Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Q8PmaVsu91FafNMJSiUguBXDAy4.roa
File:                     Q8PmaVsu91FafNMJSiUguBXDAy4.roa (raw, json)
Hash identifier:          v/8qlXzfsrMPaxgUO4OHSG4SXigE1NDzd1YZIaC3Tfs=
Subject key identifier:   43:C3:E6:69:5B:2E:F7:51:5A:7C:D3:09:4A:25:20:B8:15:C3:03:2E
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019767DA6F127595AC41547BE36F8320C1E9
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Q8PmaVsu91FafNMJSiUguBXDAy4.roa
Signing time:             Fri 13 Jun 2025 05:54:17 +0000
ROA not before:           Fri 13 Jun 2025 05:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        178.239.127.0/24 maxlen: 24
                          185.95.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:67:da:6f:12:75:95:ac:41:54:7b:e3:6f:83:20:c1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jun 13 05:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43c3e6695b2ef7515a7cd3094a2520b815c3032e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:38:00:e4:30:47:b2:f8:30:c2:9f:1f:74:8c:
                    fb:49:52:f4:28:05:a8:d1:01:8e:22:ff:b3:2a:af:
                    50:c0:6e:3a:99:d7:ed:7c:2b:36:df:f1:f2:f7:f4:
                    ff:c1:07:25:5d:e9:30:3a:9b:73:3a:ba:d3:fb:ce:
                    c0:a0:6a:db:18:85:0e:47:b3:75:bb:98:7c:1a:51:
                    71:26:d8:e9:44:d9:46:98:4b:0d:09:12:64:a4:14:
                    5f:54:b8:7e:45:f2:2b:92:3f:ea:c3:6b:fe:60:f2:
                    ae:2d:b4:97:e5:1b:ef:65:a4:bb:d8:50:c2:0f:c5:
                    de:2e:c7:a1:bc:38:66:c3:d5:9c:5f:bc:19:08:8a:
                    5a:c2:ab:96:f5:a0:48:30:f0:89:d7:8e:cd:e5:6e:
                    8e:c1:35:08:3a:8a:4b:af:d3:bc:b9:f5:a2:48:23:
                    a6:a7:26:fa:00:1c:38:8c:eb:f5:58:cf:c2:e5:dd:
                    95:71:32:d2:ae:b8:51:36:e1:68:5f:d1:07:5f:93:
                    2e:ce:85:c5:36:b1:d3:fe:e5:21:53:e8:0e:38:38:
                    61:ef:a2:20:0d:7a:70:7c:94:58:c6:75:17:98:c4:
                    a5:5c:90:5d:08:86:98:33:44:d8:0f:85:81:0d:92:
                    32:3c:11:09:76:5e:4b:82:53:3e:ae:76:26:fc:33:
                    61:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C3:E6:69:5B:2E:F7:51:5A:7C:D3:09:4A:25:20:B8:15:C3:03:2E
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/Q8PmaVsu91FafNMJSiUguBXDAy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.127.0/24
                  185.95.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:f0:00:9d:01:32:17:c3:6d:1e:a0:9e:e7:0c:99:d3:73:76:
         f0:8f:9c:ab:6f:bd:b1:f7:47:fe:c8:b2:d5:42:df:45:b7:b1:
         21:33:aa:95:c4:71:25:ac:e4:b4:f3:fd:ea:27:3d:e7:1a:12:
         f6:f4:9a:bf:02:e1:4d:a1:ea:16:76:7e:46:62:e6:be:e0:50:
         f0:fe:aa:cb:eb:2c:16:aa:35:b4:e4:f2:f8:f3:e7:8d:f8:a2:
         ca:47:c8:1e:fe:df:54:75:f5:e5:c4:3d:62:04:00:a4:c6:ad:
         36:a1:31:cb:dc:2c:1b:d6:cf:d6:30:ad:c2:e2:a7:f4:87:dc:
         69:ea:7d:5d:99:52:c3:ef:b2:4f:51:12:fb:8c:c1:1e:a7:ea:
         93:75:52:4a:bc:02:86:e4:45:29:75:55:9e:b4:6a:cb:6b:f0:
         f4:f3:79:c6:a3:92:3c:93:96:ab:ec:01:3e:fd:5a:99:22:b0:
         16:27:34:1b:98:0a:57:f7:76:e2:39:10:1d:10:ce:4a:75:60:
         1d:02:2b:ff:34:1c:67:f3:8a:e4:11:4b:af:e0:a5:2b:21:ec:
         a5:eb:00:6a:c4:ac:87:d5:c0:6c:8a:ee:0f:3a:e4:f9:9c:b7:
         7f:38:2d:70:e5:3b:01:9b:81:85:28:2b:bb:bc:08:fc:e7:9f:
         1c:bc:be:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdn2m8SdZWsQVR742+DIMHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNjEzMDU1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MzZTY2OTViMmVmNzUxNWE3Y2QzMDk0YTI1MjBiODE1YzMwMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+DgA5DBHsvgwwp8fdIz7SVL0KAWo
0QGOIv+zKq9QwG46mdftfCs23/Hy9/T/wQclXekwOptzOrrT+87AoGrbGIUOR7N1
u5h8GlFxJtjpRNlGmEsNCRJkpBRfVLh+RfIrkj/qw2v+YPKuLbSX5RvvZaS72FDC
D8XeLsehvDhmw9WcX7wZCIpawquW9aBIMPCJ147N5W6OwTUIOopLr9O8ufWiSCOm
pyb6ABw4jOv1WM/C5d2VcTLSrrhRNuFoX9EHX5MuzoXFNrHT/uUhU+gOODhh76Ig
DXpwfJRYxnUXmMSlXJBdCIaYM0TYD4WBDZIyPBEJdl5LglM+rnYm/DNhSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEPD5mlbLvdRWnzTCUolILgVwwMuMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUThQbWFWc3U5MUZhZk5NSlNpVWd1QlhEQXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu9/AwQA
uV+eMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ACdATIXw20eoJ7nDJnTc3bwj5yrb72x
90f+yLLVQt9Ft7EhM6qVxHElrOS08/3qJz3nGhL29Jq/AuFNoeoWdn5GYua+4FDw
/qrL6ywWqjW05PL48+eN+KLKR8ge/t9UdfXlxD1iBACkxq02oTHL3Cwb1s/WMK3C
4qf0h9xp6n1dmVLD77JPURL7jMEep+qTdVJKvAKG5EUpdVWetGrLa/D083nGo5I8
k5ar7AE+/VqZIrAWJzQbmApX93biORAdEM5KdWAdAiv/NBxn84rkEUuv4KUrIeyl
6wBqxKyH1cBsiu4POuT5nLd/OC1w5TsBm4GFKCu7vAj8558cvL7F
-----END CERTIFICATE-----