Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fFIiPcIZQx033jSV6p41eBFER7E.roa
File:                     fFIiPcIZQx033jSV6p41eBFER7E.roa (raw, json)
Hash identifier:          qhzye0ysaR3MnkAhIOM63hxvVgvo8rQw3JHNBHBliIQ=
Subject key identifier:   7C:52:22:3D:C2:19:43:1D:37:DE:34:95:EA:9E:35:78:11:44:47:B1
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01990D8B4D55739C59CC00CDFF403581D1EE
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fFIiPcIZQx033jSV6p41eBFER7E.roa
Signing time:             Wed 03 Sep 2025 03:07:36 +0000
ROA not before:           Wed 03 Sep 2025 03:07:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        85.239.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0d:8b:4d:55:73:9c:59:cc:00:cd:ff:40:35:81:d1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Sep  3 03:07:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c52223dc219431d37de3495ea9e3578114447b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bd:53:8f:96:4e:48:4d:f2:ed:8e:66:6e:34:
                    93:e0:62:0d:a4:7f:6d:8a:71:e3:5d:77:5b:62:f9:
                    fc:52:e6:4d:5d:1b:f2:24:da:25:b2:65:f4:c2:3f:
                    2f:5d:38:19:ea:9a:8b:3d:f8:ed:bf:fd:d5:a1:f5:
                    32:41:a2:42:3d:e2:11:78:bc:b9:34:92:fb:96:24:
                    ab:3b:64:af:da:b5:f3:46:6c:c3:be:56:a0:37:fd:
                    73:eb:1f:87:c3:5b:a7:78:35:bc:4f:2a:81:38:61:
                    d3:c1:3c:ef:b9:72:9b:42:26:5b:3a:3b:20:cf:21:
                    bc:14:c9:78:f2:67:42:07:0d:92:3a:c0:ff:f1:d3:
                    8b:48:87:5b:94:ca:fa:2f:d0:da:b3:aa:25:cb:06:
                    37:3c:ed:67:9d:e5:06:14:c3:87:b4:8e:47:12:de:
                    63:df:f8:0c:03:0b:b3:a0:e9:05:08:90:67:ca:63:
                    7d:a3:68:6d:72:c4:6c:18:09:a8:6d:23:3c:c0:c2:
                    19:06:03:71:b1:40:2c:0f:8b:73:c3:db:0a:25:d8:
                    20:42:de:b8:9a:f5:e5:ce:d4:8e:3d:d0:1f:07:47:
                    1d:c9:76:b8:7e:bc:64:f3:cc:70:eb:08:45:13:2d:
                    e3:15:d3:39:15:f5:b3:a7:4d:fc:a5:6f:91:49:56:
                    4b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:52:22:3D:C2:19:43:1D:37:DE:34:95:EA:9E:35:78:11:44:47:B1
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fFIiPcIZQx033jSV6p41eBFER7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:be:30:67:19:7a:42:9f:d5:d4:5c:30:4e:37:f5:94:13:d0:
         41:50:7b:2c:b3:90:ae:d3:71:b0:eb:6b:10:68:71:97:b6:83:
         f8:98:21:79:a9:16:6b:1d:d5:ae:b1:7a:71:6b:a0:f7:09:4c:
         9b:c1:57:2e:4b:71:a2:07:94:ea:12:c5:c9:a3:b7:eb:9e:94:
         71:6e:6d:19:f3:b6:c7:45:52:0d:cf:a0:e1:89:fd:b4:17:6e:
         6a:85:12:e0:53:5c:d0:b4:97:c4:a0:ce:6a:4e:e0:6b:de:b0:
         53:51:98:fe:77:de:94:ee:eb:74:e5:90:a3:b2:c9:9f:e3:6f:
         40:8b:a2:17:9a:53:07:42:95:07:24:01:7f:45:45:98:1f:45:
         23:c2:e5:d0:95:81:16:d9:fe:44:bc:87:f4:ca:dc:e5:f2:e2:
         90:a0:3e:fb:64:79:72:20:14:14:95:ee:9a:9e:3d:de:e9:64:
         0b:6d:32:05:b7:e1:0d:65:35:44:4a:f6:c8:07:a0:f0:76:40:
         40:f5:e4:d1:f0:2f:f3:bb:25:67:1d:bc:0e:20:db:49:54:fb:
         ca:22:60:7f:3e:f9:b7:35:92:94:7f:2f:84:99:b4:1a:e1:06:
         a0:cc:3f:24:e4:a2:fc:4a:f1:ce:3c:20:ae:43:b7:38:a5:9f:
         2a:c2:35:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkNi01Vc5xZzADN/0A1gdHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwOTAzMDMwNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzUyMjIzZGMyMTk0MzFkMzdkZTM0OTVlYTllMzU3ODExNDQ0N2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb1Tj5ZOSE3y7Y5mbjST4GINpH9t
inHjXXdbYvn8UuZNXRvyJNolsmX0wj8vXTgZ6pqLPfjtv/3VofUyQaJCPeIReLy5
NJL7liSrO2Sv2rXzRmzDvlagN/1z6x+Hw1uneDW8TyqBOGHTwTzvuXKbQiZbOjsg
zyG8FMl48mdCBw2SOsD/8dOLSIdblMr6L9Das6olywY3PO1nneUGFMOHtI5HEt5j
3/gMAwuzoOkFCJBnymN9o2htcsRsGAmobSM8wMIZBgNxsUAsD4tzw9sKJdggQt64
mvXlztSOPdAfB0cdyXa4frxk88xw6whFEy3jFdM5FfWzp038pW+RSVZL3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxSIj3CGUMdN940leqeNXgRREexMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvZkZJaVBjSVpReDAzM2pTVjZwNDFlQkZFUjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+WMA0G
CSqGSIb3DQEBCwUAA4IBAQC1vjBnGXpCn9XUXDBON/WUE9BBUHsss5Cu03Gw62sQ
aHGXtoP4mCF5qRZrHdWusXpxa6D3CUybwVcuS3GiB5TqEsXJo7frnpRxbm0Z87bH
RVINz6Dhif20F25qhRLgU1zQtJfEoM5qTuBr3rBTUZj+d96U7ut05ZCjssmf429A
i6IXmlMHQpUHJAF/RUWYH0UjwuXQlYEW2f5EvIf0ytzl8uKQoD77ZHlyIBQUle6a
nj3e6WQLbTIFt+ENZTVESvbIB6DwdkBA9eTR8C/zuyVnHbwOINtJVPvKImB/Pvm3
NZKUfy+EmbQa4QagzD8k5KL8SvHOPCCuQ7c4pZ8qwjXk
-----END CERTIFICATE-----