Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/JB3l4VQuYx4Yg--AMXAOeonWATw.roa
File:                     JB3l4VQuYx4Yg--AMXAOeonWATw.roa (raw, json)
Hash identifier:          F6P42NZdNyijqnFH4Qe+3KE7eq4NaGlBJfz3rllDR4E=
Subject key identifier:   24:1D:E5:E1:54:2E:63:1E:18:83:EF:80:31:70:0E:7A:89:D6:01:3C
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       019423D787D8602347C28D39D926FFC83E3D
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/JB3l4VQuYx4Yg--AMXAOeonWATw.roa
Signing time:             Wed 01 Jan 2025 21:48:35 +0000
ROA not before:           Wed 01 Jan 2025 21:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198116
IP address blocks:        87.110.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:87:d8:60:23:47:c2:8d:39:d9:26:ff:c8:3e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  1 21:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=241de5e1542e631e1883ef8031700e7a89d6013c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:67:ec:e1:f8:0e:05:62:84:85:57:dd:1d:68:
                    1f:6d:15:a7:ab:2f:ca:81:d1:ae:e2:35:9c:10:1b:
                    01:bd:cf:e4:b4:38:0b:f1:77:51:a6:e6:8d:8a:9c:
                    c2:7d:bc:98:ac:09:9d:6e:60:3a:64:e2:c1:7b:67:
                    52:bc:f3:8e:55:68:94:98:6a:a6:7f:d0:ef:70:92:
                    99:71:99:69:d9:58:65:b3:4b:f1:ab:e2:ff:08:ec:
                    49:05:2e:c3:19:36:9b:f8:f6:5b:27:ff:22:bd:0a:
                    36:03:73:3b:bc:d0:e4:58:21:3e:a9:a3:75:06:52:
                    68:0e:61:60:16:a3:ba:e7:fd:01:54:33:56:fc:4d:
                    b8:c7:49:c6:54:42:35:9c:6b:08:ff:d7:a3:7d:b8:
                    09:f7:28:52:a9:a6:e6:31:cc:31:fe:d4:70:3d:db:
                    7d:28:96:8f:59:81:ef:60:58:13:97:0e:79:63:73:
                    55:dd:27:e1:ee:5c:e4:ae:ba:61:2e:cd:72:12:6a:
                    6a:cd:8f:b2:c7:b8:09:b8:7f:8e:12:d0:3a:0a:82:
                    e5:a9:c7:f3:4f:07:4b:65:3b:fa:50:bc:5e:8e:55:
                    eb:70:d0:92:8a:db:95:fc:05:16:bb:56:57:bf:f3:
                    7f:f4:61:92:d2:12:b0:51:09:45:b4:98:40:2f:2a:
                    21:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1D:E5:E1:54:2E:63:1E:18:83:EF:80:31:70:0E:7A:89:D6:01:3C
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/JB3l4VQuYx4Yg--AMXAOeonWATw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.110.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:9f:50:3d:44:a7:6e:bd:b2:3d:ce:5d:9d:34:c5:36:5d:fb:
         7d:85:89:93:25:4c:7e:6b:dd:ba:3c:48:f2:98:85:43:ad:64:
         fd:02:e9:51:92:aa:c4:5d:93:a6:31:b9:a4:05:5d:e3:4f:cf:
         57:b9:eb:4c:26:3e:e0:67:90:de:3c:72:8d:a5:a9:f6:a0:cc:
         9c:c2:89:6b:42:12:4b:94:4d:cf:f5:82:4c:c4:77:e0:67:a7:
         1b:37:01:dd:27:93:4a:b1:b1:b0:75:7d:12:24:c7:bb:8b:d2:
         10:1f:e0:01:36:80:c4:28:12:e9:9b:b2:31:c8:49:94:f7:45:
         72:8b:c3:09:e9:7b:7b:ca:55:9f:fa:64:c4:e9:b0:01:f8:df:
         74:95:b7:7b:67:62:2b:1d:41:32:2b:dd:20:25:3f:f2:e3:d4:
         d5:80:e5:de:95:04:be:a2:f4:93:00:9b:3c:e5:e3:13:0d:45:
         ff:2e:3b:0e:a0:e9:51:ab:49:56:82:4e:66:62:e7:e2:c4:81:
         c3:06:9f:64:e5:23:03:05:38:94:e9:c7:c5:b7:07:66:5a:e7:
         cb:dc:e3:d7:5d:c6:19:5c:69:bd:7a:ce:21:d3:21:ed:cf:71:
         a9:5f:6c:29:c4:a5:a8:5f:19:7f:c4:56:bb:fa:71:35:c7:c7:
         76:fb:c3:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14fYYCNHwo052Sb/yD49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjUwMTAxMjE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFkZTVlMTU0MmU2MzFlMTg4M2VmODAzMTcwMGU3YTg5ZDYwMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWfs4fgOBWKEhVfdHWgfbRWnqy/K
gdGu4jWcEBsBvc/ktDgL8XdRpuaNipzCfbyYrAmdbmA6ZOLBe2dSvPOOVWiUmGqm
f9DvcJKZcZlp2Vhls0vxq+L/COxJBS7DGTab+PZbJ/8ivQo2A3M7vNDkWCE+qaN1
BlJoDmFgFqO65/0BVDNW/E24x0nGVEI1nGsI/9ejfbgJ9yhSqabmMcwx/tRwPdt9
KJaPWYHvYFgTlw55Y3NV3Sfh7lzkrrphLs1yEmpqzY+yx7gJuH+OEtA6CoLlqcfz
TwdLZTv6ULxejlXrcNCSituV/AUWu1ZXv/N/9GGS0hKwUQlFtJhALyohewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQd5eFULmMeGIPvgDFwDnqJ1gE8MB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvSkIzbDRWUXVZeDRZZy0tQU1YQU9lb25XQVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV27MMA0G
CSqGSIb3DQEBCwUAA4IBAQAZn1A9RKduvbI9zl2dNMU2Xft9hYmTJUx+a926PEjy
mIVDrWT9AulRkqrEXZOmMbmkBV3jT89XuetMJj7gZ5DePHKNpan2oMycwolrQhJL
lE3P9YJMxHfgZ6cbNwHdJ5NKsbGwdX0SJMe7i9IQH+ABNoDEKBLpm7IxyEmU90Vy
i8MJ6Xt7ylWf+mTE6bAB+N90lbd7Z2IrHUEyK90gJT/y49TVgOXelQS+ovSTAJs8
5eMTDUX/LjsOoOlRq0lWgk5mYufixIHDBp9k5SMDBTiU6cfFtwdmWufL3OPXXcYZ
XGm9es4h0yHtz3GpX2wpxKWoXxl/xFa7+nE1x8d2+8Mn
-----END CERTIFICATE-----