Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfVg2a5pAi61HF6W0lENi_X8DUc.roa
File:                     JfVg2a5pAi61HF6W0lENi_X8DUc.roa (raw, json)
Hash identifier:          Mi/UBjA1CVg3EI0zZ/Mvz8hNoPR4p0IzucKiACeunmw=
Subject key identifier:   25:F5:60:D9:AE:69:02:2E:B5:1C:5E:96:D2:51:0D:8B:F5:FC:0D:47
Certificate issuer:       /CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
Certificate serial:       019424B39CE6580B056312B05E7CACA5305E
Authority key identifier: D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfVg2a5pAi61HF6W0lENi_X8DUc.roa
Signing time:             Thu 02 Jan 2025 01:48:58 +0000
ROA not before:           Thu 02 Jan 2025 01:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201150
IP address blocks:        91.217.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9c:e6:58:0b:05:63:12:b0:5e:7c:ac:a5:30:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
        Validity
            Not Before: Jan  2 01:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25f560d9ae69022eb51c5e96d2510d8bf5fc0d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9b:52:6e:5e:d2:dc:f6:f2:a8:7e:4b:43:66:
                    35:e8:be:5f:25:76:ee:48:c7:a7:73:c6:72:3d:ce:
                    b2:fa:17:fc:a2:59:0b:1a:f4:54:f3:15:47:ac:55:
                    7a:80:cb:3a:00:b9:bb:e2:0c:2d:e1:16:8a:89:2a:
                    3c:e0:30:a5:04:75:53:f9:d2:a3:e0:f7:dc:ea:fc:
                    6f:91:4f:c4:1e:13:9c:b4:55:b4:08:9a:58:4a:15:
                    ea:c9:6c:09:67:0a:02:e4:4c:26:d1:0c:63:35:d3:
                    db:0c:5c:53:7a:e2:cf:81:07:e0:3b:cc:08:f9:54:
                    a0:01:95:30:5c:48:d5:94:51:f9:9a:d7:73:d5:18:
                    a4:6a:27:d0:58:9e:da:22:c4:3d:e4:9f:d4:80:e4:
                    b1:fc:30:3b:fe:40:45:2c:d9:fc:c5:e7:6f:1e:a3:
                    ee:0f:1f:c5:00:8f:b2:c8:90:ee:81:1d:d8:bd:70:
                    00:ae:74:bd:ec:5a:3b:e2:4d:ae:ef:0a:8b:9e:7a:
                    7e:9e:39:22:26:de:74:ab:b2:96:97:45:af:ad:48:
                    c6:33:da:b0:65:16:0b:59:fe:e9:bf:5e:32:5e:b9:
                    3b:f0:a8:6f:be:bf:7b:b1:c6:3c:f8:0f:66:ca:ba:
                    d5:ba:0a:8c:cd:56:c4:ad:d3:d7:f5:be:a2:ef:0a:
                    e5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F5:60:D9:AE:69:02:2E:B5:1C:5E:96:D2:51:0D:8B:F5:FC:0D:47
            X509v3 Authority Key Identifier:
                keyid:D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfVg2a5pAi61HF6W0lENi_X8DUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ce:7c:fb:cb:b2:53:52:ef:d1:fd:56:ab:19:b6:0c:f1:bc:
         53:05:5f:8a:d1:b3:99:51:2f:9b:5d:38:5a:0b:ed:eb:0e:d9:
         45:82:24:0a:9a:70:3f:25:2f:82:e2:05:e7:04:7e:47:04:75:
         c8:32:9d:6f:92:5c:b1:5c:7a:60:cf:de:ae:32:14:e6:55:33:
         1c:3f:d4:cd:00:89:9f:9f:0e:fa:35:73:a6:33:5c:6f:e6:80:
         4a:07:31:57:c6:5a:f0:a0:32:24:b0:d8:97:00:a6:3e:37:96:
         60:a6:f0:e9:85:c0:a8:2d:75:1d:2b:d9:50:42:7c:ce:42:34:
         3e:f5:3f:fc:87:d0:09:69:2f:97:96:40:1e:48:5c:57:8e:47:
         fe:ae:5c:e2:2e:c7:b1:51:89:65:c8:7a:58:67:2d:f3:49:d2:
         cb:eb:25:4c:40:e4:0b:bc:55:e2:d9:06:90:e7:17:0b:80:2b:
         2b:10:ad:35:a6:de:66:aa:f6:6c:fb:2f:a6:e0:6d:99:56:44:
         f5:3c:99:4a:37:13:5e:1c:8c:85:13:0a:53:4e:af:25:c6:cd:
         17:c4:77:93:7c:37:7c:13:03:a4:a5:d6:ad:73:4a:d1:f5:54:
         3b:5a:06:13:fc:7a:be:bd:74:ad:85:67:de:a8:78:d5:40:9a:
         eb:45:e3:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5zmWAsFYxKwXnyspTBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTViZWU1NjA1NjMwZjcwNDhiMWZmYjNmMDAzYjM5ZDI5
ZTQ3YTAwHhcNMjUwMTAyMDE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY1NjBkOWFlNjkwMjJlYjUxYzVlOTZkMjUxMGQ4YmY1ZmMwZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5tSbl7S3PbyqH5LQ2Y16L5fJXbu
SMenc8ZyPc6y+hf8olkLGvRU8xVHrFV6gMs6ALm74gwt4RaKiSo84DClBHVT+dKj
4Pfc6vxvkU/EHhOctFW0CJpYShXqyWwJZwoC5Ewm0QxjNdPbDFxTeuLPgQfgO8wI
+VSgAZUwXEjVlFH5mtdz1RikaifQWJ7aIsQ95J/UgOSx/DA7/kBFLNn8xedvHqPu
Dx/FAI+yyJDugR3YvXAArnS97Fo74k2u7wqLnnp+njkiJt50q7KWl0WvrUjGM9qw
ZRYLWf7pv14yXrk78Khvvr97scY8+A9myrrVugqMzVbErdPX9b6i7wrlWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX1YNmuaQIutRxeltJRDYv1/A1HMB8GA1UdIwQY
MBaAFNiVvuVgVjD3BIsf+z8AOznSnkegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYt
MjAyYTA5ODBjMTc2LzEvSmZWZzJhNXBBaTYxSEY2VzBsRU5pX1g4RFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYtMjAyYTA5ODBjMTc2
LzEvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nxMA0G
CSqGSIb3DQEBCwUAA4IBAQBRznz7y7JTUu/R/VarGbYM8bxTBV+K0bOZUS+bXTha
C+3rDtlFgiQKmnA/JS+C4gXnBH5HBHXIMp1vklyxXHpgz96uMhTmVTMcP9TNAImf
nw76NXOmM1xv5oBKBzFXxlrwoDIksNiXAKY+N5ZgpvDphcCoLXUdK9lQQnzOQjQ+
9T/8h9AJaS+XlkAeSFxXjkf+rlziLsexUYllyHpYZy3zSdLL6yVMQOQLvFXi2QaQ
5xcLgCsrEK01pt5mqvZs+y+m4G2ZVkT1PJlKNxNeHIyFEwpTTq8lxs0XxHeTfDd8
EwOkpdatc0rR9VQ7WgYT/Hq+vXSthWfeqHjVQJrrReOI
-----END CERTIFICATE-----