Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/us37SZ7RNUbaSudr0j73AHHye1o.roa
File:                     us37SZ7RNUbaSudr0j73AHHye1o.roa (raw, json)
Hash identifier:          KLr/YtrCbRT87T7LTeIIQHh5EghlDpEscckoXUC5tDs=
Subject key identifier:   BA:CD:FB:49:9E:D1:35:46:DA:4A:E7:6B:D2:3E:F7:00:71:F2:7B:5A
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019E936464C6BCAECB6C30E5D74F7F499E08
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/us37SZ7RNUbaSudr0j73AHHye1o.roa
Signing time:             Thu 04 Jun 2026 16:08:10 +0000
ROA not before:           Thu 04 Jun 2026 16:08:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200829
IP address blocks:        178.239.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:64:64:c6:bc:ae:cb:6c:30:e5:d7:4f:7f:49:9e:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jun  4 16:08:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bacdfb499ed13546da4ae76bd23ef70071f27b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:73:07:4a:93:29:ea:6a:aa:ad:0b:f1:c9:08:
                    c9:7e:bc:61:97:4e:48:06:27:95:88:da:52:e2:d3:
                    dc:89:fa:3d:59:41:40:28:06:c6:77:23:0a:da:f2:
                    d3:25:ff:f6:75:67:d9:42:d2:74:8b:32:92:aa:c2:
                    49:64:87:3f:9e:20:cc:51:87:0f:35:26:d9:9b:8d:
                    0d:4e:9b:25:79:fc:c1:b1:24:78:27:86:fc:91:ff:
                    46:42:f7:db:cc:8d:c9:0b:2c:42:a0:76:b4:9e:34:
                    e5:c0:10:6c:33:c2:12:f9:33:0f:d8:d0:45:3c:4c:
                    ce:a1:1a:f7:e0:a1:b0:d2:7e:bc:86:78:53:0e:f2:
                    5e:aa:ae:90:c5:fe:29:e4:a0:26:4f:ef:d8:90:bf:
                    08:fd:0b:fb:dc:66:00:26:57:a4:f2:cf:5a:e2:41:
                    78:c1:09:32:14:27:f1:09:31:88:d6:97:eb:e8:b4:
                    b1:53:25:c8:b3:c9:71:3b:df:8b:35:6b:34:b6:b8:
                    72:30:b3:6c:70:3d:eb:fc:bb:18:50:b6:44:16:bd:
                    0c:56:06:3d:46:84:6e:e5:6c:dd:44:3b:db:a5:11:
                    53:f3:e8:5b:89:16:13:c2:e2:66:ae:8c:92:e6:0d:
                    3a:60:c3:b9:ee:0c:f2:47:45:e3:59:ab:b6:00:32:
                    0f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CD:FB:49:9E:D1:35:46:DA:4A:E7:6B:D2:3E:F7:00:71:F2:7B:5A
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/us37SZ7RNUbaSudr0j73AHHye1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b3:51:df:d9:63:95:ea:e9:c0:e3:c0:b7:35:e4:54:e8:e7:
         1d:23:48:e7:af:b4:10:65:70:df:42:6e:d0:41:bf:f7:59:de:
         30:62:67:be:6b:8f:7a:33:6c:13:ab:61:a9:35:1f:a4:db:a3:
         c7:bb:5f:c8:ee:32:32:bd:65:25:52:dc:63:1c:89:e5:44:db:
         c0:9b:fb:79:76:f7:42:33:ef:43:b9:dc:34:b7:4a:12:19:40:
         3d:22:ce:bb:d1:c5:f6:9f:4e:d1:4b:a4:1f:95:5a:f4:2c:ea:
         d6:b5:8b:0d:39:bf:71:19:96:47:2f:77:30:7f:2e:f4:a6:4c:
         6e:d6:18:0a:ec:16:33:5d:c0:7b:5f:3f:a6:90:27:dc:80:32:
         b7:31:49:d1:27:db:66:c0:a9:6d:8f:ce:92:ef:71:89:23:4b:
         83:d4:e7:0d:71:a3:e8:1e:f1:d1:ff:a1:fb:78:53:7a:38:76:
         fc:76:6c:64:a5:ba:9b:ba:1e:24:e3:68:93:29:03:f5:1c:3d:
         55:a9:92:1e:81:7a:33:d4:ea:28:ef:e5:ba:6d:1e:9e:9d:2d:
         7e:7e:0c:12:df:c7:c4:be:63:d1:bd:a0:09:1f:6e:e6:9a:ef:
         49:5e:12:15:ab:ba:8c:5e:57:76:b4:47:f2:2f:84:56:b8:44:
         e0:c5:b8:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6TZGTGvK7LbDDl109/SZ4IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNjA0MTYwODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWNkZmI0OTllZDEzNTQ2ZGE0YWU3NmJkMjNlZjcwMDcxZjI3YjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XMHSpMp6mqqrQvxyQjJfrxhl05I
BieViNpS4tPcifo9WUFAKAbGdyMK2vLTJf/2dWfZQtJ0izKSqsJJZIc/niDMUYcP
NSbZm40NTpslefzBsSR4J4b8kf9GQvfbzI3JCyxCoHa0njTlwBBsM8IS+TMP2NBF
PEzOoRr34KGw0n68hnhTDvJeqq6Qxf4p5KAmT+/YkL8I/Qv73GYAJlek8s9a4kF4
wQkyFCfxCTGI1pfr6LSxUyXIs8lxO9+LNWs0trhyMLNscD3r/LsYULZEFr0MVgY9
RoRu5WzdRDvbpRFT8+hbiRYTwuJmroyS5g06YMO57gzyR0XjWau2ADIPawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrN+0me0TVG2krna9I+9wBx8ntaMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvdXMzN1NaN1JOVWJhU3VkcjBqNzNBSEh5ZTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu9yMA0G
CSqGSIb3DQEBCwUAA4IBAQCDs1Hf2WOV6unA48C3NeRU6OcdI0jnr7QQZXDfQm7Q
Qb/3Wd4wYme+a496M2wTq2GpNR+k26PHu1/I7jIyvWUlUtxjHInlRNvAm/t5dvdC
M+9Dudw0t0oSGUA9Is670cX2n07RS6QflVr0LOrWtYsNOb9xGZZHL3cwfy70pkxu
1hgK7BYzXcB7Xz+mkCfcgDK3MUnRJ9tmwKltj86S73GJI0uD1OcNcaPoHvHR/6H7
eFN6OHb8dmxkpbqbuh4k42iTKQP1HD1VqZIegXoz1Ooo7+W6bR6enS1+fgwS38fE
vmPRvaAJH27mmu9JXhIVq7qMXld2tEfyL4RWuETgxbgv
-----END CERTIFICATE-----