Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/rO9T6t_WHUnkGmIleBFSGRnlKnY.roa
File:                     rO9T6t_WHUnkGmIleBFSGRnlKnY.roa (raw, json)
Hash identifier:          wcBWF7o7prWlR7s8a04nO9bFFc8bqPRJlh3HL2eDAqI=
Subject key identifier:   AC:EF:53:EA:DF:D6:1D:49:E4:1A:62:25:78:11:52:19:19:E5:2A:76
Certificate issuer:       /CN=893afecd711705c476b785d0c86ef54c2124354c
Certificate serial:       019850E952D4C488E256C06EBF9E4F57474B
Authority key identifier: 89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/rO9T6t_WHUnkGmIleBFSGRnlKnY.roa
Signing time:             Mon 28 Jul 2025 12:02:04 +0000
ROA not before:           Mon 28 Jul 2025 12:02:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12897
IP address blocks:        139.29.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:e9:52:d4:c4:88:e2:56:c0:6e:bf:9e:4f:57:47:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893afecd711705c476b785d0c86ef54c2124354c
        Validity
            Not Before: Jul 28 12:02:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acef53eadfd61d49e41a62257811521919e52a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:40:a7:12:c7:f0:40:b9:87:78:fc:2f:a9:
                    66:ed:41:a4:51:43:9a:5a:52:c3:35:ca:e2:12:6a:
                    4e:64:be:b1:ab:8b:fa:d5:94:bf:5b:5d:6b:c1:7e:
                    62:e3:74:e6:b5:3e:fd:09:72:b3:35:09:9c:84:b7:
                    bd:bb:27:0b:a1:13:83:1a:22:6e:50:7c:6f:50:eb:
                    a8:04:ca:19:ad:86:0c:21:1b:ff:f8:76:3a:38:92:
                    a0:8d:86:4a:c2:7a:c1:26:e8:97:25:0f:6c:03:38:
                    2e:cb:f9:8f:b0:de:26:5d:e2:82:eb:77:af:e1:42:
                    78:87:4a:64:e6:5d:91:77:d8:f4:f9:ea:ae:97:7b:
                    e4:c1:a1:a9:3b:7f:37:62:c2:00:63:8c:13:68:2c:
                    e2:d0:ee:60:fc:95:17:b2:91:43:f0:a4:53:dc:40:
                    55:e2:38:59:bd:b6:c2:5b:63:48:85:19:83:27:a6:
                    3c:11:5f:af:bf:f7:bb:23:66:70:82:57:aa:9e:92:
                    72:a8:94:ac:9f:63:54:60:e3:b4:05:de:18:5c:1c:
                    f0:ce:bf:ac:0f:b7:ee:3e:7b:8e:5b:4c:c2:c8:40:
                    c7:46:27:dd:84:41:9a:4d:79:77:f3:6c:fd:0c:ff:
                    9d:47:6b:18:34:32:1d:92:49:5a:f5:e0:49:12:9a:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EF:53:EA:DF:D6:1D:49:E4:1A:62:25:78:11:52:19:19:E5:2A:76
            X509v3 Authority Key Identifier:
                keyid:89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/rO9T6t_WHUnkGmIleBFSGRnlKnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.29.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:9c:88:a7:a2:a4:f0:00:52:01:2d:40:0a:7c:0a:2f:61:21:
         a1:5b:87:9e:20:49:fe:92:49:70:7f:88:f2:2c:43:1b:0d:2b:
         46:6b:8c:94:d5:a8:b1:1a:c9:d2:01:43:13:d7:81:b8:cb:8d:
         e4:8a:e0:51:db:a6:f5:06:cb:90:5f:84:d4:bc:cd:1f:07:b3:
         51:f2:d1:81:0a:83:83:c8:31:cf:8b:29:ba:67:a5:60:84:cf:
         db:d4:de:72:31:ba:ef:59:d4:ce:4d:66:4a:64:13:e3:17:1c:
         55:71:6a:74:53:48:85:27:bb:86:44:43:97:80:0e:79:86:47:
         a2:74:02:54:12:73:d5:a8:0e:c9:57:72:c6:c3:53:bf:34:e4:
         2a:e8:5a:23:fb:02:20:eb:e9:7d:6b:90:f2:53:98:9e:7a:de:
         a5:ea:51:c2:65:67:b5:02:bf:37:38:49:c3:98:5e:70:8f:91:
         20:4e:dd:43:bf:fd:16:4b:1f:28:8a:db:2f:e3:ad:3c:6d:6b:
         60:77:93:fa:94:11:0f:a6:86:90:c9:97:df:61:c3:1a:60:36:
         41:4f:6a:0a:92:91:40:85:e2:a0:8d:79:0c:ae:b5:ab:c1:58:
         c8:08:0c:df:bc:4e:29:d7:a4:e1:0a:08:ac:44:d4:ac:31:ba:
         fd:a1:25:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhQ6VLUxIjiVsBuv55PV0dLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2FmZWNkNzExNzA1YzQ3NmI3ODVkMGM4NmVmNTRjMjEy
NDM1NGMwHhcNMjUwNzI4MTIwMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VmNTNlYWRmZDYxZDQ5ZTQxYTYyMjU3ODExNTIxOTE5ZTUyYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+xApxLH8EC5h3j8L6lm7UGkUUOa
WlLDNcriEmpOZL6xq4v61ZS/W11rwX5i43TmtT79CXKzNQmchLe9uycLoRODGiJu
UHxvUOuoBMoZrYYMIRv/+HY6OJKgjYZKwnrBJuiXJQ9sAzguy/mPsN4mXeKC63ev
4UJ4h0pk5l2Rd9j0+equl3vkwaGpO383YsIAY4wTaCzi0O5g/JUXspFD8KRT3EBV
4jhZvbbCW2NIhRmDJ6Y8EV+vv/e7I2ZwgleqnpJyqJSsn2NUYOO0Bd4YXBzwzr+s
D7fuPnuOW0zCyEDHRifdhEGaTXl382z9DP+dR2sYNDIdkkla9eBJEppFgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzvU+rf1h1J5BpiJXgRUhkZ5Sp2MB8GA1UdIwQY
MBaAFIk6/s1xFwXEdreF0Mhu9UwhJDVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQt
MWMxMzIwNmE4MTIzLzEvck85VDZ0X1dIVW5rR21JbGVCRlNHUm5sS25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQtMWMxMzIwNmE4MTIz
LzEvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAix1/MA0G
CSqGSIb3DQEBCwUAA4IBAQArnIinoqTwAFIBLUAKfAovYSGhW4eeIEn+kklwf4jy
LEMbDStGa4yU1aixGsnSAUMT14G4y43kiuBR26b1BsuQX4TUvM0fB7NR8tGBCoOD
yDHPiym6Z6VghM/b1N5yMbrvWdTOTWZKZBPjFxxVcWp0U0iFJ7uGREOXgA55hkei
dAJUEnPVqA7JV3LGw1O/NOQq6Foj+wIg6+l9a5DyU5ieet6l6lHCZWe1Ar83OEnD
mF5wj5EgTt1Dv/0WSx8oitsv4608bWtgd5P6lBEPpoaQyZffYcMaYDZBT2oKkpFA
heKgjXkMrrWrwVjICAzfvE4p16ThCgisRNSsMbr9oSWe
-----END CERTIFICATE-----