Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/jNqX84RRwICbOmOsyyyD8-SEETQ.roa
File:                     jNqX84RRwICbOmOsyyyD8-SEETQ.roa (raw, json)
Hash identifier:          BYwZ6wAb4yTmr6zei/Clsy11v9hbMtuZ/ZmhoS0Qe4o=
Subject key identifier:   8C:DA:97:F3:84:51:C0:80:9B:3A:63:AC:CB:2C:83:F3:E4:84:11:34
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019427B6779971EE0A534F9624BCACC5CCE3
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/jNqX84RRwICbOmOsyyyD8-SEETQ.roa
Signing time:             Thu 02 Jan 2025 15:50:57 +0000
ROA not before:           Thu 02 Jan 2025 15:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8697
IP address blocks:        2.17.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:77:99:71:ee:0a:53:4f:96:24:bc:ac:c5:cc:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 15:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cda97f38451c0809b3a63accb2c83f3e4841134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b8:29:c8:78:0a:50:78:d4:5f:0f:5a:0f:f0:
                    05:b5:b5:6f:86:90:a8:40:c2:e7:20:93:98:56:a2:
                    0a:fc:86:bc:aa:5d:a9:3a:6a:c1:bf:7a:05:b1:4d:
                    ce:c5:de:0c:d3:79:5e:55:85:7e:6f:e7:00:d0:79:
                    85:bc:67:bb:a8:6e:d1:e3:73:9b:70:1d:97:77:99:
                    bc:e3:ec:47:1c:74:ba:d0:ff:af:1a:8a:b2:bb:87:
                    e0:c0:da:87:18:20:3f:ed:56:59:d6:68:23:a7:fd:
                    6c:54:cc:ff:76:90:67:9f:58:81:f5:4d:b1:58:ef:
                    b8:40:28:2e:b2:ca:c5:53:38:52:47:92:41:bb:3d:
                    21:98:ec:9d:d4:f4:0c:3d:19:fe:00:a8:3d:9c:e2:
                    17:06:ab:81:74:49:7d:44:cb:fa:b3:7b:b0:a8:23:
                    01:76:3c:4c:aa:c3:84:23:c1:f4:b2:54:fd:f7:83:
                    25:8e:b8:24:93:32:15:d5:85:b4:70:70:56:f7:8f:
                    a7:78:95:6a:a4:4f:e6:fb:75:cc:87:f8:a7:cc:c1:
                    a8:c0:04:92:d0:b6:f6:50:fc:df:3c:c1:a8:e9:71:
                    f6:c5:33:29:4e:08:9a:44:da:60:10:33:49:8c:3b:
                    25:10:f8:b1:52:6e:48:37:ef:eb:e2:f8:c2:80:b9:
                    82:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DA:97:F3:84:51:C0:80:9B:3A:63:AC:CB:2C:83:F3:E4:84:11:34
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/jNqX84RRwICbOmOsyyyD8-SEETQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:81:5e:65:7f:32:67:47:33:88:68:bf:26:e1:6a:da:91:6a:
         a9:13:13:54:cb:7b:41:f4:21:2c:8a:40:b5:b8:c4:ce:00:76:
         07:d3:17:dd:7a:3a:c8:2b:46:5b:4e:6a:d4:97:ca:4e:ba:2b:
         05:0c:ca:55:b1:4a:84:d9:cf:1c:fb:8a:42:8c:3c:1e:fa:4b:
         1e:2b:4f:dd:c9:c4:7d:19:81:68:ec:cd:10:9d:03:b7:56:90:
         3f:17:0f:28:e6:77:3c:3a:1b:e8:88:fc:f7:29:db:b3:72:61:
         bc:65:1f:82:63:50:4f:2b:89:af:ff:c3:f5:3c:e0:74:b6:0a:
         c6:f5:c0:68:9d:8a:a7:bd:76:2b:b5:75:96:ec:9c:f0:1f:a2:
         a3:c9:cc:ab:b0:e6:01:a8:8b:bb:2c:1b:a0:f7:6c:fa:1a:e5:
         48:1a:72:ad:3f:53:3f:73:b3:e2:e0:df:41:60:8f:a8:4a:82:
         b7:dc:4e:61:1b:3f:8c:da:bf:5c:e1:c1:0a:19:fb:49:82:08:
         f1:fa:fc:14:e3:69:79:7d:4f:0c:d3:29:29:af:9e:a2:d8:f1:
         7f:c5:54:80:10:20:73:37:44:ed:16:87:cb:d1:6c:b7:c7:67:
         a7:65:78:05:44:bd:82:54:10:8a:69:e5:79:25:ec:e8:2b:a2:
         1f:59:69:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntneZce4KU0+WJLysxczjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RhOTdmMzg0NTFjMDgwOWIzYTYzYWNjYjJjODNmM2U0ODQxMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7gpyHgKUHjUXw9aD/AFtbVvhpCo
QMLnIJOYVqIK/Ia8ql2pOmrBv3oFsU3Oxd4M03leVYV+b+cA0HmFvGe7qG7R43Ob
cB2Xd5m84+xHHHS60P+vGoqyu4fgwNqHGCA/7VZZ1mgjp/1sVMz/dpBnn1iB9U2x
WO+4QCgussrFUzhSR5JBuz0hmOyd1PQMPRn+AKg9nOIXBquBdEl9RMv6s3uwqCMB
djxMqsOEI8H0slT994MljrgkkzIV1YW0cHBW94+neJVqpE/m+3XMh/inzMGowASS
0Lb2UPzfPMGo6XH2xTMpTgiaRNpgEDNJjDslEPixUm5IN+/r4vjCgLmCRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzal/OEUcCAmzpjrMssg/PkhBE0MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvak5xWDg0UlJ3SUNiT21Pc3l5eUQ4LVNFRVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhEYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGgV5lfzJnRzOIaL8m4WrakWqpExNUy3tB9CEsikC1
uMTOAHYH0xfdejrIK0ZbTmrUl8pOuisFDMpVsUqE2c8c+4pCjDwe+kseK0/dycR9
GYFo7M0QnQO3VpA/Fw8o5nc8OhvoiPz3KduzcmG8ZR+CY1BPK4mv/8P1POB0tgrG
9cBonYqnvXYrtXWW7JzwH6KjycyrsOYBqIu7LBug92z6GuVIGnKtP1M/c7Pi4N9B
YI+oSoK33E5hGz+M2r9c4cEKGftJggjx+vwU42l5fU8M0ykpr56i2PF/xVSAECBz
N0TtFofL0Wy3x2enZXgFRL2CVBCKaeV5JezoK6IfWWkL
-----END CERTIFICATE-----