Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/0CJ7pV2pBkyjn4ci_dk7owBM5Ao.roa
File:                     0CJ7pV2pBkyjn4ci_dk7owBM5Ao.roa (raw, json)
Hash identifier:          /u9I8G3PvT6eUquBHLuKrk45fMJQUlivaFEDmnzwFSU=
Subject key identifier:   D0:22:7B:A5:5D:A9:06:4C:A3:9F:87:22:FD:D9:3B:A3:00:4C:E4:0A
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01988AFBF50C7E3710BCDC0A83FE6DB75E91
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/0CJ7pV2pBkyjn4ci_dk7owBM5Ao.roa
Signing time:             Fri 08 Aug 2025 18:40:24 +0000
ROA not before:           Fri 08 Aug 2025 18:40:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214693
IP address blocks:        85.239.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8a:fb:f5:0c:7e:37:10:bc:dc:0a:83:fe:6d:b7:5e:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug  8 18:40:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0227ba55da9064ca39f8722fdd93ba3004ce40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:69:ca:fc:d5:54:c3:97:51:74:dd:46:2c:77:
                    9a:36:cf:0a:14:1d:9f:c0:1a:dd:fa:bc:04:de:74:
                    3a:e8:ad:28:55:cb:ac:5f:17:16:e5:62:ab:79:83:
                    e5:c9:fe:82:c6:c3:a7:37:60:ee:3e:03:61:e5:4a:
                    32:8f:d5:74:91:8a:f9:15:ab:71:54:02:bd:c1:59:
                    c5:c6:58:eb:7a:16:4c:59:e5:d1:c1:e4:29:9c:e6:
                    10:73:4a:d1:91:b6:61:f1:14:55:22:ae:b1:57:59:
                    75:4d:6c:d5:23:06:46:2d:e5:bd:f5:b3:bc:34:c5:
                    36:0f:cd:be:e9:83:e5:28:20:2a:7b:92:99:38:0c:
                    43:21:03:3f:f9:5d:84:6f:57:0b:30:62:4e:df:48:
                    d5:84:d6:8e:e2:6e:66:45:c2:bb:67:b5:78:5b:7a:
                    6f:09:75:26:38:37:bd:22:71:f0:7a:70:f4:33:be:
                    51:df:3c:a5:3e:fb:95:d2:90:6c:11:1e:13:6c:f7:
                    f9:52:3c:bf:00:7b:6d:d5:4c:bb:e2:67:37:41:9b:
                    17:39:30:75:74:c3:b8:de:53:e0:b5:b9:62:52:95:
                    e4:ab:37:d6:2a:0b:4b:25:af:28:da:e6:1b:8c:40:
                    34:bc:6a:22:af:f0:9a:55:05:4f:10:b9:8b:d0:86:
                    93:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:22:7B:A5:5D:A9:06:4C:A3:9F:87:22:FD:D9:3B:A3:00:4C:E4:0A
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/0CJ7pV2pBkyjn4ci_dk7owBM5Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:2a:d9:3f:24:be:3d:0f:99:a4:85:14:72:58:68:28:47:ee:
         9a:ef:e7:b6:a2:f2:9c:00:16:dc:24:33:56:82:d3:22:68:ed:
         d3:07:af:c0:ed:64:23:47:ac:54:b1:b9:44:06:a4:0d:66:13:
         76:77:9f:29:9d:86:6a:3d:c1:d8:e5:82:fb:ac:0d:4e:c3:97:
         a9:59:f9:0e:8a:34:81:58:27:16:95:9d:d0:ef:fe:3e:ff:c4:
         30:a1:03:0f:23:3c:94:37:06:fe:4f:cb:8d:0c:d9:7d:e0:16:
         23:f7:89:90:fe:8e:7d:eb:53:04:96:0c:9e:9b:6e:8d:cf:63:
         eb:4c:0b:24:5a:b7:a2:80:07:7b:aa:0f:f7:79:59:fe:74:73:
         4d:f5:60:1e:54:17:83:5f:b3:50:f9:9f:d1:e6:ba:99:71:fa:
         e1:75:20:98:9f:10:b5:29:ba:6b:c2:78:df:0a:6a:de:ac:52:
         3e:5c:f8:6a:2e:2a:4e:a9:cd:87:27:c6:09:c5:48:d4:04:2a:
         57:7c:f8:e0:f6:f4:31:6c:47:44:4f:19:5f:20:b8:76:65:ab:
         80:78:24:ac:4a:ea:ac:27:7e:97:7e:e8:52:79:ff:bc:d2:60:
         e4:7a:a2:c1:4f:dd:5b:6d:3d:cd:d9:3b:18:60:f2:67:2b:5e:
         0d:d4:1a:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiK+/UMfjcQvNwKg/5tt16RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwODA4MTg0MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDIyN2JhNTVkYTkwNjRjYTM5Zjg3MjJmZGQ5M2JhMzAwNGNlNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGnK/NVUw5dRdN1GLHeaNs8KFB2f
wBrd+rwE3nQ66K0oVcusXxcW5WKreYPlyf6CxsOnN2DuPgNh5Uoyj9V0kYr5Fatx
VAK9wVnFxljrehZMWeXRweQpnOYQc0rRkbZh8RRVIq6xV1l1TWzVIwZGLeW99bO8
NMU2D82+6YPlKCAqe5KZOAxDIQM/+V2Eb1cLMGJO30jVhNaO4m5mRcK7Z7V4W3pv
CXUmODe9InHwenD0M75R3zylPvuV0pBsER4TbPf5Ujy/AHtt1Uy74mc3QZsXOTB1
dMO43lPgtbliUpXkqzfWKgtLJa8o2uYbjEA0vGoir/CaVQVPELmL0IaTDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAie6VdqQZMo5+HIv3ZO6MATOQKMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvMENKN3BWMnBCa3lqbjRjaV9kazdvd0JNNUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+bMA0G
CSqGSIb3DQEBCwUAA4IBAQDJKtk/JL49D5mkhRRyWGgoR+6a7+e2ovKcABbcJDNW
gtMiaO3TB6/A7WQjR6xUsblEBqQNZhN2d58pnYZqPcHY5YL7rA1Ow5epWfkOijSB
WCcWlZ3Q7/4+/8QwoQMPIzyUNwb+T8uNDNl94BYj94mQ/o5961MElgyem26Nz2Pr
TAskWreigAd7qg/3eVn+dHNN9WAeVBeDX7NQ+Z/R5rqZcfrhdSCYnxC1Kbprwnjf
CmrerFI+XPhqLipOqc2HJ8YJxUjUBCpXfPjg9vQxbEdETxlfILh2ZauAeCSsSuqs
J36XfuhSef+80mDkeqLBT91bbT3N2TsYYPJnK14N1Bpg
-----END CERTIFICATE-----