Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfaHdSfbGbjNcRqTwPPnDuZCz2Q.roa
File:                     JfaHdSfbGbjNcRqTwPPnDuZCz2Q.roa (raw, json)
Hash identifier:          R/95vyVR+ZB6Kflzj/IijdYMFvW8MCDKNUWdsXG1x5Y=
Subject key identifier:   25:F6:87:75:27:DB:19:B8:CD:71:1A:93:C0:F3:E7:0E:E6:42:CF:64
Certificate issuer:       /CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
Certificate serial:       0197DF5ED1259294E3BBD9248A1A450A390E
Authority key identifier: D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfaHdSfbGbjNcRqTwPPnDuZCz2Q.roa
Signing time:             Sun 06 Jul 2025 10:53:42 +0000
ROA not before:           Sun 06 Jul 2025 10:53:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213644
IP address blocks:        91.217.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 21:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:5e:d1:25:92:94:e3:bb:d9:24:8a:1a:45:0a:39:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
        Validity
            Not Before: Jul  6 10:53:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25f6877527db19b8cd711a93c0f3e70ee642cf64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:47:64:1f:de:a8:ee:46:c6:14:78:81:5b:30:
                    30:54:2d:ef:cb:3a:8a:e6:ab:36:7e:f8:5c:ba:91:
                    0a:7a:b5:34:12:22:c3:37:b7:e5:38:16:b0:bf:9a:
                    6a:40:20:77:b7:5e:b4:e7:1c:fd:22:86:5f:f1:9a:
                    97:62:83:eb:c7:80:8e:2b:b0:57:ef:08:19:f7:d9:
                    a5:a9:24:c8:74:da:b4:ea:4d:de:14:50:71:c6:74:
                    61:17:d3:ef:31:b7:ac:03:83:6f:f3:d8:f8:e6:54:
                    3a:ca:7b:69:9d:d7:e7:9b:57:9f:8e:53:20:9a:42:
                    f8:40:a8:51:63:7b:e9:36:e2:43:21:d9:a5:83:0b:
                    ed:ed:a2:89:6c:ee:d3:7e:77:e8:e7:0a:1e:ce:66:
                    87:24:10:bd:99:d4:77:bd:70:82:74:5f:5d:fd:4c:
                    08:bf:39:c2:b4:b7:6e:cf:59:38:e5:f3:1b:3e:fe:
                    7f:c0:10:33:df:c0:01:7a:69:f5:ef:ff:fd:4d:09:
                    01:47:42:e8:a6:54:8f:52:61:ac:38:4a:f3:16:ea:
                    2a:dd:d7:bd:0e:b5:ff:0e:1a:eb:eb:69:d5:42:31:
                    2a:95:cb:17:96:91:e4:1f:44:52:82:9e:ec:66:2e:
                    2f:83:52:d2:cb:f6:bd:25:6d:a8:98:4a:75:0f:ba:
                    11:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F6:87:75:27:DB:19:B8:CD:71:1A:93:C0:F3:E7:0E:E6:42:CF:64
            X509v3 Authority Key Identifier:
                keyid:D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/JfaHdSfbGbjNcRqTwPPnDuZCz2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:20:e1:2b:4a:f8:73:69:cb:6e:df:2d:1f:d4:70:84:96:5f:
         12:1e:82:5b:fd:21:ae:57:40:38:a2:56:c5:48:51:d0:b0:a2:
         90:f0:da:49:d5:f6:b9:85:e6:ae:5f:60:bd:c3:42:a2:d6:f2:
         c5:73:30:a8:74:f4:c4:ca:4f:35:5b:3c:c2:75:dc:0a:6f:ea:
         69:01:81:91:8a:ce:20:4c:ca:8f:e5:5c:61:8c:ca:53:07:91:
         2c:be:28:ec:8e:24:ad:71:48:56:1b:2d:24:03:c4:48:f4:91:
         a5:2a:ba:2a:b8:9a:91:84:1d:e1:b0:91:90:29:01:25:b5:68:
         78:9c:06:71:a5:5c:59:4d:af:15:53:d9:cd:ab:15:ce:d1:79:
         c3:b0:bd:0a:5b:e4:d3:af:89:81:9d:bc:76:d7:ef:e0:1b:d6:
         83:04:b3:4e:15:27:21:40:d0:b8:55:0a:f4:cf:c5:76:c7:3e:
         fc:3e:5b:3e:73:2d:cc:4c:b9:ad:13:26:5e:34:7c:6a:3c:82:
         6b:cd:0c:46:70:6a:c5:a1:10:14:32:0b:87:6f:c8:8a:44:c1:
         56:87:ca:68:c3:ae:65:91:6a:8f:0c:b2:13:e0:c8:b7:87:0b:
         a4:db:ab:15:05:2f:25:73:ec:7e:8e:77:32:4b:2c:58:20:aa:
         59:94:3f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffXtElkpTju9kkihpFCjkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTViZWU1NjA1NjMwZjcwNDhiMWZmYjNmMDAzYjM5ZDI5
ZTQ3YTAwHhcNMjUwNzA2MTA1MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY2ODc3NTI3ZGIxOWI4Y2Q3MTFhOTNjMGYzZTcwZWU2NDJjZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0dkH96o7kbGFHiBWzAwVC3vyzqK
5qs2fvhcupEKerU0EiLDN7flOBawv5pqQCB3t1605xz9IoZf8ZqXYoPrx4COK7BX
7wgZ99mlqSTIdNq06k3eFFBxxnRhF9PvMbesA4Nv89j45lQ6yntpndfnm1efjlMg
mkL4QKhRY3vpNuJDIdmlgwvt7aKJbO7Tfnfo5woezmaHJBC9mdR3vXCCdF9d/UwI
vznCtLduz1k45fMbPv5/wBAz38ABemn17//9TQkBR0LoplSPUmGsOErzFuoq3de9
DrX/Dhrr62nVQjEqlcsXlpHkH0RSgp7sZi4vg1LSy/a9JW2omEp1D7oRFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX2h3Un2xm4zXEak8Dz5w7mQs9kMB8GA1UdIwQY
MBaAFNiVvuVgVjD3BIsf+z8AOznSnkegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYt
MjAyYTA5ODBjMTc2LzEvSmZhSGRTZmJHYmpOY1JxVHdQUG5EdVpDejJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYtMjAyYTA5ODBjMTc2
LzEvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nxMA0G
CSqGSIb3DQEBCwUAA4IBAQB7IOErSvhzactu3y0f1HCEll8SHoJb/SGuV0A4olbF
SFHQsKKQ8NpJ1fa5heauX2C9w0Ki1vLFczCodPTEyk81WzzCddwKb+ppAYGRis4g
TMqP5VxhjMpTB5EsvijsjiStcUhWGy0kA8RI9JGlKroquJqRhB3hsJGQKQEltWh4
nAZxpVxZTa8VU9nNqxXO0XnDsL0KW+TTr4mBnbx21+/gG9aDBLNOFSchQNC4VQr0
z8V2xz78Pls+cy3MTLmtEyZeNHxqPIJrzQxGcGrFoRAUMguHb8iKRMFWh8pow65l
kWqPDLIT4Mi3hwuk26sVBS8lc+x+jncySyxYIKpZlD8E
-----END CERTIFICATE-----