Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/JaRJ0VkgZY-pAOHUpfAksmRNPT4.roa
File:                     JaRJ0VkgZY-pAOHUpfAksmRNPT4.roa (raw, json)
Hash identifier:          uuAowSkk49o7aPUMDMEAR0rCVXNjJkNtV+Ttn8WfvGo=
Subject key identifier:   25:A4:49:D1:59:20:65:8F:A9:00:E1:D4:A5:F0:24:B2:64:4D:3D:3E
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       01981C7B18631A5DB6AC74CFBB0FA9C4D37B
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/JaRJ0VkgZY-pAOHUpfAksmRNPT4.roa
Signing time:             Fri 18 Jul 2025 07:41:25 +0000
ROA not before:           Fri 18 Jul 2025 07:41:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20115
IP address blocks:        37.143.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:7b:18:63:1a:5d:b6:ac:74:cf:bb:0f:a9:c4:d3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jul 18 07:41:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25a449d15920658fa900e1d4a5f024b2644d3d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:72:0f:f2:d1:b2:8c:b0:b7:49:52:dc:6d:b9:
                    ea:08:17:67:14:ab:ea:04:96:03:fc:23:1e:eb:88:
                    c1:2c:08:96:1e:23:53:51:28:ee:2f:9e:9f:9c:a4:
                    48:1a:f9:73:64:ec:a9:e9:1d:15:0f:1d:d4:9b:0c:
                    b6:8a:e2:57:84:d0:21:d2:fb:e3:3a:ad:dd:e4:50:
                    18:1d:5b:b0:af:bc:d7:ed:e0:6d:c5:15:32:16:b2:
                    cf:20:3f:c7:50:9f:f3:98:90:f9:ee:22:f6:0d:d8:
                    fc:a4:e7:ad:df:4b:5e:72:8d:6e:9f:0b:13:6d:26:
                    2a:04:b1:da:52:fa:58:c7:6a:1d:83:24:17:ba:14:
                    03:5b:a6:c9:5c:2c:8a:db:0c:81:0c:2f:86:0e:ab:
                    67:ce:a4:b8:4a:30:f1:a0:b3:a5:fd:a6:cf:a4:30:
                    22:ee:8e:6e:55:66:55:ec:de:8e:48:91:45:1d:fe:
                    99:3d:15:d6:98:e4:5e:8e:8c:72:4f:5c:db:d5:82:
                    3a:35:e8:1a:b7:5d:9a:56:3b:9a:37:fd:d9:ce:b4:
                    96:13:a0:79:a3:e1:28:58:c4:55:f4:f3:81:c6:c2:
                    7c:fb:eb:49:93:7a:0d:f7:ad:80:21:9d:87:70:05:
                    3e:a5:6f:fd:0a:28:ad:12:3c:e9:cb:ab:14:d0:6d:
                    f1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A4:49:D1:59:20:65:8F:A9:00:E1:D4:A5:F0:24:B2:64:4D:3D:3E
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/JaRJ0VkgZY-pAOHUpfAksmRNPT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:b8:c0:b1:a1:5e:8e:04:8b:da:d9:36:1c:a2:1c:1a:81:1e:
         8b:95:28:04:c0:63:2b:90:43:32:4c:a8:ab:da:33:ee:d4:ab:
         b7:93:c7:64:08:6e:d0:78:46:4b:c1:ca:13:40:48:f7:9d:c1:
         77:7c:d0:3b:df:31:21:ff:a3:4a:37:c7:5e:75:6f:df:d0:32:
         97:20:07:49:cd:86:8c:46:ca:67:17:51:ab:9c:c3:6d:23:28:
         a4:a6:8b:68:76:4a:68:41:b9:88:68:52:62:c4:ae:26:68:1d:
         ba:9c:a1:31:4c:b1:8b:58:e0:86:e2:e5:d9:68:86:fa:e5:96:
         bd:8d:74:23:6d:67:9e:15:37:43:ff:76:f9:6d:4c:4e:e6:ef:
         7e:05:1d:91:ba:f4:bc:5b:51:31:33:94:5b:11:51:ed:1e:ff:
         f8:15:52:a1:71:86:28:f4:86:1c:09:28:29:44:41:b0:c4:13:
         f2:d7:bc:ea:2c:16:60:3b:25:60:f9:39:66:8b:2d:17:fe:35:
         57:f0:f8:1e:36:b7:97:00:c4:23:3e:b8:ac:3e:1a:6a:df:11:
         da:b7:26:0a:5e:a0:f0:e6:06:3f:56:62:50:2d:8e:cb:83:8f:
         ba:35:69:5d:db:15:e4:e3:d8:54:f9:5e:61:2a:cc:e4:6f:f4:
         83:8a:a9:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgcexhjGl22rHTPuw+pxNN7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjUwNzE4MDc0MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE0NDlkMTU5MjA2NThmYTkwMGUxZDRhNWYwMjRiMjY0NGQzZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnIP8tGyjLC3SVLcbbnqCBdnFKvq
BJYD/CMe64jBLAiWHiNTUSjuL56fnKRIGvlzZOyp6R0VDx3Umwy2iuJXhNAh0vvj
Oq3d5FAYHVuwr7zX7eBtxRUyFrLPID/HUJ/zmJD57iL2Ddj8pOet30teco1unwsT
bSYqBLHaUvpYx2odgyQXuhQDW6bJXCyK2wyBDC+GDqtnzqS4SjDxoLOl/abPpDAi
7o5uVWZV7N6OSJFFHf6ZPRXWmORejoxyT1zb1YI6Negat12aVjuaN/3ZzrSWE6B5
o+EoWMRV9POBxsJ8++tJk3oN962AIZ2HcAU+pW/9CiitEjzpy6sU0G3x2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWkSdFZIGWPqQDh1KXwJLJkTT0+MB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvSmFSSjBWa2daWS1wQU9IVXBmQWtzbVJOUFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8AMA0G
CSqGSIb3DQEBCwUAA4IBAQA6uMCxoV6OBIva2TYcohwagR6LlSgEwGMrkEMyTKir
2jPu1Ku3k8dkCG7QeEZLwcoTQEj3ncF3fNA73zEh/6NKN8dedW/f0DKXIAdJzYaM
RspnF1GrnMNtIyikpotodkpoQbmIaFJixK4maB26nKExTLGLWOCG4uXZaIb65Za9
jXQjbWeeFTdD/3b5bUxO5u9+BR2RuvS8W1ExM5RbEVHtHv/4FVKhcYYo9IYcCSgp
REGwxBPy17zqLBZgOyVg+Tlmiy0X/jVX8PgeNreXAMQjPrisPhpq3xHatyYKXqDw
5gY/VmJQLY7Lg4+6NWld2xXk49hU+V5hKszkb/SDiqkz
-----END CERTIFICATE-----