Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/XdU9ba_H8wvW9YWGekfY-RC6fac.roa
File:                     XdU9ba_H8wvW9YWGekfY-RC6fac.roa (raw, json)
Hash identifier:          t+t6oWtjjjeUHSoz5gNWccz0VBGlDxWsh2LU4cszm7w=
Subject key identifier:   5D:D5:3D:6D:AF:C7:F3:0B:D6:F5:85:86:7A:47:D8:F9:10:BA:7D:A7
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01987EF60596DE1ED27B0F8203F081BB5DB9
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/XdU9ba_H8wvW9YWGekfY-RC6fac.roa
Signing time:             Wed 06 Aug 2025 10:38:29 +0000
ROA not before:           Wed 06 Aug 2025 10:38:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        85.239.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:f6:05:96:de:1e:d2:7b:0f:82:03:f0:81:bb:5d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug  6 10:38:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dd53d6dafc7f30bd6f585867a47d8f910ba7da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dc:60:37:65:40:46:88:0f:44:50:3c:88:19:
                    29:a2:ee:da:17:f9:89:c6:28:14:df:6a:dc:db:6e:
                    e3:92:6a:30:df:8e:d4:69:2d:dc:3f:e0:09:5c:3a:
                    5c:81:11:0e:87:df:50:97:c8:39:d7:db:55:74:8e:
                    2c:df:72:f9:cc:e7:22:b3:fe:50:2f:9f:83:16:51:
                    cc:be:03:ee:ce:59:d7:13:4c:8f:82:f7:d3:ee:e2:
                    57:69:58:9a:b1:a2:94:53:27:e2:0b:d3:3e:8a:8b:
                    57:c0:82:40:bd:22:91:4a:1c:f5:fd:39:02:7d:65:
                    8b:ad:8c:c5:95:4c:74:fe:d4:98:4c:a2:d9:0a:5c:
                    6f:69:84:37:2e:b3:26:dc:de:af:26:aa:0f:51:48:
                    6a:36:28:d0:a5:89:a6:82:02:9f:7c:fb:e0:09:52:
                    e7:96:af:11:21:4b:9e:2f:44:c2:2f:15:ab:bb:0b:
                    bd:e1:ee:ec:67:bd:8b:16:b0:31:ea:56:9d:86:b0:
                    7a:79:4f:c1:4c:a2:8c:65:80:03:02:71:89:a9:13:
                    48:8e:1d:47:a8:94:6b:87:4c:5a:02:b5:98:93:5f:
                    25:8e:04:95:f3:28:26:d0:cc:12:3b:d6:f7:4c:c2:
                    62:4d:11:34:4c:6f:94:43:c4:19:cd:41:19:2a:37:
                    ed:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D5:3D:6D:AF:C7:F3:0B:D6:F5:85:86:7A:47:D8:F9:10:BA:7D:A7
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/XdU9ba_H8wvW9YWGekfY-RC6fac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:5e:3e:f0:96:09:47:51:8e:56:12:46:c9:b3:ea:8e:64:24:
         ef:ed:ad:64:1f:ec:97:ea:ee:61:d8:e5:98:f9:11:88:d1:81:
         29:b6:3a:58:66:30:68:a9:0d:63:27:4a:01:13:d2:04:1a:ff:
         fd:0d:ab:a7:70:dc:d4:e7:b3:8c:73:a1:67:fe:1b:31:2d:3b:
         9a:b1:e0:e9:71:3e:9d:1e:43:f3:52:b7:b6:64:4f:ed:20:b0:
         64:2f:3c:89:61:75:c5:b1:e3:ba:5c:d9:99:83:57:f7:b3:9d:
         0b:4c:84:5d:fe:ba:90:86:69:7d:d6:bc:3c:d9:41:9d:80:97:
         ee:e3:fa:cb:99:cb:c5:d5:bb:1d:1b:ca:81:93:bd:29:0c:3f:
         db:06:21:93:45:36:94:81:ae:73:24:f7:24:21:36:97:bc:f4:
         84:68:16:45:6a:7b:31:eb:74:c0:46:52:f2:47:66:e4:d8:36:
         b3:0c:29:d1:e8:c8:8d:03:a3:fc:4b:82:71:96:92:78:6f:54:
         61:b9:6b:fd:5a:fb:59:20:7e:43:e3:e2:3e:2c:07:b3:f3:f9:
         57:fe:87:e3:13:18:dc:80:09:19:76:ba:3d:d7:ab:4a:26:8e:
         20:42:c2:db:cb:b4:25:11:f6:63:fc:a0:a7:b1:1a:71:39:29:
         21:b0:f9:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh+9gWW3h7Sew+CA/CBu125MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwODA2MTAzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ1M2Q2ZGFmYzdmMzBiZDZmNTg1ODY3YTQ3ZDhmOTEwYmE3ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9xgN2VARogPRFA8iBkpou7aF/mJ
xigU32rc227jkmow347UaS3cP+AJXDpcgREOh99Ql8g519tVdI4s33L5zOcis/5Q
L5+DFlHMvgPuzlnXE0yPgvfT7uJXaViasaKUUyfiC9M+iotXwIJAvSKRShz1/TkC
fWWLrYzFlUx0/tSYTKLZClxvaYQ3LrMm3N6vJqoPUUhqNijQpYmmggKffPvgCVLn
lq8RIUueL0TCLxWruwu94e7sZ72LFrAx6ladhrB6eU/BTKKMZYADAnGJqRNIjh1H
qJRrh0xaArWYk18ljgSV8ygm0MwSO9b3TMJiTRE0TG+UQ8QZzUEZKjft/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3VPW2vx/ML1vWFhnpH2PkQun2nMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvWGRVOWJhX0g4d3ZXOVlXR2VrZlktUkM2ZmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+UMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Xj7wlglHUY5WEkbJs+qOZCTv7a1kH+yX6u5h2OWY
+RGI0YEptjpYZjBoqQ1jJ0oBE9IEGv/9DauncNzU57OMc6Fn/hsxLTuaseDpcT6d
HkPzUre2ZE/tILBkLzyJYXXFseO6XNmZg1f3s50LTIRd/rqQhml91rw82UGdgJfu
4/rLmcvF1bsdG8qBk70pDD/bBiGTRTaUga5zJPckITaXvPSEaBZFansx63TARlLy
R2bk2DazDCnR6MiNA6P8S4JxlpJ4b1RhuWv9WvtZIH5D4+I+LAez8/lX/ofjExjc
gAkZdro916tKJo4gQsLby7QlEfZj/KCnsRpxOSkhsPlF
-----END CERTIFICATE-----