Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/RJMA_6CErPsb2WgfyOY8q7SE2Xw.roa
File:                     RJMA_6CErPsb2WgfyOY8q7SE2Xw.roa (raw, json)
Hash identifier:          rLvL5r3qJKV7IPp00VA8CfU8H3FqWwBRZyYhz2cuvnI=
Subject key identifier:   44:93:00:FF:A0:84:AC:FB:1B:D9:68:1F:C8:E6:3C:AB:B4:84:D9:7C
Certificate issuer:       /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial:       019936E3623BFBE0F2A98DB4EE510F0CA9C3
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/RJMA_6CErPsb2WgfyOY8q7SE2Xw.roa
Signing time:             Thu 11 Sep 2025 03:48:15 +0000
ROA not before:           Thu 11 Sep 2025 03:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        91.240.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:36:e3:62:3b:fb:e0:f2:a9:8d:b4:ee:51:0f:0c:a9:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
        Validity
            Not Before: Sep 11 03:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=449300ffa084acfb1bd9681fc8e63cabb484d97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4b:91:95:d7:84:6b:5d:0a:f2:c7:8d:c7:1e:
                    e1:d1:85:38:e5:6b:e2:7b:bd:75:66:e9:51:eb:42:
                    2f:a7:fd:0c:c9:5f:93:c1:20:6a:5d:ff:67:2d:3f:
                    af:12:1f:99:e4:96:3f:61:6d:d7:9d:d3:51:b5:0f:
                    4d:13:41:b2:66:77:5b:15:6b:76:99:fe:64:aa:a8:
                    e4:c3:95:d6:a5:52:55:0f:e4:58:08:92:ea:c7:2f:
                    5b:ea:e7:cf:b8:db:cd:5b:97:0e:18:a2:47:cd:5a:
                    fb:a3:ad:ae:c7:b1:1c:f4:57:d4:b6:4d:c4:fb:ac:
                    ac:d3:35:31:54:8d:79:10:ad:71:56:fc:27:34:14:
                    10:3f:5b:cd:b0:00:57:31:ba:65:1d:07:6a:44:cc:
                    da:c3:77:86:4d:a1:b5:c7:18:d8:05:07:07:a8:c2:
                    09:d3:88:98:9c:cd:c1:f8:ca:59:19:e2:3d:a1:3a:
                    b3:74:89:ac:70:ee:da:8b:38:dc:db:7d:ba:f5:7b:
                    96:33:5c:0c:0a:12:8b:f9:98:d9:4b:23:35:6d:31:
                    ec:cd:4a:94:37:b5:9c:bc:c7:6c:b3:39:82:b1:3e:
                    72:76:d9:ce:5f:2c:ad:89:7d:89:94:76:1a:5d:7a:
                    f3:df:76:2c:b0:c7:59:bd:a1:c5:64:e2:6c:34:56:
                    17:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:93:00:FF:A0:84:AC:FB:1B:D9:68:1F:C8:E6:3C:AB:B4:84:D9:7C
            X509v3 Authority Key Identifier:
                keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/RJMA_6CErPsb2WgfyOY8q7SE2Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:a5:c4:a5:fd:43:db:43:c2:fa:21:e2:15:8a:11:e5:83:32:
         38:f7:d7:82:c2:c9:74:36:f7:be:2c:e8:92:d3:ce:20:26:43:
         6c:86:c1:d5:5e:1c:e7:27:94:1f:d9:bc:bf:d1:49:29:69:45:
         25:8a:bd:db:a2:24:4b:4c:57:12:6a:4f:3f:ce:17:a2:20:ea:
         af:b1:0d:f8:f6:3f:98:13:c3:c4:7a:c7:8b:3c:cf:3f:2c:db:
         c5:08:45:3d:a8:cf:5c:9a:cb:43:be:62:14:3c:5f:45:ea:bb:
         3e:1e:94:4c:f3:39:60:5a:42:c3:c2:20:f4:08:ed:86:57:16:
         ef:48:45:78:4d:bf:18:c9:fc:6e:c2:b5:9a:b2:8a:9e:56:73:
         78:df:9d:c0:d4:e5:3e:f5:07:8b:72:be:50:29:fd:fb:c7:97:
         59:5f:71:e5:a6:53:f7:9e:c9:f7:68:b1:b2:29:ec:58:0f:29:
         6a:e8:2e:e5:1d:b3:40:35:31:13:2f:ed:eb:fb:2d:7d:44:ac:
         93:25:58:a5:33:26:f9:0a:39:97:11:df:93:33:b5:7e:ec:0e:
         0d:5a:32:9b:39:6e:27:fb:35:12:86:79:6c:4f:e2:19:0e:f8:
         8b:8e:bc:c3:19:73:07:22:e5:cf:a3:1e:18:28:99:8f:82:d2:
         49:17:15:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk242I7++DyqY207lEPDKnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjUwOTExMDM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkzMDBmZmEwODRhY2ZiMWJkOTY4MWZjOGU2M2NhYmI0ODRkOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkuRldeEa10K8seNxx7h0YU45Wvi
e711ZulR60Ivp/0MyV+TwSBqXf9nLT+vEh+Z5JY/YW3XndNRtQ9NE0GyZndbFWt2
mf5kqqjkw5XWpVJVD+RYCJLqxy9b6ufPuNvNW5cOGKJHzVr7o62ux7Ec9FfUtk3E
+6ys0zUxVI15EK1xVvwnNBQQP1vNsABXMbplHQdqRMzaw3eGTaG1xxjYBQcHqMIJ
04iYnM3B+MpZGeI9oTqzdImscO7aizjc23269XuWM1wMChKL+ZjZSyM1bTHszUqU
N7WcvMdsszmCsT5ydtnOXyytiX2JlHYaXXrz33YssMdZvaHFZOJsNFYXawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESTAP+ghKz7G9loH8jmPKu0hNl8MB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEvUkpNQV82Q0VyUHNiMldnZnlPWThxN1NFMlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BZMA0G
CSqGSIb3DQEBCwUAA4IBAQAFpcSl/UPbQ8L6IeIVihHlgzI499eCwsl0Nve+LOiS
084gJkNshsHVXhznJ5Qf2by/0UkpaUUlir3boiRLTFcSak8/zheiIOqvsQ349j+Y
E8PEeseLPM8/LNvFCEU9qM9cmstDvmIUPF9F6rs+HpRM8zlgWkLDwiD0CO2GVxbv
SEV4Tb8YyfxuwrWasoqeVnN4353A1OU+9QeLcr5QKf37x5dZX3HlplP3nsn3aLGy
KexYDylq6C7lHbNANTETL+3r+y19RKyTJVilMyb5CjmXEd+TM7V+7A4NWjKbOW4n
+zUShnlsT+IZDviLjrzDGXMHIuXPox4YKJmPgtJJFxWp
-----END CERTIFICATE-----