Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/s1oa9nzbeeHrOl4i5NEdlUPd2K8.roa
File:                     s1oa9nzbeeHrOl4i5NEdlUPd2K8.roa (raw, json)
Hash identifier:          fPPXyZdYCuE1e62BZGRaJfkllSNtfyYHIFWzxLymMVQ=
Subject key identifier:   B3:5A:1A:F6:7C:DB:79:E1:EB:3A:5E:22:E4:D1:1D:95:43:DD:D8:AF
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019A32398A7E0FC22DC2F0F4A19B409C3CA5
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/s1oa9nzbeeHrOl4i5NEdlUPd2K8.roa
Signing time:             Wed 29 Oct 2025 23:07:03 +0000
ROA not before:           Wed 29 Oct 2025 23:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        178.239.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:32:39:8a:7e:0f:c2:2d:c2:f0:f4:a1:9b:40:9c:3c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Oct 29 23:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b35a1af67cdb79e1eb3a5e22e4d11d9543ddd8af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:9a:98:7f:01:52:9d:4f:45:00:de:7b:91:
                    ae:c4:8f:5c:7d:ce:dd:ec:23:06:e1:06:2a:9d:c9:
                    bf:66:27:1b:ab:35:15:93:94:14:27:2e:b2:dd:fa:
                    24:7e:ca:09:98:b7:c8:cc:0e:61:f1:3d:9e:9b:0b:
                    a7:b9:7b:cb:27:31:75:00:4f:ff:63:e6:00:18:76:
                    3b:3a:8e:b9:6b:74:da:ee:d4:ef:f6:91:42:26:83:
                    85:d8:b6:94:3c:28:18:76:d1:ff:c5:23:01:0a:02:
                    ce:c0:21:0c:cd:04:c2:b8:db:ef:f4:07:88:b3:9b:
                    b0:05:ba:ad:be:af:c0:9f:b0:76:cb:64:69:8b:fc:
                    0a:55:7b:9c:5f:8f:70:b8:65:bf:a6:c5:8e:a7:87:
                    d2:bb:98:26:4c:a5:f3:18:98:19:98:ef:3e:c0:6a:
                    6b:80:90:bf:2c:23:d9:ca:9e:6d:ec:5f:c0:95:3d:
                    bd:88:51:20:80:71:43:a2:9d:b4:d5:0f:58:72:29:
                    c8:9c:d7:47:8e:ed:bd:d6:92:5b:53:d2:d6:9b:fa:
                    ad:29:33:18:6e:5c:f2:59:d0:fa:62:e7:f2:e1:d4:
                    4f:0b:26:2e:f2:9f:53:0d:05:70:0c:0f:52:a8:2c:
                    c8:b7:c7:e8:97:74:01:7e:b8:9d:bd:37:5a:70:1f:
                    4b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5A:1A:F6:7C:DB:79:E1:EB:3A:5E:22:E4:D1:1D:95:43:DD:D8:AF
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/s1oa9nzbeeHrOl4i5NEdlUPd2K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:96:69:bf:85:12:43:76:e1:a3:fd:cd:d3:24:66:0d:a1:43:
         b7:9c:80:d2:2b:b2:0f:39:89:a0:01:10:12:ef:79:bb:08:6c:
         6c:db:e2:15:10:48:b1:28:e5:e6:8f:8f:4a:c3:e1:a6:34:b0:
         68:0a:85:b9:0a:b0:04:01:57:6b:27:00:f2:d9:d9:5b:51:42:
         70:57:2f:95:e4:2a:55:f7:77:9c:9f:1c:51:6b:47:09:f5:7a:
         23:93:98:16:70:06:18:e1:51:38:c3:a0:ec:ca:0a:c6:76:23:
         d5:68:65:aa:f0:4a:1f:4a:ae:c7:c1:90:de:07:be:6f:ed:d9:
         c7:26:1c:15:7e:d8:a5:92:2d:eb:64:b2:71:f1:08:49:64:32:
         06:a5:a0:d9:cb:cf:76:4f:b6:87:75:90:62:ca:4e:c9:07:93:
         bd:4b:c4:66:3d:09:37:c7:ca:d9:64:cc:c1:28:9c:65:98:c0:
         41:c3:e6:3f:ba:c3:b7:21:fb:de:1a:eb:4d:51:63:f2:a1:e9:
         21:2c:47:f2:14:1f:f1:b9:c2:09:b0:80:8b:89:b1:b5:2e:12:
         03:99:06:dc:eb:9e:e3:9b:e5:9b:21:67:46:e0:f9:a3:9c:63:
         40:95:f5:69:af:db:ed:4d:8a:65:9e:b7:c5:ec:96:85:60:77:
         c9:d6:77:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoyOYp+D8ItwvD0oZtAnDylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUxMDI5MjMwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVhMWFmNjdjZGI3OWUxZWIzYTVlMjJlNGQxMWQ5NTQzZGRkOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEaamH8BUp1PRQDee5GuxI9cfc7d
7CMG4QYqncm/ZicbqzUVk5QUJy6y3fokfsoJmLfIzA5h8T2emwunuXvLJzF1AE//
Y+YAGHY7Oo65a3Ta7tTv9pFCJoOF2LaUPCgYdtH/xSMBCgLOwCEMzQTCuNvv9AeI
s5uwBbqtvq/An7B2y2Rpi/wKVXucX49wuGW/psWOp4fSu5gmTKXzGJgZmO8+wGpr
gJC/LCPZyp5t7F/AlT29iFEggHFDop201Q9YcinInNdHju291pJbU9LWm/qtKTMY
blzyWdD6Yufy4dRPCyYu8p9TDQVwDA9SqCzIt8fol3QBfridvTdacB9LDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNaGvZ823nh6zpeIuTRHZVD3divMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvczFvYTluemJlZUhyT2w0aTVORWRsVVBkMks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu90MA0G
CSqGSIb3DQEBCwUAA4IBAQAAlmm/hRJDduGj/c3TJGYNoUO3nIDSK7IPOYmgARAS
73m7CGxs2+IVEEixKOXmj49Kw+GmNLBoCoW5CrAEAVdrJwDy2dlbUUJwVy+V5CpV
93ecnxxRa0cJ9Xojk5gWcAYY4VE4w6DsygrGdiPVaGWq8EofSq7HwZDeB75v7dnH
JhwVftilki3rZLJx8QhJZDIGpaDZy892T7aHdZBiyk7JB5O9S8RmPQk3x8rZZMzB
KJxlmMBBw+Y/usO3IfveGutNUWPyoekhLEfyFB/xucIJsICLibG1LhIDmQbc657j
m+WbIWdG4PmjnGNAlfVpr9vtTYplnrfF7JaFYHfJ1ncb
-----END CERTIFICATE-----