Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/S-JnIhmXL5e2DsjQFgno_k2Vz8E.roa
File:                     S-JnIhmXL5e2DsjQFgno_k2Vz8E.roa (raw, json)
Hash identifier:          /YQsaxBTg9/GiAQu4cI2KHBUoCqKcZjkOS7l2+NOeWg=
Subject key identifier:   4B:E2:67:22:19:97:2F:97:B6:0E:C8:D0:16:09:E8:FE:4D:95:CF:C1
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       0197D768DB0A4A2A2041AAAE494C795E25E7
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/S-JnIhmXL5e2DsjQFgno_k2Vz8E.roa
Signing time:             Fri 04 Jul 2025 21:47:42 +0000
ROA not before:           Fri 04 Jul 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209823
IP address blocks:        5.144.32.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d7:68:db:0a:4a:2a:20:41:aa:ae:49:4c:79:5e:25:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jul  4 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4be2672219972f97b60ec8d01609e8fe4d95cfc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:03:d6:3c:b3:c8:b3:6e:6d:2e:55:1a:85:5d:
                    53:3f:df:66:16:76:00:08:ae:3f:f6:a6:42:6b:a3:
                    fb:96:ba:09:ee:e2:91:69:31:32:89:96:b4:48:9e:
                    c2:ab:3c:33:09:fd:dc:dd:de:14:85:da:2f:e7:bb:
                    5d:60:5e:fb:23:ea:75:b6:62:cb:cd:99:04:ea:4a:
                    5e:53:9c:2e:f6:b3:5d:4b:42:1d:20:f7:a2:cd:23:
                    e7:26:2c:64:c2:ae:28:fb:26:e4:31:18:87:c7:4a:
                    6b:9f:66:3b:a8:fd:1c:c9:cd:e6:98:ae:48:da:d7:
                    1e:81:be:8a:0f:c1:22:e0:59:20:86:16:24:ee:ef:
                    1e:e4:ec:99:e9:1e:e8:5f:19:69:1a:65:c0:84:e6:
                    82:d6:db:00:49:08:e5:e6:b6:de:48:fe:92:f0:2a:
                    20:44:f2:f2:22:bb:f2:cf:73:c8:95:a5:29:2d:49:
                    6f:7d:26:7c:00:29:67:ff:5d:aa:e0:d3:26:b4:77:
                    cb:44:42:15:f0:77:ee:92:66:d1:09:2b:d3:63:35:
                    16:cf:72:9d:a2:0f:99:b5:7d:ed:2d:d6:46:b1:a7:
                    84:43:c0:65:6a:c9:ac:19:71:37:6b:cb:a2:fc:69:
                    06:2f:26:d8:03:d3:17:63:bf:9b:f5:26:3a:d4:2e:
                    ae:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E2:67:22:19:97:2F:97:B6:0E:C8:D0:16:09:E8:FE:4D:95:CF:C1
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/S-JnIhmXL5e2DsjQFgno_k2Vz8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:0e:ad:f8:93:e3:fd:7b:12:b1:6a:72:bf:07:bb:c0:6e:fd:
         e4:44:7a:66:a4:df:82:7b:fe:2d:62:0e:27:f7:e1:84:32:34:
         97:e6:a6:cf:d6:fd:4c:6f:a0:61:e4:20:9e:70:8a:5b:8d:d2:
         41:49:7c:7c:d0:4a:b5:b3:21:af:40:63:64:b6:63:91:df:06:
         d7:d2:04:2d:00:57:23:b3:23:5a:c4:f7:75:07:97:1b:e1:f0:
         50:85:54:b3:85:d7:e2:10:20:3d:8a:62:fc:d3:cc:bd:74:71:
         df:16:75:35:a1:06:65:e0:c4:ff:a7:ed:e0:22:0c:7f:98:55:
         c5:9e:71:91:96:f2:b6:ac:25:e1:a9:e0:c0:38:7e:3f:84:10:
         36:d2:0b:3f:fd:d6:bc:4b:4f:18:92:6e:6a:86:9f:13:6d:a8:
         26:c1:8b:f1:1a:fa:8e:ee:f2:8b:14:20:c2:9e:87:c0:7d:91:
         a4:0e:b0:b3:ee:ee:fb:07:ec:b6:1c:36:76:a7:13:55:34:83:
         fa:3b:57:3f:4f:4f:9e:38:6b:44:6f:e6:d8:39:06:61:ec:c9:
         43:64:4d:a1:b9:52:a9:22:37:42:96:7c:d3:49:a4:e8:9a:fc:
         1f:b9:59:79:3a:80:92:54:22:7b:75:7c:f0:58:59:60:81:5c:
         be:7c:2f:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfXaNsKSiogQaquSUx5XiXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjUwNzA0MjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmUyNjcyMjE5OTcyZjk3YjYwZWM4ZDAxNjA5ZThmZTRkOTVjZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7APWPLPIs25tLlUahV1TP99mFnYA
CK4/9qZCa6P7lroJ7uKRaTEyiZa0SJ7CqzwzCf3c3d4Uhdov57tdYF77I+p1tmLL
zZkE6kpeU5wu9rNdS0IdIPeizSPnJixkwq4o+ybkMRiHx0prn2Y7qP0cyc3mmK5I
2tcegb6KD8Ei4FkghhYk7u8e5OyZ6R7oXxlpGmXAhOaC1tsASQjl5rbeSP6S8Cog
RPLyIrvyz3PIlaUpLUlvfSZ8ACln/12q4NMmtHfLREIV8HfukmbRCSvTYzUWz3Kd
og+ZtX3tLdZGsaeEQ8BlasmsGXE3a8ui/GkGLybYA9MXY7+b9SY61C6uEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEviZyIZly+Xtg7I0BYJ6P5Nlc/BMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvUy1KbklobVhMNWUyRHNqUUZnbm9fazJWejhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZAgMA0G
CSqGSIb3DQEBCwUAA4IBAQBbDq34k+P9exKxanK/B7vAbv3kRHpmpN+Ce/4tYg4n
9+GEMjSX5qbP1v1Mb6Bh5CCecIpbjdJBSXx80Eq1syGvQGNktmOR3wbX0gQtAFcj
syNaxPd1B5cb4fBQhVSzhdfiECA9imL808y9dHHfFnU1oQZl4MT/p+3gIgx/mFXF
nnGRlvK2rCXhqeDAOH4/hBA20gs//da8S08Ykm5qhp8TbagmwYvxGvqO7vKLFCDC
nofAfZGkDrCz7u77B+y2HDZ2pxNVNIP6O1c/T0+eOGtEb+bYOQZh7MlDZE2huVKp
IjdClnzTSaTomvwfuVl5OoCSVCJ7dXzwWFlggVy+fC+e
-----END CERTIFICATE-----