Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wQqKG7cVGs2CJDAxdiiBYl3tY70.roa
File:                     wQqKG7cVGs2CJDAxdiiBYl3tY70.roa (raw, json)
Hash identifier:          0Mmiq8tYwkVgvvfzlXAO3GS8f4dfqFX/hq90ajVnLvE=
Subject key identifier:   C1:0A:8A:1B:B7:15:1A:CD:82:24:30:31:76:28:81:62:5D:ED:63:BD
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E920603EBEDC404AA3ABF373DAF80
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wQqKG7cVGs2CJDAxdiiBYl3tY70.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50889
IP address blocks:        85.29.14.0/24 maxlen: 24
                          85.29.18.0/24 maxlen: 24
                          85.29.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:92:06:03:eb:ed:c4:04:aa:3a:bf:37:3d:af:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c10a8a1bb7151acd82243031762881625ded63bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:72:f5:02:63:03:7a:61:fc:ce:0b:d9:61:81:
                    bc:03:af:af:96:e4:91:40:5a:b6:64:0c:6c:86:4e:
                    5e:ce:1d:e8:12:97:db:8b:26:c3:47:31:f4:5d:13:
                    a6:50:88:5c:a9:42:e0:0e:4f:89:1b:82:7e:c3:da:
                    f7:9a:54:46:e2:95:83:8b:e4:7c:a4:34:94:72:35:
                    a4:90:a5:35:af:d4:5f:a5:39:c9:01:18:47:b6:e4:
                    d1:f1:9a:34:09:6c:a0:30:41:e5:af:58:d2:3e:93:
                    f1:90:fb:11:3d:b4:4c:48:53:f4:79:f2:7b:38:de:
                    64:2c:aa:54:1a:31:a0:61:cd:3f:38:f9:fc:be:84:
                    39:2e:49:59:e6:4d:f6:04:17:35:0a:bb:c2:61:6d:
                    62:42:f5:02:1d:dd:e1:ff:43:91:b0:ef:b2:a4:ae:
                    1a:ba:24:ba:4e:c3:63:b1:17:6b:28:1c:13:f8:9d:
                    b3:8b:07:71:7b:b6:64:08:a9:fe:87:b0:02:e6:b9:
                    69:04:a0:6d:1f:15:31:43:ce:c3:7e:db:56:38:d2:
                    e8:b0:cf:48:b6:b2:08:c6:07:9b:2c:95:91:11:75:
                    4a:08:a3:e3:94:02:b4:32:75:dc:d7:7d:a6:20:32:
                    c7:0e:aa:46:7f:83:49:d5:81:d9:bc:36:75:42:35:
                    40:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:0A:8A:1B:B7:15:1A:CD:82:24:30:31:76:28:81:62:5D:ED:63:BD
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wQqKG7cVGs2CJDAxdiiBYl3tY70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.29.14.0/24
                  85.29.18.0/24
                  85.29.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:02:94:b5:fa:dc:30:4d:01:e4:3f:91:a7:65:07:b0:d0:a0:
         00:0f:c0:a7:da:3c:88:7a:77:38:ec:68:24:fa:9b:55:9b:32:
         9e:ac:dc:71:4d:b1:a2:5a:9e:82:0a:15:ff:f5:44:67:24:2f:
         b8:24:78:43:d7:b5:05:46:fd:f1:65:a2:bd:69:8e:d1:3a:bf:
         06:20:8b:3f:04:80:0d:5d:19:30:78:21:26:2b:5d:39:4a:85:
         d0:2f:f0:8e:46:07:92:71:6a:e3:19:2c:21:b0:73:81:84:66:
         19:9b:b4:e2:e2:b4:d0:d0:b3:21:b9:ab:e0:d3:3b:36:fb:43:
         7c:a2:77:6a:ba:b8:7d:f7:8c:65:f9:ba:a1:c0:45:ab:af:82:
         5e:bf:97:ae:a8:5a:8a:bc:de:e0:e6:0f:71:55:33:31:ff:5d:
         44:83:22:09:9c:80:0b:3d:d4:43:d6:23:f2:91:36:06:d8:c9:
         ae:1c:6f:31:9d:18:84:af:d5:5a:1f:79:a0:7e:c8:60:ce:7d:
         d5:01:78:e7:44:33:8f:96:8a:1d:53:e7:fa:e9:fc:9e:a7:9f:
         b1:05:dd:f8:50:89:02:54:ff:e7:c6:9b:31:94:61:35:fa:e7:
         1b:8e:32:a4:53:a3:e1:a1:05:ff:f4:23:d7:8f:50:90:f3:02:
         cf:9f:2f:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbpIGA+vtxASqOr83Pa+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTBhOGExYmI3MTUxYWNkODIyNDMwMzE3NjI4ODE2MjVkZWQ2M2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHL1AmMDemH8zgvZYYG8A6+vluSR
QFq2ZAxshk5ezh3oEpfbiybDRzH0XROmUIhcqULgDk+JG4J+w9r3mlRG4pWDi+R8
pDSUcjWkkKU1r9RfpTnJARhHtuTR8Zo0CWygMEHlr1jSPpPxkPsRPbRMSFP0efJ7
ON5kLKpUGjGgYc0/OPn8voQ5LklZ5k32BBc1CrvCYW1iQvUCHd3h/0ORsO+ypK4a
uiS6TsNjsRdrKBwT+J2ziwdxe7ZkCKn+h7AC5rlpBKBtHxUxQ87DfttWONLosM9I
trIIxgebLJWREXVKCKPjlAK0MnXc132mIDLHDqpGf4NJ1YHZvDZ1QjVAXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMEKihu3FRrNgiQwMXYogWJd7WO9MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvd1FxS0c3Y1ZHczJDSkRBeGRpaUJZbDN0WTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVR0OAwQA
VR0SAwQAVR0hMA0GCSqGSIb3DQEBCwUAA4IBAQCVApS1+twwTQHkP5GnZQew0KAA
D8Cn2jyIenc47Ggk+ptVmzKerNxxTbGiWp6CChX/9URnJC+4JHhD17UFRv3xZaK9
aY7ROr8GIIs/BIANXRkweCEmK105SoXQL/CORgeScWrjGSwhsHOBhGYZm7Ti4rTQ
0LMhuavg0zs2+0N8ondqurh994xl+bqhwEWrr4Jev5euqFqKvN7g5g9xVTMx/11E
gyIJnIALPdRD1iPykTYG2MmuHG8xnRiEr9VaH3mgfshgzn3VAXjnRDOPloodU+f6
6fyep5+xBd34UIkCVP/nxpsxlGE1+ucbjjKkU6PhoQX/9CPXj1CQ8wLPny+0
-----END CERTIFICATE-----