Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/JCyYV4GcFN8_6fODHaiibk24OdU.roa
File:                     JCyYV4GcFN8_6fODHaiibk24OdU.roa (raw, json)
Hash identifier:          rqcgrF53T+cZen5IxWyMXyl8d3mCW06Z5JfeI8g0Qd8=
Subject key identifier:   24:2C:98:57:81:9C:14:DF:3F:E9:F3:83:1D:A8:A2:6E:4D:B8:39:D5
Certificate issuer:       /CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
Certificate serial:       0199523343C9ADBAB4E9B4010A4592D4F03B
Authority key identifier: AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/JCyYV4GcFN8_6fODHaiibk24OdU.roa
Signing time:             Tue 16 Sep 2025 11:05:15 +0000
ROA not before:           Tue 16 Sep 2025 11:05:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        195.95.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 04:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:33:43:c9:ad:ba:b4:e9:b4:01:0a:45:92:d4:f0:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
        Validity
            Not Before: Sep 16 11:05:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=242c9857819c14df3fe9f3831da8a26e4db839d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6e:a5:09:8a:65:37:66:61:8b:43:6b:09:41:
                    e3:9e:53:73:24:ce:9d:f0:23:1a:52:7b:af:13:af:
                    25:11:68:ec:90:d1:a5:3a:4f:36:67:c2:10:c3:4c:
                    8d:aa:c8:fb:8a:0a:88:72:a2:a7:7f:d3:fc:b6:36:
                    b6:89:b4:b1:9c:4d:8d:ce:d5:95:0a:73:fa:7c:ed:
                    64:5e:f2:96:ad:e2:46:88:a2:6f:4f:7e:50:f2:8c:
                    8d:c1:9a:dc:2f:ef:15:cb:eb:d9:1d:e3:cc:4a:06:
                    9d:b1:f2:60:21:54:e9:06:21:64:78:16:c1:02:db:
                    ac:55:24:fa:24:4d:5a:f6:8b:5d:cb:b9:d1:10:fe:
                    83:64:e6:09:a0:0d:d5:50:18:de:af:9c:7e:14:00:
                    d3:b4:67:17:64:3e:62:ef:cf:23:45:66:2a:ab:80:
                    38:99:f9:af:6c:2a:05:44:b7:00:b4:05:5c:be:02:
                    17:70:02:8c:68:f1:b0:0c:a4:8f:3d:aa:88:78:78:
                    5f:2e:93:0e:69:1b:e4:cb:68:76:9c:1b:26:d9:9e:
                    75:5d:7e:d7:f9:6f:f4:b6:4b:f9:ae:c0:bd:72:2f:
                    b6:11:3e:87:f9:44:30:06:60:04:95:05:fd:42:32:
                    55:28:f1:d0:ec:53:33:e6:58:b2:86:2b:44:ec:5e:
                    1e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:2C:98:57:81:9C:14:DF:3F:E9:F3:83:1D:A8:A2:6E:4D:B8:39:D5
            X509v3 Authority Key Identifier:
                keyid:AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/JCyYV4GcFN8_6fODHaiibk24OdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c1:79:4f:87:96:50:58:6b:01:db:a6:18:74:d4:43:7d:ee:
         bf:ac:ad:88:b1:ad:fc:34:bc:d5:79:f8:e9:4d:83:f6:44:0b:
         e0:60:ad:99:0d:13:90:c0:be:82:0c:21:69:71:b9:b1:db:2b:
         ca:68:fb:d5:1f:76:28:3b:b8:ef:6f:71:e5:b0:8d:4f:b0:74:
         f3:4b:cb:00:41:96:e4:2c:d2:db:08:cb:c9:22:4c:d5:0c:b5:
         2c:0b:da:73:8f:06:3f:46:53:cd:9c:6b:3f:62:9d:fe:d6:24:
         01:64:31:e8:9e:75:80:86:8d:d9:34:fd:c1:87:19:59:08:45:
         a0:d5:d6:3d:f7:0c:33:a5:c6:aa:88:a2:6c:f5:c4:76:b4:74:
         16:27:30:91:17:1b:0a:df:89:ae:4a:27:5e:fe:27:eb:c7:42:
         b0:8a:56:80:c3:5d:17:db:d8:f5:bc:d6:07:f3:a2:23:47:96:
         78:dd:58:47:a9:fe:82:7f:1a:4d:1f:bf:c3:6b:50:05:dc:16:
         c9:44:39:72:3c:ab:08:0e:1e:b2:4c:c0:1d:df:53:a3:b7:8d:
         e4:fb:5c:90:58:73:c9:e1:1f:3e:6e:53:01:e0:77:c1:54:f9:
         f2:5b:03:ba:38:cd:c2:6b:15:91:62:03:fb:ad:5c:71:59:3d:
         14:47:f1:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlSM0PJrbq06bQBCkWS1PA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjc0NTUxOTMyM2Q4YzJkOTNjMWIxMDdiZjg1ZjYxOTMz
YzcxY2EwHhcNMjUwOTE2MTEwNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDJjOTg1NzgxOWMxNGRmM2ZlOWYzODMxZGE4YTI2ZTRkYjgzOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0G6lCYplN2Zhi0NrCUHjnlNzJM6d
8CMaUnuvE68lEWjskNGlOk82Z8IQw0yNqsj7igqIcqKnf9P8tja2ibSxnE2NztWV
CnP6fO1kXvKWreJGiKJvT35Q8oyNwZrcL+8Vy+vZHePMSgadsfJgIVTpBiFkeBbB
AtusVST6JE1a9otdy7nREP6DZOYJoA3VUBjer5x+FADTtGcXZD5i788jRWYqq4A4
mfmvbCoFRLcAtAVcvgIXcAKMaPGwDKSPPaqIeHhfLpMOaRvky2h2nBsm2Z51XX7X
+W/0tkv5rsC9ci+2ET6H+UQwBmAElQX9QjJVKPHQ7FMz5liyhitE7F4etQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQsmFeBnBTfP+nzgx2oom5NuDnVMB8GA1UdIwQY
MBaAFKpnRVGTI9jC2TwbEHv4X2GTPHHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAt
ZDc4MTJhMzM4MTgzLzEvSkN5WVY0R2NGTjhfNmZPREhhaWliazI0T2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAtZDc4MTJhMzM4MTgz
LzEvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBBwXlPh5ZQWGsB26YYdNRDfe6/rK2Isa38NLzVefjp
TYP2RAvgYK2ZDROQwL6CDCFpcbmx2yvKaPvVH3YoO7jvb3HlsI1PsHTzS8sAQZbk
LNLbCMvJIkzVDLUsC9pzjwY/RlPNnGs/Yp3+1iQBZDHonnWAho3ZNP3BhxlZCEWg
1dY99wwzpcaqiKJs9cR2tHQWJzCRFxsK34muSide/ifrx0KwilaAw10X29j1vNYH
86IjR5Z43VhHqf6CfxpNH7/Da1AF3BbJRDlyPKsIDh6yTMAd31Ojt43k+1yQWHPJ
4R8+blMB4HfBVPnyWwO6OM3CaxWRYgP7rVxxWT0UR/G3
-----END CERTIFICATE-----