Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qJFVscxIPth-exAWqMl9bVOjxAI.roa
File:                     qJFVscxIPth-exAWqMl9bVOjxAI.roa (raw, json)
Hash identifier:          pHwl4Cl7JQcL2UqiEOUWpCgL0r/3gGkJ4NhvF5sKGTs=
Subject key identifier:   A8:91:55:B1:CC:48:3E:D8:7E:7B:10:16:A8:C9:7D:6D:53:A3:C4:02
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01961ABD2D983088F99D8620E8C7CA910D0C
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qJFVscxIPth-exAWqMl9bVOjxAI.roa
Signing time:             Wed 09 Apr 2025 13:28:47 +0000
ROA not before:           Wed 09 Apr 2025 13:28:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        185.95.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1a:bd:2d:98:30:88:f9:9d:86:20:e8:c7:ca:91:0d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Apr  9 13:28:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a89155b1cc483ed87e7b1016a8c97d6d53a3c402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:42:46:2c:5c:d4:b6:ce:ed:d2:76:c2:5d:a5:
                    71:ca:1c:fb:9b:db:1f:d6:bf:70:10:1f:2f:3a:fc:
                    44:8a:6b:55:c6:79:29:d9:79:5a:19:bc:83:5e:ae:
                    af:9d:ed:15:b0:31:09:a8:81:a2:76:c0:3c:89:fe:
                    39:8c:5e:b1:66:23:e5:94:49:cb:d6:57:99:9c:cf:
                    06:d3:13:27:95:95:37:6b:a8:9b:ee:f6:6d:ec:d4:
                    51:54:27:35:2b:5e:cf:bc:67:11:b9:5e:4c:ae:c7:
                    3b:28:b8:c6:4c:77:54:8e:29:e5:07:7d:16:e8:fe:
                    a7:02:91:5c:2b:9e:24:5e:69:67:43:aa:39:1c:90:
                    57:d8:46:dc:b3:f1:5f:2c:66:83:71:e5:fa:9a:bc:
                    82:19:2c:06:98:0a:a6:b0:8f:31:3a:11:b2:4c:87:
                    e3:b5:2b:52:fb:c9:ea:7a:0c:2e:45:25:90:6e:f9:
                    41:82:57:ca:f8:bc:fa:0f:2b:2f:72:29:82:5b:84:
                    10:72:5e:27:e5:5f:8a:5e:bc:5d:d0:d9:70:9b:d0:
                    9e:ce:58:7c:f9:ac:f6:ba:ba:3b:31:a7:9f:d9:56:
                    fa:80:32:4a:f1:3c:45:42:5d:ac:fd:45:84:c4:51:
                    d0:8c:79:f1:ac:1e:80:d7:08:66:71:17:29:7a:44:
                    17:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:91:55:B1:CC:48:3E:D8:7E:7B:10:16:A8:C9:7D:6D:53:A3:C4:02
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qJFVscxIPth-exAWqMl9bVOjxAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:54:d7:00:29:71:36:df:a4:75:e2:6b:d5:86:41:28:6d:d9:
         a8:da:1c:d9:08:28:7f:04:ac:ce:23:1b:7d:57:7b:47:06:bf:
         16:6e:82:e7:25:cb:b5:90:af:d0:1c:4d:4a:f7:70:c3:11:2e:
         84:a1:06:bd:b0:7f:58:66:55:f6:a8:6d:28:b2:6b:b2:1e:f2:
         4c:88:f3:f2:7b:3a:3c:d9:1f:ac:c7:24:70:84:fa:30:32:79:
         18:52:b2:0a:76:99:91:11:cb:e8:28:be:4a:a6:77:a1:36:54:
         8f:9e:37:dd:37:2d:b3:37:de:a2:7c:a8:1c:e1:a6:b3:dc:2e:
         05:81:ac:c7:02:d4:26:32:f7:53:62:87:c5:48:b8:ab:ee:ea:
         af:32:6a:68:9a:ad:d2:0d:44:c4:2e:58:65:34:a7:cf:13:41:
         fc:04:4b:c5:42:b7:27:6d:91:d3:c0:ed:75:a0:e1:ab:04:1a:
         b1:6b:41:6f:97:92:e3:4f:85:90:6a:81:1b:35:64:34:81:f5:
         54:e4:a3:ea:d2:32:45:0a:fe:51:6a:5c:af:5d:27:07:a2:5d:
         26:ac:b1:63:fa:e3:d9:c2:b7:33:17:30:eb:15:f3:56:98:77:
         2e:df:ba:41:3a:5c:0e:e3:37:0a:ca:c8:e8:32:89:6b:d1:17:
         e9:af:56:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYavS2YMIj5nYYg6MfKkQ0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNDA5MTMyODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODkxNTViMWNjNDgzZWQ4N2U3YjEwMTZhOGM5N2Q2ZDUzYTNjNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJGLFzUts7t0nbCXaVxyhz7m9sf
1r9wEB8vOvxEimtVxnkp2XlaGbyDXq6vne0VsDEJqIGidsA8if45jF6xZiPllEnL
1leZnM8G0xMnlZU3a6ib7vZt7NRRVCc1K17PvGcRuV5Mrsc7KLjGTHdUjinlB30W
6P6nApFcK54kXmlnQ6o5HJBX2Ebcs/FfLGaDceX6mryCGSwGmAqmsI8xOhGyTIfj
tStS+8nqegwuRSWQbvlBglfK+Lz6DysvcimCW4QQcl4n5V+KXrxd0Nlwm9Cezlh8
+az2uro7Maef2Vb6gDJK8TxFQl2s/UWExFHQjHnxrB6A1whmcRcpekQX2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiRVbHMSD7YfnsQFqjJfW1To8QCMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvcUpGVnNjeElQdGgtZXhBV3FNbDliVk9qeEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+eMA0G
CSqGSIb3DQEBCwUAA4IBAQAHVNcAKXE236R14mvVhkEobdmo2hzZCCh/BKzOIxt9
V3tHBr8WboLnJcu1kK/QHE1K93DDES6EoQa9sH9YZlX2qG0osmuyHvJMiPPyezo8
2R+sxyRwhPowMnkYUrIKdpmREcvoKL5KpnehNlSPnjfdNy2zN96ifKgc4aaz3C4F
gazHAtQmMvdTYofFSLir7uqvMmpomq3SDUTELlhlNKfPE0H8BEvFQrcnbZHTwO11
oOGrBBqxa0Fvl5LjT4WQaoEbNWQ0gfVU5KPq0jJFCv5RalyvXScHol0mrLFj+uPZ
wrczFzDrFfNWmHcu37pBOlwO4zcKysjoMolr0Rfpr1YA
-----END CERTIFICATE-----