Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/wKUJgTwD7cFwdEtrEHOHqt6iRN8.roa
File:                     wKUJgTwD7cFwdEtrEHOHqt6iRN8.roa (raw, json)
Hash identifier:          kOGKpGaa2gE7ztgll470FJTFa167kUV848g0OHaW6ow=
Subject key identifier:   C0:A5:09:81:3C:03:ED:C1:70:74:4B:6B:10:73:87:AA:DE:A2:44:DF
Certificate issuer:       /CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Certificate serial:       0194266C22241A52E3C153CA304DE974A840
Authority key identifier: 29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/wKUJgTwD7cFwdEtrEHOHqt6iRN8.roa
Signing time:             Thu 02 Jan 2025 09:50:08 +0000
ROA not before:           Thu 02 Jan 2025 09:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201935
IP address blocks:        81.85.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:22:24:1a:52:e3:c1:53:ca:30:4d:e9:74:a8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
        Validity
            Not Before: Jan  2 09:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0a509813c03edc170744b6b107387aadea244df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:3c:97:b4:d3:8f:41:49:95:40:2a:20:20:47:
                    43:43:9d:74:cd:90:e8:13:eb:18:7d:97:42:97:48:
                    7e:df:6b:fc:23:85:83:03:26:f7:21:30:65:3a:08:
                    c1:65:9c:d6:35:89:d4:5e:03:66:55:36:9a:a0:95:
                    1c:2e:ce:45:7f:43:17:ee:38:69:a3:e1:f1:04:15:
                    9a:48:b8:98:d7:d5:1e:c2:1c:12:22:24:e6:3c:c4:
                    48:61:78:30:19:13:92:c0:41:c2:ce:61:16:d3:06:
                    99:2e:26:13:06:07:ab:b1:f9:f1:35:8e:16:d4:e1:
                    08:76:d4:4a:7d:9f:0d:4a:94:60:55:2b:fb:25:64:
                    b8:85:ce:33:77:2a:23:51:32:7d:a4:80:28:fb:84:
                    c1:66:05:8e:c2:b2:bb:0c:10:3c:08:27:c6:ed:6c:
                    8e:f7:c4:89:fc:60:d4:d7:88:7b:a5:cd:fa:93:18:
                    5f:e9:67:53:a5:9e:58:2a:69:ce:6f:bc:87:9a:5e:
                    42:38:ea:4e:93:28:87:df:b6:a2:16:5d:e3:d0:e0:
                    56:4c:d6:df:a4:ef:cf:db:80:e0:7e:77:1f:89:64:
                    74:60:da:e9:1c:95:ae:f3:86:34:bf:86:52:4f:a3:
                    14:16:b7:60:7b:a3:76:d7:e5:e3:f3:f5:eb:c9:68:
                    bc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A5:09:81:3C:03:ED:C1:70:74:4B:6B:10:73:87:AA:DE:A2:44:DF
            X509v3 Authority Key Identifier:
                keyid:29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/wKUJgTwD7cFwdEtrEHOHqt6iRN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.85.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:02:d8:b1:a4:09:5a:3a:90:2d:bd:0b:aa:18:28:78:e2:c7:
         22:ef:46:66:88:6b:05:d4:ac:d7:17:46:a8:ed:75:d2:5d:c5:
         8f:b4:a3:bd:07:95:17:4b:ed:f3:c7:c1:07:28:02:5f:33:a0:
         7f:65:fa:de:91:96:15:0d:fc:cc:58:5c:72:01:74:4e:af:20:
         c6:ba:b4:4e:f1:78:0e:23:f3:a0:f8:74:73:fd:6e:77:f1:c0:
         4f:08:86:4a:29:c7:7e:0d:5a:bb:67:9a:c0:fd:b6:e4:fb:7e:
         8e:8c:78:71:b1:9e:ef:b9:10:e0:ca:61:10:60:7d:f3:6c:5d:
         23:cc:4c:19:80:0f:2e:fe:b1:26:d4:b7:92:e0:98:27:f6:45:
         48:61:14:51:02:fd:32:38:e5:9d:5a:ee:0c:cd:e4:b3:c7:1b:
         2e:99:63:dd:70:74:ea:77:35:05:97:a3:8b:ee:06:9d:05:0f:
         fc:de:db:2f:66:f3:b8:d9:87:ff:4c:6d:5a:4a:c4:de:41:ca:
         71:f5:b0:0c:67:27:89:40:01:30:be:0a:0c:5a:57:63:dc:d6:
         f7:d8:5d:62:0a:06:32:28:b0:50:e1:77:7b:95:b9:c3:bf:3b:
         da:7c:3b:bf:e9:7b:b7:2c:c9:9a:ce:84:21:f3:7d:ba:d4:cc:
         72:eb:7e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbCIkGlLjwVPKME3pdKhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjZhMzAwYmY3ZDQwYjdmOGQ2MTgxYzViOGE3ZGJjNzFi
N2QxMjMwHhcNMjUwMTAyMDk1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGE1MDk4MTNjMDNlZGMxNzA3NDRiNmIxMDczODdhYWRlYTI0NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jyXtNOPQUmVQCogIEdDQ510zZDo
E+sYfZdCl0h+32v8I4WDAyb3ITBlOgjBZZzWNYnUXgNmVTaaoJUcLs5Ff0MX7jhp
o+HxBBWaSLiY19UewhwSIiTmPMRIYXgwGROSwEHCzmEW0waZLiYTBgersfnxNY4W
1OEIdtRKfZ8NSpRgVSv7JWS4hc4zdyojUTJ9pIAo+4TBZgWOwrK7DBA8CCfG7WyO
98SJ/GDU14h7pc36kxhf6WdTpZ5YKmnOb7yHml5COOpOkyiH37aiFl3j0OBWTNbf
pO/P24DgfncfiWR0YNrpHJWu84Y0v4ZST6MUFrdge6N21+Xj8/XryWi8bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMClCYE8A+3BcHRLaxBzh6reokTfMB8GA1UdIwQY
MBaAFCn2owC/fUC3+NYYHFuKfbxxt9EjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTct
Yjg0YzQxM2RmYWE0LzEvd0tVSmdUd0Q3Y0Z3ZEV0ckVIT0hxdDZpUk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTctYjg0YzQxM2RmYWE0
LzEvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVWnMA0G
CSqGSIb3DQEBCwUAA4IBAQApAtixpAlaOpAtvQuqGCh44sci70ZmiGsF1KzXF0ao
7XXSXcWPtKO9B5UXS+3zx8EHKAJfM6B/ZfrekZYVDfzMWFxyAXROryDGurRO8XgO
I/Og+HRz/W538cBPCIZKKcd+DVq7Z5rA/bbk+36OjHhxsZ7vuRDgymEQYH3zbF0j
zEwZgA8u/rEm1LeS4Jgn9kVIYRRRAv0yOOWdWu4MzeSzxxsumWPdcHTqdzUFl6OL
7gadBQ/83tsvZvO42Yf/TG1aSsTeQcpx9bAMZyeJQAEwvgoMWldj3Nb32F1iCgYy
KLBQ4Xd7lbnDvzvafDu/6Xu3LMmazoQh83261Mxy637v
-----END CERTIFICATE-----