Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/95FzUOf19GAUgH-NNap3guhoYwc.roa
File:                     95FzUOf19GAUgH-NNap3guhoYwc.roa (raw, json)
Hash identifier:          xIP1fB6Qn9UTZZo8HocsS+GRzZb3S08GTszP5U7/+78=
Subject key identifier:   F7:91:73:50:E7:F5:F4:60:14:80:7F:8D:35:AA:77:82:E8:68:63:07
Certificate issuer:       /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial:       01942827971A32E1A3E6475F65710CBBDF77
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/95FzUOf19GAUgH-NNap3guhoYwc.roa
Signing time:             Thu 02 Jan 2025 17:54:30 +0000
ROA not before:           Thu 02 Jan 2025 17:54:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24631
IP address blocks:        185.229.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:97:1a:32:e1:a3:e6:47:5f:65:71:0c:bb:df:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
        Validity
            Not Before: Jan  2 17:54:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7917350e7f5f46014807f8d35aa7782e8686307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:72:b0:46:b3:a4:f9:7b:ff:83:f8:7a:4b:4b:
                    db:a4:0e:e6:a4:d3:05:69:72:f7:c2:0e:a3:27:f3:
                    c3:2d:44:9d:ab:5c:a4:69:9e:b2:15:bd:62:36:61:
                    a4:de:44:8d:08:a5:7f:e7:79:44:b4:81:01:1e:8e:
                    b7:ef:78:a1:03:0e:08:cc:f7:e5:c7:95:87:0e:eb:
                    f3:46:36:15:12:7f:49:31:12:82:dd:e9:8d:59:54:
                    90:a6:a2:61:35:a2:52:03:23:e9:db:e5:e5:39:be:
                    17:5a:e4:2d:6f:21:2e:c5:27:e3:7c:cc:c1:a7:5f:
                    0d:c4:d5:47:a2:62:eb:f9:b4:6c:5f:47:89:be:c3:
                    45:a8:2f:3d:71:99:d2:95:a9:56:05:7d:8b:26:e3:
                    26:16:bf:d0:6a:94:0a:ad:9c:1f:68:7f:52:98:00:
                    e0:33:9a:a5:8a:a8:5f:24:68:89:e4:a7:a9:32:ab:
                    a7:ca:a5:3a:7d:67:53:43:92:da:e8:b7:f9:af:fd:
                    1b:bd:39:fe:22:06:43:a1:d9:dc:55:40:4a:c1:9e:
                    69:d4:a8:56:c0:06:80:7d:99:31:95:c1:c1:40:7e:
                    a8:05:8e:f9:3d:e7:94:d0:e0:19:98:49:de:67:d5:
                    94:0f:79:1a:f0:6b:90:94:35:87:0d:70:41:5f:ec:
                    fb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:91:73:50:E7:F5:F4:60:14:80:7F:8D:35:AA:77:82:E8:68:63:07
            X509v3 Authority Key Identifier:
                keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/95FzUOf19GAUgH-NNap3guhoYwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:cd:1b:14:19:40:e9:a3:b2:f8:66:46:c0:32:bd:94:f9:5a:
         de:73:a5:28:8d:dd:96:c9:e4:b5:9d:03:19:40:66:15:2d:8c:
         b2:b5:57:21:d5:55:ef:d4:cc:e0:4b:cc:96:f6:b9:1d:6d:ac:
         56:41:79:ef:42:74:9f:c3:2c:d3:1f:be:60:03:a0:88:a2:94:
         03:04:12:f8:31:69:7f:06:ed:7c:2f:8b:e9:15:2e:a1:53:5d:
         2f:77:b3:ed:e0:99:ba:05:05:b1:24:85:36:2a:c4:c9:99:2f:
         cf:c9:31:0c:66:4f:49:e1:64:8f:d2:b9:b9:cd:63:de:9d:2e:
         00:91:6f:71:d3:bb:6a:10:cd:ff:1b:c1:ea:fe:a7:ca:77:73:
         1d:55:2a:ec:98:ba:b6:d8:a5:05:8a:60:46:a7:88:f2:15:93:
         6e:5c:e7:f7:ca:21:bf:91:eb:c8:12:98:f4:76:dd:b5:02:09:
         fb:de:b8:4b:89:b9:ab:56:f4:7c:55:a1:c1:0e:4e:83:f7:2c:
         82:c4:9f:52:10:b8:7f:67:c2:e4:63:70:9d:ef:ef:87:a7:b6:
         86:c8:2b:de:25:e4:78:52:69:96:5f:5e:ec:40:65:a8:8d:b2:
         e8:4c:f7:66:11:72:63:28:5d:3b:b5:6d:3e:15:2e:f8:01:29:
         51:a6:c6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ5caMuGj5kdfZXEMu993MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjUwMTAyMTc1NDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzkxNzM1MGU3ZjVmNDYwMTQ4MDdmOGQzNWFhNzc4MmU4Njg2MzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nKwRrOk+Xv/g/h6S0vbpA7mpNMF
aXL3wg6jJ/PDLUSdq1ykaZ6yFb1iNmGk3kSNCKV/53lEtIEBHo6373ihAw4IzPfl
x5WHDuvzRjYVEn9JMRKC3emNWVSQpqJhNaJSAyPp2+XlOb4XWuQtbyEuxSfjfMzB
p18NxNVHomLr+bRsX0eJvsNFqC89cZnSlalWBX2LJuMmFr/QapQKrZwfaH9SmADg
M5qliqhfJGiJ5KepMqunyqU6fWdTQ5La6Lf5r/0bvTn+IgZDodncVUBKwZ5p1KhW
wAaAfZkxlcHBQH6oBY75PeeU0OAZmEneZ9WUD3ka8GuQlDWHDXBBX+z7AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeRc1Dn9fRgFIB/jTWqd4LoaGMHMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvOTVGelVPZjE5R0FVZ0gtTk5hcDNndWhvWXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUdMA0G
CSqGSIb3DQEBCwUAA4IBAQCwzRsUGUDpo7L4ZkbAMr2U+Vrec6Uojd2WyeS1nQMZ
QGYVLYyytVch1VXv1MzgS8yW9rkdbaxWQXnvQnSfwyzTH75gA6CIopQDBBL4MWl/
Bu18L4vpFS6hU10vd7Pt4Jm6BQWxJIU2KsTJmS/PyTEMZk9J4WSP0rm5zWPenS4A
kW9x07tqEM3/G8Hq/qfKd3MdVSrsmLq22KUFimBGp4jyFZNuXOf3yiG/kevIEpj0
dt21Agn73rhLibmrVvR8VaHBDk6D9yyCxJ9SELh/Z8LkY3Cd7++Hp7aGyCveJeR4
UmmWX17sQGWojbLoTPdmEXJjKF07tW0+FS74ASlRpsav
-----END CERTIFICATE-----