Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/CMvUi9gTjVeQbRlHgizf51JXZUw.roa
File:                     CMvUi9gTjVeQbRlHgizf51JXZUw.roa (raw, json)
Hash identifier:          VwyNvOYVWyxyRp1cvx595+9P3I+ctbp45bpF8sz7aCM=
Subject key identifier:   08:CB:D4:8B:D8:13:8D:57:90:6D:19:47:82:2C:DF:E7:52:57:65:4C
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0197DB47754748ED8B49B50F42B3D768120A
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/CMvUi9gTjVeQbRlHgizf51JXZUw.roa
Signing time:             Sat 05 Jul 2025 15:49:42 +0000
ROA not before:           Sat 05 Jul 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        85.239.148.0/24 maxlen: 24
                          85.239.155.0/24 maxlen: 24
                          185.95.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 18:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:db:47:75:47:48:ed:8b:49:b5:0f:42:b3:d7:68:12:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jul  5 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08cbd48bd8138d57906d1947822cdfe75257654c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:45:72:75:10:f2:3c:33:8c:6f:60:ad:38:f9:
                    2d:77:5d:ec:5c:c3:73:b8:ea:51:2c:28:b2:7c:9c:
                    a7:d4:25:59:6c:18:4f:a3:5d:50:91:35:fa:f6:4a:
                    86:cf:7f:1c:9a:54:10:4b:69:39:2a:18:eb:84:06:
                    8c:bc:12:4b:ce:84:38:5c:bc:10:0e:a3:7b:ec:89:
                    de:72:45:be:9d:f8:35:a6:e8:d5:31:21:b0:1d:11:
                    bf:35:db:a7:10:63:12:b4:6e:34:6b:d4:e9:05:cf:
                    19:50:0c:d4:77:67:5a:02:41:55:cb:5b:a5:dc:63:
                    93:2d:a8:4c:ec:ed:32:ad:a6:2e:b9:fc:5e:6e:55:
                    9e:9b:3c:07:dc:9b:9a:b6:c1:d8:f8:c5:96:f3:86:
                    d2:30:b9:3c:6f:17:db:e3:22:dc:ce:da:45:0d:fd:
                    04:f9:27:07:d2:eb:5d:3d:92:43:4b:fd:02:3a:f1:
                    c8:f5:0d:35:e7:1c:05:61:04:a8:16:35:60:99:b7:
                    e0:ef:5c:9b:a2:ca:29:25:10:02:6c:4b:5a:45:4c:
                    1e:e1:02:6f:9d:28:63:d3:24:ab:b8:dd:d6:16:60:
                    b8:d9:85:16:f6:25:1a:3f:99:f8:25:3e:57:d4:de:
                    f0:42:f2:e5:f2:5a:33:4a:59:e4:e7:df:8d:8d:d0:
                    0a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CB:D4:8B:D8:13:8D:57:90:6D:19:47:82:2C:DF:E7:52:57:65:4C
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/CMvUi9gTjVeQbRlHgizf51JXZUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.148.0/24
                  85.239.155.0/24
                  185.95.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:a5:16:07:94:a3:40:d4:64:bf:4d:26:d2:c5:7c:56:e8:b5:
         91:c5:ca:c5:79:10:db:29:a4:a6:aa:9f:2c:41:c1:b0:59:88:
         d2:73:d6:25:ac:fb:a2:5c:1b:50:e7:54:a1:ae:91:58:39:06:
         d5:80:c2:d5:40:fa:2a:7d:57:4d:fd:70:4c:5a:aa:3c:92:8d:
         9e:07:65:ff:48:59:d0:23:65:ac:96:30:5d:1c:23:12:68:6f:
         4a:39:78:c7:0d:fd:96:d4:67:8f:b9:4e:bb:03:4e:aa:ff:2c:
         61:9c:0c:d2:92:7a:a0:96:d4:aa:37:22:53:c2:7b:dc:cf:b5:
         1d:cc:f9:c0:0d:24:fd:0d:64:82:ec:c5:3c:e8:cb:b9:1c:4d:
         f0:14:2f:ee:dc:04:75:d0:c1:5e:04:af:ff:e8:c2:6f:f6:66:
         2d:9d:bf:c6:d2:7b:f8:de:db:9a:2b:01:0f:e7:61:5e:43:a9:
         32:e3:20:1f:f7:36:bc:ce:c6:43:b0:91:86:bc:37:c5:fd:bc:
         ef:8c:0e:14:4c:92:7f:91:2b:95:ea:67:e5:ad:ac:5f:de:bc:
         13:16:78:3c:5c:06:b7:1b:cf:b2:3c:51:a1:69:09:c5:35:1a:
         76:61:bf:92:f6:ec:2f:fc:e3:56:a8:86:8f:f9:ff:17:72:29:
         2f:38:68:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfbR3VHSO2LSbUPQrPXaBIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNzA1MTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNiZDQ4YmQ4MTM4ZDU3OTA2ZDE5NDc4MjJjZGZlNzUyNTc2NTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kVydRDyPDOMb2CtOPktd13sXMNz
uOpRLCiyfJyn1CVZbBhPo11QkTX69kqGz38cmlQQS2k5KhjrhAaMvBJLzoQ4XLwQ
DqN77IneckW+nfg1pujVMSGwHRG/NdunEGMStG40a9TpBc8ZUAzUd2daAkFVy1ul
3GOTLahM7O0yraYuufxeblWemzwH3JuatsHY+MWW84bSMLk8bxfb4yLcztpFDf0E
+ScH0utdPZJDS/0COvHI9Q015xwFYQSoFjVgmbfg71ybosopJRACbEtaRUwe4QJv
nShj0ySruN3WFmC42YUW9iUaP5n4JT5X1N7wQvLl8lozSlnk59+NjdAKzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAjL1IvYE41XkG0ZR4Is3+dSV2VMMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvQ012VWk5Z1RqVmVRYlJsSGdpemY1MUpYWlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVe+UAwQA
Ve+bAwQAuV+dMA0GCSqGSIb3DQEBCwUAA4IBAQChpRYHlKNA1GS/TSbSxXxW6LWR
xcrFeRDbKaSmqp8sQcGwWYjSc9YlrPuiXBtQ51ShrpFYOQbVgMLVQPoqfVdN/XBM
Wqo8ko2eB2X/SFnQI2WsljBdHCMSaG9KOXjHDf2W1GePuU67A06q/yxhnAzSknqg
ltSqNyJTwnvcz7UdzPnADST9DWSC7MU86Mu5HE3wFC/u3AR10MFeBK//6MJv9mYt
nb/G0nv43tuaKwEP52FeQ6ky4yAf9za8zsZDsJGGvDfF/bzvjA4UTJJ/kSuV6mfl
raxf3rwTFng8XAa3G8+yPFGhaQnFNRp2Yb+S9uwv/ONWqIaP+f8XcikvOGio
-----END CERTIFICATE-----