Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/AN-J-6GFY5zJ2UYJ_lJbkwClajQ.roa
File:                     AN-J-6GFY5zJ2UYJ_lJbkwClajQ.roa (raw, json)
Hash identifier:          MbFXR62w8piSQzBIPTa5Z9TkgtnwQMMr5t3hau8DPHA=
Subject key identifier:   00:DF:89:FB:A1:85:63:9C:C9:D9:46:09:FE:52:5B:93:00:A5:6A:34
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       01980D7EC6444A441DC22C76B96B46D23733
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/AN-J-6GFY5zJ2UYJ_lJbkwClajQ.roa
Signing time:             Tue 15 Jul 2025 09:51:08 +0000
ROA not before:           Tue 15 Jul 2025 09:51:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50461
IP address blocks:        195.96.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:7e:c6:44:4a:44:1d:c2:2c:76:b9:6b:46:d2:37:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jul 15 09:51:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00df89fba185639cc9d94609fe525b9300a56a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d9:16:ac:cc:a4:a0:0e:41:6b:bb:ee:a1:6d:
                    70:6a:ae:b8:6b:5f:b1:40:a2:60:2b:95:e6:64:a4:
                    17:41:b3:0b:bb:c5:3f:13:b2:e5:49:bf:45:fe:b5:
                    09:19:e8:87:03:45:36:a8:fd:36:62:2b:ce:46:9d:
                    ed:cc:ac:e7:f5:21:22:cd:30:fe:28:d2:c9:4d:2a:
                    bb:1d:b0:fa:fa:0d:28:af:0c:22:1f:5d:61:22:6d:
                    1d:b3:e9:1a:84:85:57:0b:ca:10:e4:24:82:34:39:
                    9d:27:e5:56:ee:02:e2:03:d0:78:d1:6d:fd:91:0c:
                    dd:de:e4:25:0e:96:35:b5:45:9d:1b:18:52:8a:e4:
                    b0:75:81:d5:9d:03:f6:14:48:10:e5:15:e0:fd:c8:
                    60:ef:cc:0e:9f:a9:ed:39:0f:e3:95:26:c2:83:f9:
                    d9:76:fc:9e:e6:0d:31:92:d1:7f:d4:2e:79:84:0d:
                    99:ac:a8:0c:e6:34:04:48:1d:33:5d:ee:a4:0b:a5:
                    d0:46:43:95:ee:25:97:9a:ad:8b:f5:f9:06:8a:1f:
                    c3:6c:3c:3d:62:3e:a5:fd:b4:47:c2:9a:2a:7e:f3:
                    c2:b7:35:b4:9d:b6:58:37:a4:ed:a4:a1:ef:cf:d4:
                    9a:b4:6d:36:e8:86:17:cf:e5:e8:53:f7:01:42:fd:
                    40:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DF:89:FB:A1:85:63:9C:C9:D9:46:09:FE:52:5B:93:00:A5:6A:34
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/AN-J-6GFY5zJ2UYJ_lJbkwClajQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:94:67:65:5d:a5:c4:d9:81:03:0e:9e:6d:0b:05:5e:60:75:
         72:9b:2e:a8:cd:69:17:de:dc:20:89:10:0a:9b:50:5d:28:c3:
         2c:f6:d2:22:b8:2b:44:d0:05:60:fd:04:de:f5:4b:c6:82:52:
         9c:fe:50:74:d4:34:67:db:07:3a:c1:76:f6:78:73:1e:08:c2:
         13:5c:9c:c3:42:42:b9:a4:dc:34:94:18:b2:f9:82:4d:54:6a:
         f8:ae:cf:3b:2c:4f:44:e5:a8:b4:91:96:c5:5f:b0:26:0e:70:
         b1:3c:9e:f7:9c:31:15:1e:96:69:f2:5d:cc:60:c8:8c:60:81:
         c8:d0:c0:5b:08:ae:f9:ac:8d:12:f8:72:03:02:74:25:a5:f4:
         43:7e:4d:b6:39:3c:a7:36:e9:59:3a:5f:58:3c:51:6d:6e:a7:
         bd:75:43:9a:ee:04:21:ff:ed:43:d4:25:af:28:e0:b2:34:2f:
         6c:92:9f:53:15:6b:7c:8a:0a:25:f3:44:34:87:38:da:e8:40:
         b6:52:fb:32:26:c8:8f:f7:e6:bc:8c:35:cd:34:4c:13:cf:39:
         d0:04:0f:4b:80:33:c6:48:27:d5:34:98:d5:41:a6:da:2f:ce:
         d8:86:9b:8f:3b:1b:9b:b0:8f:77:0a:4d:b3:71:39:ab:f8:31:
         db:aa:73:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgNfsZESkQdwix2uWtG0jczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNzE1MDk1MTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRmODlmYmExODU2MzljYzlkOTQ2MDlmZTUyNWI5MzAwYTU2YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptkWrMykoA5Ba7vuoW1waq64a1+x
QKJgK5XmZKQXQbMLu8U/E7LlSb9F/rUJGeiHA0U2qP02YivORp3tzKzn9SEizTD+
KNLJTSq7HbD6+g0orwwiH11hIm0ds+kahIVXC8oQ5CSCNDmdJ+VW7gLiA9B40W39
kQzd3uQlDpY1tUWdGxhSiuSwdYHVnQP2FEgQ5RXg/chg78wOn6ntOQ/jlSbCg/nZ
dvye5g0xktF/1C55hA2ZrKgM5jQESB0zXe6kC6XQRkOV7iWXmq2L9fkGih/DbDw9
Yj6l/bRHwpoqfvPCtzW0nbZYN6TtpKHvz9SatG026IYXz+XoU/cBQv1AdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADfifuhhWOcydlGCf5SW5MApWo0MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvQU4tSi02R0ZZNXpKMlVZSl9sSmJrd0NsYWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CcMA0G
CSqGSIb3DQEBCwUAA4IBAQBvlGdlXaXE2YEDDp5tCwVeYHVymy6ozWkX3twgiRAK
m1BdKMMs9tIiuCtE0AVg/QTe9UvGglKc/lB01DRn2wc6wXb2eHMeCMITXJzDQkK5
pNw0lBiy+YJNVGr4rs87LE9E5ai0kZbFX7AmDnCxPJ73nDEVHpZp8l3MYMiMYIHI
0MBbCK75rI0S+HIDAnQlpfRDfk22OTynNulZOl9YPFFtbqe9dUOa7gQh/+1D1CWv
KOCyNC9skp9TFWt8igol80Q0hzja6EC2UvsyJsiP9+a8jDXNNEwTzznQBA9LgDPG
SCfVNJjVQabaL87YhpuPOxubsI93Ck2zcTmr+DHbqnN1
-----END CERTIFICATE-----