Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Z3y7kh6LRHfabES7XVIT46ty5uc.roa
File:                     Z3y7kh6LRHfabES7XVIT46ty5uc.roa (raw, json)
Hash identifier:          2kZRCGX3rEl/RjddAM74/Rha0jM283/2OKIIv7h+x6U=
Subject key identifier:   67:7C:BB:92:1E:8B:44:77:DA:6C:44:BB:5D:52:13:E3:AB:72:E6:E7
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01911371B6522D5812313AFD928CC4F95B56
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Z3y7kh6LRHfabES7XVIT46ty5uc.roa
Signing time:             Fri 02 Aug 2024 14:15:04 +0000
ROA not before:           Fri 02 Aug 2024 14:15:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        85.239.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:71:b6:52:2d:58:12:31:3a:fd:92:8c:c4:f9:5b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug  2 14:15:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=677cbb921e8b4477da6c44bb5d5213e3ab72e6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d8:3c:26:fc:50:ad:c3:7d:8a:1f:7d:52:37:
                    03:40:f5:93:05:56:0a:20:40:0c:64:28:76:0a:7b:
                    11:46:71:75:bb:ee:b3:90:d8:ed:82:04:54:41:66:
                    3e:cc:f4:1c:a4:f4:3b:c4:57:93:e1:33:ac:c0:62:
                    3c:57:6a:f9:74:15:9f:26:6f:0e:31:23:22:4b:87:
                    60:a7:b4:bf:ae:1a:53:3b:5e:3c:10:d5:06:ea:c9:
                    38:f7:51:4b:d9:a3:d7:06:eb:ea:8e:b7:a8:4a:24:
                    6f:06:0a:8c:d2:2b:0a:4d:df:92:eb:d2:77:eb:db:
                    76:eb:c7:b4:e9:eb:4e:3d:35:ea:99:d5:50:02:dd:
                    f9:4d:48:f6:f3:2d:40:bd:29:c0:64:d8:6e:84:82:
                    f3:62:f8:15:7e:c4:94:29:06:5a:ec:0e:43:b9:25:
                    c2:70:d3:51:d5:e5:2a:76:f3:a7:e1:72:3d:9c:fb:
                    b3:8a:bd:37:a9:b3:71:7d:0c:18:6a:d8:2c:45:2d:
                    d4:b6:27:0c:6d:bc:cd:83:59:5c:71:48:b7:72:8f:
                    84:53:9e:e1:e9:39:26:e8:af:bb:56:e6:d9:f0:a0:
                    59:7d:cc:0a:78:ed:1c:34:0b:9c:77:90:5d:24:81:
                    b2:27:30:04:f4:dc:c6:c8:24:00:58:4a:95:6d:e7:
                    87:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7C:BB:92:1E:8B:44:77:DA:6C:44:BB:5D:52:13:E3:AB:72:E6:E7
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Z3y7kh6LRHfabES7XVIT46ty5uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:22:01:6c:f2:96:eb:70:0c:83:4b:8f:23:b9:47:e8:60:b1:
         98:ee:24:89:8d:fb:d0:11:9b:75:da:da:45:1b:72:78:4d:df:
         b7:24:ab:dc:27:92:b5:6a:e9:f0:3e:80:49:45:8a:01:3c:8f:
         e1:9f:db:53:6c:72:7e:ad:ae:1f:ad:22:3c:14:35:ad:b5:fc:
         ea:5e:01:8c:43:eb:21:22:8d:88:d5:3e:1b:dd:92:39:1e:1b:
         64:fb:8f:18:ac:b2:84:21:e5:f6:e6:85:3b:95:28:d4:cb:73:
         68:ca:38:91:89:48:78:88:51:8b:1a:ad:d4:33:c6:b3:07:63:
         7a:32:24:23:7f:b0:12:03:f1:26:45:f6:f2:8f:ac:17:5c:ee:
         3e:d9:60:1c:19:e9:3f:d7:1b:d5:01:7b:32:93:4a:17:bc:f5:
         ef:71:bc:b4:94:f1:60:2c:00:df:b5:5a:f7:52:30:cc:f6:41:
         11:fd:08:b4:47:cb:aa:01:bb:bc:8e:b8:78:4c:80:ed:86:cc:
         5b:c7:6d:b2:fb:d5:28:cf:a1:04:84:ad:f5:dd:a3:84:fe:25:
         ce:b3:90:06:e3:0e:87:2e:74:36:79:6a:66:91:5c:ca:4b:f0:
         01:d5:aa:f5:6f:5b:a3:5c:80:4c:c0:a3:ee:b1:29:a4:14:d5:
         d5:cb:33:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZETcbZSLVgSMTr9kozE+VtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQwODAyMTQxNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdjYmI5MjFlOGI0NDc3ZGE2YzQ0YmI1ZDUyMTNlM2FiNzJlNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9g8JvxQrcN9ih99UjcDQPWTBVYK
IEAMZCh2CnsRRnF1u+6zkNjtggRUQWY+zPQcpPQ7xFeT4TOswGI8V2r5dBWfJm8O
MSMiS4dgp7S/rhpTO148ENUG6sk491FL2aPXBuvqjreoSiRvBgqM0isKTd+S69J3
69t268e06etOPTXqmdVQAt35TUj28y1AvSnAZNhuhILzYvgVfsSUKQZa7A5DuSXC
cNNR1eUqdvOn4XI9nPuzir03qbNxfQwYatgsRS3UticMbbzNg1lccUi3co+EU57h
6Tkm6K+7VubZ8KBZfcwKeO0cNAucd5BdJIGyJzAE9NzGyCQAWEqVbeeHIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd8u5Iei0R32mxEu11SE+OrcubnMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvWjN5N2toNkxSSGZhYkVTN1hWSVQ0NnR5NXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+QMA0G
CSqGSIb3DQEBCwUAA4IBAQA+IgFs8pbrcAyDS48juUfoYLGY7iSJjfvQEZt12tpF
G3J4Td+3JKvcJ5K1aunwPoBJRYoBPI/hn9tTbHJ+ra4frSI8FDWttfzqXgGMQ+sh
Io2I1T4b3ZI5Hhtk+48YrLKEIeX25oU7lSjUy3NoyjiRiUh4iFGLGq3UM8azB2N6
MiQjf7ASA/EmRfbyj6wXXO4+2WAcGek/1xvVAXsyk0oXvPXvcby0lPFgLADftVr3
UjDM9kER/Qi0R8uqAbu8jrh4TIDthsxbx22y+9Uoz6EEhK313aOE/iXOs5AG4w6H
LnQ2eWpmkVzKS/AB1ar1b1ujXIBMwKPusSmkFNXVyzMi
-----END CERTIFICATE-----