Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/29X24t7NT92aPG0z8RFQ23FS_jI.roa
File:                     29X24t7NT92aPG0z8RFQ23FS_jI.roa (raw, json)
Hash identifier:          G93+tglWxysvDK8JilYNm/tTbVtqW4gZHsRQKbZKomk=
Subject key identifier:   DB:D5:F6:E2:DE:CD:4F:DD:9A:3C:6D:33:F1:11:50:DB:71:52:FE:32
Certificate issuer:       /CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
Certificate serial:       01963475D630F1BC8B4997C7C3CD9AE4A5DB
Authority key identifier: 21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/29X24t7NT92aPG0z8RFQ23FS_jI.roa
Signing time:             Mon 14 Apr 2025 13:20:59 +0000
ROA not before:           Mon 14 Apr 2025 13:20:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.25.113.0/24 maxlen: 24
                          185.25.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:75:d6:30:f1:bc:8b:49:97:c7:c3:cd:9a:e4:a5:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
        Validity
            Not Before: Apr 14 13:20:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbd5f6e2decd4fdd9a3c6d33f11150db7152fe32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:38:33:b2:66:e8:2e:4e:39:a2:d3:fe:6e:93:
                    f7:66:5d:48:13:f2:b3:3b:e4:c5:20:39:b5:ee:df:
                    50:c4:ea:60:fb:a4:03:9c:03:84:3a:f2:69:ad:1b:
                    95:39:66:ca:97:ac:99:a7:bc:23:48:a8:96:6e:5e:
                    df:ff:b3:cd:28:ad:1a:4e:72:af:33:9f:6c:1e:f1:
                    4d:5b:70:ad:a2:88:bf:0d:27:d7:03:f9:20:0c:32:
                    4c:57:5f:36:c8:7f:7d:52:3f:e6:64:12:d1:4c:cc:
                    16:b1:b7:db:6c:1a:ef:89:ec:95:d9:ff:01:9c:3a:
                    db:56:25:1e:d9:fe:69:88:b2:74:3f:d1:39:b0:57:
                    33:f0:11:9e:14:e6:fe:32:ae:2a:a7:6d:7b:ef:2f:
                    bf:1d:10:d3:28:28:e6:92:66:9e:a6:aa:35:7d:48:
                    fa:9e:d1:9e:1b:e7:2c:b0:7e:2d:77:5d:71:86:48:
                    85:f0:f9:b7:e5:c9:1d:94:68:ba:02:b0:40:8f:f1:
                    97:2d:3c:57:d9:5d:83:09:f5:c6:0e:41:71:c0:d8:
                    d8:f6:2d:9d:2f:8e:96:99:35:6c:29:6f:54:e2:b8:
                    c6:49:a7:36:0e:0c:7e:8c:92:d7:de:d9:f4:77:ee:
                    4d:f4:9b:92:6b:3c:f8:98:6e:88:0f:81:65:e7:c1:
                    15:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D5:F6:E2:DE:CD:4F:DD:9A:3C:6D:33:F1:11:50:DB:71:52:FE:32
            X509v3 Authority Key Identifier:
                keyid:21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/29X24t7NT92aPG0z8RFQ23FS_jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.113.0-185.25.114.255

    Signature Algorithm: sha256WithRSAEncryption
         ca:dc:7b:7d:58:2a:5c:a5:80:e6:a7:25:8f:e5:51:05:e1:4f:
         d8:c0:8d:2e:2e:c6:fd:9a:4b:ab:ae:e3:0c:4b:c1:e5:a1:47:
         1c:62:19:36:b8:c5:ff:92:b2:83:7c:5e:8c:b0:b0:63:0f:27:
         e0:88:a7:e9:b9:b1:de:b8:52:77:08:2b:ca:14:6c:90:08:a7:
         a6:68:14:8f:bd:9f:99:a8:8d:13:6d:90:df:84:78:26:47:3a:
         aa:e3:dd:09:aa:5e:73:56:4a:96:88:03:d3:87:ef:38:d2:45:
         8a:b9:3f:ad:0f:57:51:34:50:bd:17:59:47:12:e5:c5:b9:11:
         be:a9:7d:5f:a8:3d:cf:20:ba:c3:73:18:d5:c4:4a:8a:0e:7b:
         c0:e9:3b:8a:77:30:2d:3d:81:6d:13:64:c0:f6:82:fb:cd:7f:
         11:cd:d4:de:4b:e9:e3:68:48:3b:cf:07:e7:c2:f0:f3:05:ce:
         46:e4:b1:71:96:3b:5c:ba:9c:4c:c9:58:ba:f1:a3:80:77:76:
         12:72:69:b1:12:09:5d:b2:c3:1c:64:2d:a2:06:3d:82:05:f5:
         af:30:09:55:c4:57:ec:bb:94:f3:c8:a8:e9:12:15:8b:40:1f:
         e4:10:59:db:f9:ea:d2:4e:ef:1b:40:05:6c:67:86:e5:d4:09:
         5a:e9:63:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZY0ddYw8byLSZfHw82a5KXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzE2NzJkYmJiZjcxNjVhNmE4M2IzMjI3YTcxMTlmMGQz
MWU4ZWUwHhcNMjUwNDE0MTMyMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ1ZjZlMmRlY2Q0ZmRkOWEzYzZkMzNmMTExNTBkYjcxNTJmZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTgzsmboLk45otP+bpP3Zl1IE/Kz
O+TFIDm17t9QxOpg+6QDnAOEOvJprRuVOWbKl6yZp7wjSKiWbl7f/7PNKK0aTnKv
M59sHvFNW3Ctooi/DSfXA/kgDDJMV182yH99Uj/mZBLRTMwWsbfbbBrvieyV2f8B
nDrbViUe2f5piLJ0P9E5sFcz8BGeFOb+Mq4qp2177y+/HRDTKCjmkmaepqo1fUj6
ntGeG+cssH4td11xhkiF8Pm35ckdlGi6ArBAj/GXLTxX2V2DCfXGDkFxwNjY9i2d
L46WmTVsKW9U4rjGSac2Dgx+jJLX3tn0d+5N9JuSazz4mG6ID4Fl58EVnwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNvV9uLezU/dmjxtM/ERUNtxUv4yMB8GA1UdIwQY
MBaAFCHBZy27v3Flpqg7MienEZ8NMejuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQt
MzQ3N2M3ZmNkNGQ5LzEvMjlYMjR0N05UOTJhUEcwejhSRlEyM0ZTX2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQtMzQ3N2M3ZmNkNGQ5
LzEvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5GXED
BAC5GXIwDQYJKoZIhvcNAQELBQADggEBAMrce31YKlylgOanJY/lUQXhT9jAjS4u
xv2aS6uu4wxLweWhRxxiGTa4xf+SsoN8XoywsGMPJ+CIp+m5sd64UncIK8oUbJAI
p6ZoFI+9n5mojRNtkN+EeCZHOqrj3QmqXnNWSpaIA9OH7zjSRYq5P60PV1E0UL0X
WUcS5cW5Eb6pfV+oPc8gusNzGNXESooOe8DpO4p3MC09gW0TZMD2gvvNfxHN1N5L
6eNoSDvPB+fC8PMFzkbksXGWO1y6nEzJWLrxo4B3dhJyabESCV2ywxxkLaIGPYIF
9a8wCVXEV+y7lPPIqOkSFYtAH+QQWdv56tJO7xtABWxnhuXUCVrpY6w=
-----END CERTIFICATE-----