOTgwNThhZDM3OWNmMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslYmD9kd1mrK6nrdbHgVNdPB3D4R
kr8jmyUo0E8iamMzVTnrCdC6NWn0RGKLXqGsskgKRArRCldN4ZFT6qpLbOOZ+F6y
3ZgO8OpJAMpdp7f8NwPZhnAfc/T8AJfN5a1YXMHG/4a4NNYb6hwKdAHuy8MaDvky
6XRGqWSNhaDTMrKqrorgERc9YI08fQ7aZCfWUTGH3QoWM1VRm1T1nTC9nr+rgHtZ
3JSxiJwV/2t93Cod8tb6fE4YeRRcKmleS230T5ZMLrOd3i26w08KYrcPGGCMJgZB
PBFBsTZvxWgAloYZtvqtZDzvpKiSRk+1hzrvEBsS+gsqufjhBdLMt9lLkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHcTPWSpCjykexIwNmAWK03nPG4MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvQWR4TTlaS2tLUEtSN0VqQTJZQllyVGVjOGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVe+SAwQA
uV+cMA0GCSqGSIb3DQEBCwUAA4IBAQC6k1kCoF7n4lzfip4YniApWb+AGyJLKt3v
zvo3cDeADGUWjqaDuXbbi+mN51lJ8C3PmHFlCuWpbShZsikTLebBm0GZEv8AeA7W
2Ljc33ap4VYI8GMqFh/PKJXZpWR88HpolKKOEiPYKeBv58WUx51goHfqVa6hdWVg
Og7wItK6bS4Dv/DtB81rWTuMQnCP+l3v/PFSoBeeHjsyHXYDFaXJh2lH/xCoTUnH
WFYBQr+KP1MlLTs+jJ1ZobJphewCxV7knwxWbuOMJOle7F51Q2mBRnl6XNpE4jqD
0XqXMHl4GEMVlxYo7+nX3SoxFTi2TfeXaJsxX3bE50u5zqjVLt9u
-----END CERTIFICATE-----