Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/JZK6YSeBc1BbG83Qekl2aATyxHU.roa
File:                     JZK6YSeBc1BbG83Qekl2aATyxHU.roa (raw, json)
Hash identifier:          Wa+cbSmnDCoci/OWT42YCZ1RtEmxjW8RP6TQupPGRBk=
Subject key identifier:   25:92:BA:61:27:81:73:50:5B:1B:CD:D0:7A:49:76:68:04:F2:C4:75
Certificate issuer:       /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial:       01982C0D4C477655B1BC8102FFFA37F962D6
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/JZK6YSeBc1BbG83Qekl2aATyxHU.roa
Signing time:             Mon 21 Jul 2025 08:15:25 +0000
ROA not before:           Mon 21 Jul 2025 08:15:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56676
IP address blocks:        91.237.187.0/24 maxlen: 24
                          92.62.116.0/25 maxlen: 25
                          92.62.116.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:0d:4c:47:76:55:b1:bc:81:02:ff:fa:37:f9:62:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
        Validity
            Not Before: Jul 21 08:15:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2592ba61278173505b1bcdd07a49766804f2c475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f0:29:23:a3:6a:d0:b2:25:55:c2:43:d8:37:
                    d1:52:ea:42:04:ca:90:93:70:66:5f:83:7d:d4:74:
                    09:db:51:2e:00:32:55:ea:58:0f:a6:68:52:14:d0:
                    12:0a:e9:7f:e6:a3:d3:35:f0:62:ee:0b:d3:5e:43:
                    bc:17:44:1b:62:ec:81:92:3b:1a:75:db:c4:e1:61:
                    05:a1:54:5e:84:51:22:76:b1:4a:ef:e1:a4:99:63:
                    f2:7e:37:60:bc:95:40:fe:d3:29:05:87:5b:d9:85:
                    84:ee:45:d7:f6:49:a2:44:e5:78:e1:83:3b:63:e5:
                    10:f5:9b:d3:a0:a2:41:f4:40:ba:65:70:07:90:63:
                    32:a0:b9:30:c8:d7:1a:98:18:ca:b3:3d:de:0e:54:
                    ed:7e:3d:b7:2a:78:3b:6a:c6:b0:8c:be:e5:d0:54:
                    0a:68:df:51:a6:4d:5a:0a:e6:54:2e:ed:15:85:40:
                    3c:d0:28:9f:7d:20:34:34:83:ab:b7:d0:e6:92:23:
                    94:6a:4a:b4:93:7e:c4:a3:c8:f1:bc:ea:c4:88:59:
                    3f:99:a5:5b:a2:aa:5f:62:c6:5d:e4:91:59:9e:fb:
                    81:46:ae:7b:3a:c2:fc:71:ac:e6:ae:a7:b1:4e:02:
                    77:dd:ae:75:04:65:dc:61:73:02:b1:16:5b:f0:1c:
                    56:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:92:BA:61:27:81:73:50:5B:1B:CD:D0:7A:49:76:68:04:F2:C4:75
            X509v3 Authority Key Identifier:
                keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/JZK6YSeBc1BbG83Qekl2aATyxHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.187.0/24
                  92.62.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1e:3b:65:b0:aa:4e:7f:97:36:9f:09:45:49:82:e7:8a:68:
         64:db:cf:f1:b2:2d:e4:5a:29:65:9d:0d:d7:b9:e0:63:1c:8b:
         c5:bc:ec:86:f7:d6:34:ef:e1:91:6c:41:7c:7b:34:76:2b:0d:
         10:2e:3f:a2:01:de:c2:99:4f:c4:75:35:53:ea:7b:0f:e3:da:
         a5:e0:2e:f8:c8:41:48:5f:28:54:be:dd:87:60:86:a0:9c:ae:
         6e:52:96:4c:f6:a4:dc:5f:83:ff:c8:6e:69:43:e4:f2:cf:f1:
         49:ba:61:72:7a:ca:17:fd:c1:a9:56:cf:ff:b8:13:44:35:ae:
         9e:35:db:15:6f:96:d6:fa:e9:2f:7d:5f:ca:09:83:02:93:18:
         df:8a:cb:4b:3e:fb:f1:17:dc:80:6b:c1:aa:78:76:3d:c2:b3:
         99:e0:3a:f9:b6:97:86:a7:c9:37:91:ec:39:59:ae:b9:b6:75:
         c2:32:6c:b6:22:e9:b4:c4:5c:e3:a6:b4:f9:7e:28:9b:a7:7c:
         ec:3c:8a:75:c6:e2:1b:d2:7b:2d:2c:3f:5e:16:2d:e7:ec:c7:
         f4:a1:cf:46:27:96:31:54:e2:ee:d6:fc:b5:8c:c8:4f:39:a0:
         09:f9:f5:58:76:9e:8a:0a:a3:a2:95:a0:35:f7:cc:f9:ef:93:
         cd:8f:d5:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgsDUxHdlWxvIEC//o3+WLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjUwNzIxMDgxNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTkyYmE2MTI3ODE3MzUwNWIxYmNkZDA3YTQ5NzY2ODA0ZjJjNDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfApI6Nq0LIlVcJD2DfRUupCBMqQ
k3BmX4N91HQJ21EuADJV6lgPpmhSFNASCul/5qPTNfBi7gvTXkO8F0QbYuyBkjsa
ddvE4WEFoVRehFEidrFK7+GkmWPyfjdgvJVA/tMpBYdb2YWE7kXX9kmiROV44YM7
Y+UQ9ZvToKJB9EC6ZXAHkGMyoLkwyNcamBjKsz3eDlTtfj23Kng7asawjL7l0FQK
aN9Rpk1aCuZULu0VhUA80CiffSA0NIOrt9DmkiOUakq0k37Eo8jxvOrEiFk/maVb
oqpfYsZd5JFZnvuBRq57OsL8cazmrqexTgJ33a51BGXcYXMCsRZb8BxWyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCWSumEngXNQWxvN0HpJdmgE8sR1MB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvSlpLNllTZUJjMUJiRzgzUWVrbDJhQVR5eEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+27AwQA
XD50MA0GCSqGSIb3DQEBCwUAA4IBAQAOHjtlsKpOf5c2nwlFSYLnimhk28/xsi3k
WillnQ3XueBjHIvFvOyG99Y07+GRbEF8ezR2Kw0QLj+iAd7CmU/EdTVT6nsP49ql
4C74yEFIXyhUvt2HYIagnK5uUpZM9qTcX4P/yG5pQ+Tyz/FJumFyesoX/cGpVs//
uBNENa6eNdsVb5bW+ukvfV/KCYMCkxjfistLPvvxF9yAa8GqeHY9wrOZ4Dr5tpeG
p8k3kew5Wa65tnXCMmy2Ium0xFzjprT5fiibp3zsPIp1xuIb0nstLD9eFi3n7Mf0
oc9GJ5YxVOLu1vy1jMhPOaAJ+fVYdp6KCqOilaA198z575PNj9Un
-----END CERTIFICATE-----