Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/J-o1V3VSLzMCdRjuU4tshraH4uM.roa
File:                     J-o1V3VSLzMCdRjuU4tshraH4uM.roa (raw, json)
Hash identifier:          qSwZ7yguOElfbwjM7sw6Pq4q4MoRB1afkjuoda40ZgM=
Subject key identifier:   27:EA:35:57:75:52:2F:33:02:75:18:EE:53:8B:6C:86:B6:87:E2:E3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0197D49856C6BD21BBDD64FD7A3A38EBD882
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/J-o1V3VSLzMCdRjuU4tshraH4uM.roa
Signing time:             Fri 04 Jul 2025 08:40:42 +0000
ROA not before:           Fri 04 Jul 2025 08:40:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47585
IP address blocks:        193.8.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:98:56:c6:bd:21:bb:dd:64:fd:7a:3a:38:eb:d8:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul  4 08:40:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27ea355775522f33027518ee538b6c86b687e2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0e:f1:51:20:e9:e7:20:92:e3:22:89:10:2e:
                    d4:1c:aa:54:80:98:b2:ff:e9:83:cd:e3:5d:ca:06:
                    3f:9f:a1:ef:75:a7:b9:0e:1c:36:ef:f7:11:41:e5:
                    ed:dc:48:a2:27:38:44:7e:b5:05:43:ee:5f:2e:f9:
                    77:57:1b:07:7b:17:a2:42:18:21:9c:0f:33:81:d8:
                    40:5b:b1:ee:00:51:ac:ea:26:26:3d:58:b0:01:25:
                    8c:7c:71:85:7e:b6:e7:00:6f:f5:ef:3e:66:bc:32:
                    0d:bc:da:22:b3:b2:fa:5a:83:cd:1c:cc:d5:c9:7b:
                    79:fe:c2:f6:b6:ac:6a:95:21:27:68:ef:94:22:f1:
                    e1:95:33:67:82:24:cc:1a:10:75:b1:28:18:d0:41:
                    8b:11:26:e3:f0:c4:77:27:70:40:e0:4a:c5:31:5a:
                    d0:fd:59:89:16:fa:ec:76:43:52:ff:0a:5e:8a:05:
                    ff:2c:29:b8:bd:93:ef:8f:30:ed:05:48:b5:4b:2c:
                    54:7f:56:0a:cb:f0:bd:c6:00:85:fc:6b:eb:e1:3d:
                    00:63:a0:1c:da:7e:6f:b1:5e:2a:b7:0e:d4:1b:ec:
                    12:f4:3b:bb:02:5b:b4:e0:3f:55:e8:2b:57:52:83:
                    5e:64:b1:63:84:24:99:3a:45:9c:19:e2:a8:d5:f8:
                    ad:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:EA:35:57:75:52:2F:33:02:75:18:EE:53:8B:6C:86:B6:87:E2:E3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/J-o1V3VSLzMCdRjuU4tshraH4uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:07:77:3f:b3:85:4f:cc:61:98:c7:e4:49:90:84:ad:2c:af:
         87:c5:95:35:e4:a7:f6:56:b6:e1:13:e1:6b:79:aa:4f:0c:7c:
         34:50:7a:37:18:39:f9:67:1c:36:09:bd:2b:a9:a1:61:cd:97:
         93:07:b4:c9:08:05:08:c1:3a:b3:b5:fa:3e:7b:cf:f4:39:9e:
         57:5a:45:1f:48:88:0c:08:02:83:a7:40:92:69:2b:ac:38:78:
         3d:07:43:39:28:2c:e0:76:9c:e3:15:4e:2c:5c:22:d2:00:2c:
         5c:ff:b8:c7:46:b3:95:1b:de:50:7e:48:46:2a:6a:d9:d1:df:
         51:ba:1a:e7:25:dc:8d:d2:63:8f:54:bf:2c:f3:ba:1b:ee:12:
         d2:33:98:64:ad:35:f7:dc:af:ee:34:1c:26:2a:84:46:d4:a0:
         cb:1d:d7:03:31:ae:34:01:31:72:fb:a7:9e:57:ce:21:9a:13:
         d1:e8:17:16:98:e2:22:18:af:b7:94:84:86:87:f5:c0:d9:d7:
         e0:b6:38:c0:6b:fb:ba:4b:9b:50:56:ad:71:19:5f:c1:db:25:
         12:7f:9c:2e:b6:13:5a:f0:eb:23:a0:d7:89:5d:6f:74:02:b7:
         fd:c5:0e:24:7a:a6:a7:07:c5:09:0f:43:4e:69:60:2d:7c:e6:
         a7:c5:12:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfUmFbGvSG73WT9ejo469iCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzA0MDg0MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2VhMzU1Nzc1NTIyZjMzMDI3NTE4ZWU1MzhiNmM4NmI2ODdlMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg7xUSDp5yCS4yKJEC7UHKpUgJiy
/+mDzeNdygY/n6Hvdae5Dhw27/cRQeXt3EiiJzhEfrUFQ+5fLvl3VxsHexeiQhgh
nA8zgdhAW7HuAFGs6iYmPViwASWMfHGFfrbnAG/17z5mvDINvNois7L6WoPNHMzV
yXt5/sL2tqxqlSEnaO+UIvHhlTNngiTMGhB1sSgY0EGLESbj8MR3J3BA4ErFMVrQ
/VmJFvrsdkNS/wpeigX/LCm4vZPvjzDtBUi1SyxUf1YKy/C9xgCF/Gvr4T0AY6Ac
2n5vsV4qtw7UG+wS9Du7Alu04D9V6CtXUoNeZLFjhCSZOkWcGeKo1fitPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfqNVd1Ui8zAnUY7lOLbIa2h+LjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSi1vMVYzVlNMek1DZFJqdVU0dHNocmFINHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhxMA0G
CSqGSIb3DQEBCwUAA4IBAQCRB3c/s4VPzGGYx+RJkIStLK+HxZU15Kf2VrbhE+Fr
eapPDHw0UHo3GDn5Zxw2Cb0rqaFhzZeTB7TJCAUIwTqztfo+e8/0OZ5XWkUfSIgM
CAKDp0CSaSusOHg9B0M5KCzgdpzjFU4sXCLSACxc/7jHRrOVG95QfkhGKmrZ0d9R
uhrnJdyN0mOPVL8s87ob7hLSM5hkrTX33K/uNBwmKoRG1KDLHdcDMa40ATFy+6ee
V84hmhPR6BcWmOIiGK+3lISGh/XA2dfgtjjAa/u6S5tQVq1xGV/B2yUSf5wuthNa
8OsjoNeJXW90Arf9xQ4keqanB8UJD0NOaWAtfOanxRK1
-----END CERTIFICATE-----