Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/pniJJNnWhCfy3Bn0AhMHiTWAr6k.roa
File:                     pniJJNnWhCfy3Bn0AhMHiTWAr6k.roa (raw, json)
Hash identifier:          uHFIjcBGn6an09Ws8UMUg78JE8uxR/arjS4krwd5r7c=
Subject key identifier:   A6:78:89:24:D9:D6:84:27:F2:DC:19:F4:02:13:07:89:35:80:AF:A9
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0196669F2F7C0C4D5F45D31F6352D7B66191
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/pniJJNnWhCfy3Bn0AhMHiTWAr6k.roa
Signing time:             Thu 24 Apr 2025 07:07:10 +0000
ROA not before:           Thu 24 Apr 2025 07:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41989
IP address blocks:        85.239.152.0/22 maxlen: 22
                          178.239.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:9f:2f:7c:0c:4d:5f:45:d3:1f:63:52:d7:b6:61:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Apr 24 07:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6788924d9d68427f2dc19f4021307893580afa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:c7:2f:ee:c4:9f:29:a6:90:ab:95:82:02:
                    57:dd:d9:1e:ab:48:7a:1d:51:f1:0d:34:0d:ac:5e:
                    8f:5f:78:9c:8c:7f:0b:61:3e:74:fd:7a:01:5f:8a:
                    ab:0f:94:35:15:43:dc:f7:61:b5:8e:26:00:f7:f1:
                    ea:b8:18:77:32:ea:fd:2d:3f:62:5d:b2:53:ca:2b:
                    82:ef:d7:d6:f0:5a:06:21:58:84:6a:8e:10:32:33:
                    e3:04:3f:99:a8:c5:76:f4:55:b0:45:d3:b7:27:a9:
                    87:bc:dd:b6:dc:27:e2:6f:d5:95:7a:3c:05:2f:4e:
                    45:e8:25:30:61:02:4c:50:2a:0a:f0:44:e8:5b:56:
                    f2:01:27:92:56:01:b3:b3:5c:91:66:46:7a:d8:e1:
                    63:94:f9:27:48:eb:2c:fe:5b:6e:d7:78:54:b5:d0:
                    b6:26:cb:7c:8d:e0:f6:1b:11:79:83:ee:83:1f:63:
                    ba:5f:ca:c9:d0:75:e1:ff:4b:a5:19:ca:71:ed:fc:
                    7a:f4:68:0d:d7:ea:4e:f2:3d:20:98:81:de:45:64:
                    40:e1:bc:6b:57:68:3b:f2:4c:55:ba:0f:a5:2a:e3:
                    90:5f:65:82:71:6c:6f:b5:25:6a:ac:0d:45:3e:6e:
                    c1:da:d1:21:af:0d:8d:cb:b6:1e:da:fa:8a:4b:0d:
                    7e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:78:89:24:D9:D6:84:27:F2:DC:19:F4:02:13:07:89:35:80:AF:A9
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/pniJJNnWhCfy3Bn0AhMHiTWAr6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.152.0/22
                  178.239.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:55:8d:e0:5c:d9:0d:08:15:00:7d:9f:de:96:78:ee:dc:
         fd:4d:e0:c3:fe:5b:b0:84:df:5d:26:e6:aa:4c:55:d0:fc:55:
         60:fd:2f:9f:39:08:3a:ef:27:1e:08:3c:bb:58:bb:00:7a:ed:
         59:99:cc:e0:80:66:5f:09:bb:32:af:cd:7f:57:11:4d:c1:d8:
         01:b2:a5:f5:9e:27:5f:82:7b:84:07:7c:72:2c:35:57:de:db:
         80:61:ff:62:ea:92:0d:a2:6a:9b:bb:0f:99:53:3a:e4:fe:55:
         2b:2f:d7:1a:32:fd:89:1a:15:2d:3f:a6:dd:18:f1:15:14:c5:
         c3:83:db:6f:e0:ed:c6:75:bc:43:33:6e:2f:02:4b:c7:60:91:
         ca:fc:79:c6:54:3a:e0:30:97:e6:4b:33:31:96:01:06:3c:dd:
         03:86:e6:6b:6f:0b:99:9d:91:51:60:ff:89:6e:79:b4:3f:4c:
         67:75:f0:f7:27:fd:dc:18:46:e8:9f:c5:47:eb:e3:f8:76:5c:
         b5:fb:6a:41:c9:60:3b:4e:49:5a:f8:18:9b:db:89:05:b2:4f:
         a9:89:b1:4c:f4:64:de:d7:b4:94:34:48:f6:4c:52:92:3a:bc:
         43:21:97:2e:54:06:b1:95:61:31:c2:fb:30:df:44:a7:bc:56:
         e6:77:48:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZmny98DE1fRdMfY1LXtmGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNDI0MDcwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc4ODkyNGQ5ZDY4NDI3ZjJkYzE5ZjQwMjEzMDc4OTM1ODBhZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcHHL+7EnymmkKuVggJX3dkeq0h6
HVHxDTQNrF6PX3icjH8LYT50/XoBX4qrD5Q1FUPc92G1jiYA9/HquBh3Mur9LT9i
XbJTyiuC79fW8FoGIViEao4QMjPjBD+ZqMV29FWwRdO3J6mHvN223Cfib9WVejwF
L05F6CUwYQJMUCoK8EToW1byASeSVgGzs1yRZkZ62OFjlPknSOss/ltu13hUtdC2
Jst8jeD2GxF5g+6DH2O6X8rJ0HXh/0ulGcpx7fx69GgN1+pO8j0gmIHeRWRA4bxr
V2g78kxVug+lKuOQX2WCcWxvtSVqrA1FPm7B2tEhrw2Ny7Ye2vqKSw1+MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZ4iSTZ1oQn8twZ9AITB4k1gK+pMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvcG5pSkpObldoQ2Z5M0JuMEFoTUhpVFdBcjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVe+YAwQD
su9wMA0GCSqGSIb3DQEBCwUAA4IBAQAax1WN4FzZDQgVAH2f3pZ47tz9TeDD/luw
hN9dJuaqTFXQ/FVg/S+fOQg67yceCDy7WLsAeu1ZmczggGZfCbsyr81/VxFNwdgB
sqX1nidfgnuEB3xyLDVX3tuAYf9i6pINomqbuw+ZUzrk/lUrL9caMv2JGhUtP6bd
GPEVFMXDg9tv4O3GdbxDM24vAkvHYJHK/HnGVDrgMJfmSzMxlgEGPN0DhuZrbwuZ
nZFRYP+Jbnm0P0xndfD3J/3cGEbon8VH6+P4dly1+2pByWA7Tkla+Bib24kFsk+p
ibFM9GTe17SUNEj2TFKSOrxDIZcuVAaxlWExwvsw30SnvFbmd0jH
-----END CERTIFICATE-----