Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jxpPhUqh3_JC8flNwm3DWI1-FlU.roa
File:                     jxpPhUqh3_JC8flNwm3DWI1-FlU.roa (raw, json)
Hash identifier:          XfLl5MxVeX5fSPQlrnjQ9Iszedk7KuiZzwtim8hI7e8=
Subject key identifier:   8F:1A:4F:85:4A:A1:DF:F2:42:F1:F9:4D:C2:6D:C3:58:8D:7E:16:55
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01981835A5F28812436BD365CD06A1C27E8B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jxpPhUqh3_JC8flNwm3DWI1-FlU.roa
Signing time:             Thu 17 Jul 2025 11:47:05 +0000
ROA not before:           Thu 17 Jul 2025 11:47:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206068
IP address blocks:        89.32.126.0/24 maxlen: 24
                          94.231.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:35:a5:f2:88:12:43:6b:d3:65:cd:06:a1:c2:7e:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 17 11:47:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f1a4f854aa1dff242f1f94dc26dc3588d7e1655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:41:c8:7d:ae:bb:0c:7e:a9:3c:83:98:61:12:
                    89:fc:d5:d5:76:fe:47:66:1a:41:68:e6:0d:d3:99:
                    f1:67:8a:2c:32:0b:f6:33:d6:5c:5e:34:3e:4a:26:
                    a3:ad:fe:ca:bf:ef:ca:46:44:ad:63:31:bb:ff:98:
                    f7:f8:fb:79:99:9f:74:40:51:b5:18:43:8e:7a:4a:
                    e9:64:a9:17:68:13:34:c0:d1:49:c1:c2:ef:20:15:
                    40:c7:2e:3c:4a:24:0d:4b:89:e0:f6:e9:e7:b8:c2:
                    1f:3b:36:39:fe:60:71:1b:6c:d6:cd:19:ae:e0:f2:
                    3c:e4:d7:c1:65:97:94:0e:c8:de:c4:03:98:22:7b:
                    f4:40:30:73:e3:da:e7:cd:cc:3c:d1:c3:f2:03:95:
                    e4:59:9c:39:6e:9b:2d:cd:67:b0:45:82:8f:99:70:
                    2c:d9:cb:a7:4c:50:4c:eb:30:1f:94:d6:bf:d5:f0:
                    cb:38:98:5c:74:c5:9b:5b:a6:80:db:f8:1a:be:3c:
                    eb:69:af:c6:0c:be:ca:94:44:b1:ba:ae:5e:f4:ca:
                    92:43:6a:4e:83:e3:6f:b1:e8:ee:67:72:6d:e9:9f:
                    df:91:d4:4b:5e:37:bc:1d:e4:f0:7a:98:55:4d:72:
                    14:62:c8:bd:08:f0:72:a9:8f:1e:4a:d2:d4:75:1b:
                    36:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1A:4F:85:4A:A1:DF:F2:42:F1:F9:4D:C2:6D:C3:58:8D:7E:16:55
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jxpPhUqh3_JC8flNwm3DWI1-FlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.32.126.0/24
                  94.231.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f7:30:29:ef:0d:55:bb:1e:0c:ca:42:4c:1e:1b:04:cc:39:
         4b:39:dd:e1:7a:fd:22:6b:c3:de:be:6b:96:2d:2e:fd:db:d8:
         f9:3e:02:b2:8e:3b:94:fd:83:6d:36:46:b1:35:11:d6:3f:3b:
         f7:4f:ba:df:a4:72:6b:c5:f7:04:32:b6:99:07:2a:10:e7:69:
         7e:27:74:5a:f9:27:04:fe:80:9e:7b:c9:0b:6a:90:f5:25:66:
         7b:53:f3:a5:50:0f:16:d5:ad:c1:6e:a3:a3:5d:82:2f:07:c3:
         b9:b3:99:b2:a3:ed:99:48:a7:7d:31:80:75:ae:61:d4:62:40:
         76:4f:fb:a2:5b:c5:e9:22:e9:31:81:94:b1:07:5e:ee:24:39:
         9d:21:da:e7:bf:8d:d4:ce:39:42:60:eb:0d:59:e5:a3:01:c1:
         4e:42:47:de:00:ba:44:bb:56:5d:54:8c:c1:59:16:58:cc:dc:
         99:ca:3a:a3:09:31:59:ee:7f:55:d5:5c:86:6e:3e:14:07:16:
         e7:96:2b:b2:4e:f6:39:50:21:45:b0:3e:e9:7e:82:1e:59:a1:
         c7:60:7b:59:bf:dc:fb:3c:ca:ec:a9:d3:f3:ad:bd:d1:fd:70:
         99:20:73:a6:30:7b:a1:3e:eb:7e:07:13:99:43:0f:f9:65:f5:
         4c:d8:73:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgYNaXyiBJDa9NlzQahwn6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwNzE3MTE0NzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFhNGY4NTRhYTFkZmYyNDJmMWY5NGRjMjZkYzM1ODhkN2UxNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0HIfa67DH6pPIOYYRKJ/NXVdv5H
ZhpBaOYN05nxZ4osMgv2M9ZcXjQ+Siajrf7Kv+/KRkStYzG7/5j3+Pt5mZ90QFG1
GEOOekrpZKkXaBM0wNFJwcLvIBVAxy48SiQNS4ng9unnuMIfOzY5/mBxG2zWzRmu
4PI85NfBZZeUDsjexAOYInv0QDBz49rnzcw80cPyA5XkWZw5bpstzWewRYKPmXAs
2cunTFBM6zAflNa/1fDLOJhcdMWbW6aA2/gavjzraa/GDL7KlESxuq5e9MqSQ2pO
g+NvsejuZ3Jt6Z/fkdRLXje8HeTwephVTXIUYsi9CPByqY8eStLUdRs2+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8aT4VKod/yQvH5TcJtw1iNfhZVMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvanhwUGhVcWgzX0pDOGZsTndtM0RXSTEtRmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSB+AwQA
XufGMA0GCSqGSIb3DQEBCwUAA4IBAQBb9zAp7w1Vux4MykJMHhsEzDlLOd3hev0i
a8PevmuWLS7929j5PgKyjjuU/YNtNkaxNRHWPzv3T7rfpHJrxfcEMraZByoQ52l+
J3Ra+ScE/oCee8kLapD1JWZ7U/OlUA8W1a3BbqOjXYIvB8O5s5myo+2ZSKd9MYB1
rmHUYkB2T/uiW8XpIukxgZSxB17uJDmdIdrnv43UzjlCYOsNWeWjAcFOQkfeALpE
u1ZdVIzBWRZYzNyZyjqjCTFZ7n9V1VyGbj4UBxbnliuyTvY5UCFFsD7pfoIeWaHH
YHtZv9z7PMrsqdPzrb3R/XCZIHOmMHuhPut+BxOZQw/5ZfVM2HMn
-----END CERTIFICATE-----