Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/JrMu8Fv-EJ0gYHcDKiU_A3eevzc.roa
File:                     JrMu8Fv-EJ0gYHcDKiU_A3eevzc.roa (raw, json)
Hash identifier:          6s6fSOnj2fawBTt5pakrIRbKDkLV0dgDjLyUP/ka7Zs=
Subject key identifier:   26:B3:2E:F0:5B:FE:10:9D:20:60:77:03:2A:25:3F:03:77:9E:BF:37
Certificate issuer:       /CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
Certificate serial:       01942368D7283DB7E22CC61CE1253A22C74F
Authority key identifier: 1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/JrMu8Fv-EJ0gYHcDKiU_A3eevzc.roa
Signing time:             Wed 01 Jan 2025 19:47:40 +0000
ROA not before:           Wed 01 Jan 2025 19:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        109.232.88.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:d7:28:3d:b7:e2:2c:c6:1c:e1:25:3a:22:c7:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
        Validity
            Not Before: Jan  1 19:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26b32ef05bfe109d206077032a253f03779ebf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b1:0f:95:6b:58:f7:09:ed:ba:7e:1d:a3:73:
                    5d:38:5c:38:5d:e3:a2:d9:ac:c9:b7:13:eb:32:5c:
                    2d:aa:0a:c6:7c:d1:21:12:5a:a2:e8:a7:99:5c:74:
                    f9:91:91:e4:cd:82:75:42:12:dc:9f:9b:ed:3c:84:
                    4c:fb:41:f0:c1:d7:fe:e9:19:50:be:b1:98:91:36:
                    ab:f5:46:bf:9e:f7:b4:bc:c5:0d:00:0f:84:97:50:
                    da:c2:2d:fc:0a:97:0e:76:8b:bc:78:cd:f6:9a:a5:
                    35:88:57:7c:ae:67:04:ae:67:54:f3:39:ed:a5:bd:
                    9a:d6:87:a3:ed:45:76:b8:26:6e:fd:e0:42:ed:96:
                    7e:89:b1:bd:9d:72:20:be:2c:77:cb:05:0a:f3:68:
                    29:54:d7:74:1c:f3:13:48:44:67:98:da:c1:f8:bf:
                    75:3c:3f:72:1c:b3:ce:56:b2:22:4b:a9:b2:4b:0a:
                    59:d7:27:de:01:6a:09:ac:f2:c0:c2:81:f1:98:6e:
                    6e:7b:8b:08:d7:36:b1:eb:71:db:d5:6e:5a:0f:50:
                    8c:38:2c:7d:49:45:70:7c:6c:56:9a:54:ef:91:0f:
                    ce:39:c1:ea:15:ed:93:0f:5e:44:15:24:a7:54:64:
                    58:b5:32:52:30:f7:44:fe:41:19:8a:04:7b:e1:0d:
                    37:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B3:2E:F0:5B:FE:10:9D:20:60:77:03:2A:25:3F:03:77:9E:BF:37
            X509v3 Authority Key Identifier:
                keyid:1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/JrMu8Fv-EJ0gYHcDKiU_A3eevzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         33:64:45:79:89:9c:12:4a:01:22:f3:63:25:1f:44:7c:51:af:
         46:3d:8b:74:69:0c:8e:3c:c2:c5:f6:16:60:41:da:81:66:0f:
         44:b0:f5:95:0e:8b:e7:9e:de:3a:f1:b9:53:24:bf:7e:7c:5b:
         0c:c4:c7:dd:cd:10:6d:2d:c3:d1:7b:c6:1d:44:b8:5f:2d:d0:
         69:7d:e5:d9:67:db:5c:a8:00:ba:b2:77:df:75:9e:ed:0a:0f:
         59:61:2f:6b:cf:c6:41:5d:05:b5:a7:74:e4:ac:92:2b:68:59:
         74:63:9b:b3:d5:1e:eb:79:74:0b:39:44:07:a3:46:f1:83:87:
         05:f1:91:0e:f1:87:35:ad:00:64:6a:b4:fa:b6:b3:f8:05:28:
         55:d8:4a:84:8b:e8:20:82:38:0d:4b:af:ac:7f:3a:11:b4:39:
         d4:56:52:68:56:6f:fc:f2:b1:81:44:f3:91:7c:99:9c:2d:3c:
         4c:78:13:e1:4d:4e:72:78:89:23:9b:a2:4e:ce:7a:9c:df:4f:
         30:17:35:6d:02:bd:86:db:d3:50:9c:22:48:2a:9b:39:01:97:
         d2:9d:8f:62:80:9e:63:9d:3c:a1:9f:ad:21:2f:7c:df:4d:2c:
         56:e2:cb:9e:83:d3:85:07:d3:be:82:18:ce:ee:47:cf:06:eb:
         bf:07:dc:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaNcoPbfiLMYc4SU6IsdPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWEyZjA4M2Y0NzFkZmI5NTA3YjRjOTczY2I1YzNhY2Q0
OTc1OWQwHhcNMjUwMTAxMTk0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmIzMmVmMDViZmUxMDlkMjA2MDc3MDMyYTI1M2YwMzc3OWViZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLEPlWtY9wntun4do3NdOFw4XeOi
2azJtxPrMlwtqgrGfNEhElqi6KeZXHT5kZHkzYJ1QhLcn5vtPIRM+0Hwwdf+6RlQ
vrGYkTar9Ua/nve0vMUNAA+El1Dawi38CpcOdou8eM32mqU1iFd8rmcErmdU8znt
pb2a1oej7UV2uCZu/eBC7ZZ+ibG9nXIgvix3ywUK82gpVNd0HPMTSERnmNrB+L91
PD9yHLPOVrIiS6mySwpZ1yfeAWoJrPLAwoHxmG5ue4sI1zax63Hb1W5aD1CMOCx9
SUVwfGxWmlTvkQ/OOcHqFe2TD15EFSSnVGRYtTJSMPdE/kEZigR74Q03mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCazLvBb/hCdIGB3AyolPwN3nr83MB8GA1UdIwQY
MBaAFB6aLwg/Rx37lQe0yXPLXDrNSXWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYt
MjVkNmU4NjEzZGM0LzEvSnJNdThGdi1FSjBnWUhjREtpVV9BM2VldnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYtMjVkNmU4NjEzZGM0
LzEvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbehYMA0G
CSqGSIb3DQEBCwUAA4IBAQAzZEV5iZwSSgEi82MlH0R8Ua9GPYt0aQyOPMLF9hZg
QdqBZg9EsPWVDovnnt468blTJL9+fFsMxMfdzRBtLcPRe8YdRLhfLdBpfeXZZ9tc
qAC6snffdZ7tCg9ZYS9rz8ZBXQW1p3TkrJIraFl0Y5uz1R7reXQLOUQHo0bxg4cF
8ZEO8Yc1rQBkarT6trP4BShV2EqEi+gggjgNS6+sfzoRtDnUVlJoVm/88rGBRPOR
fJmcLTxMeBPhTU5yeIkjm6JOznqc308wFzVtAr2G29NQnCJIKps5AZfSnY9igJ5j
nTyhn60hL3zfTSxW4sueg9OFB9O+ghjO7kfPBuu/B9wb
-----END CERTIFICATE-----