Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/JM7OVO7G28itLeDA51lSGfdRGbE.roa
File:                     JM7OVO7G28itLeDA51lSGfdRGbE.roa (raw, json)
Hash identifier:          vAOgRXyOKUmMSLJTxuGhMhAqNk+8Kufz7iKs5GUL0Ug=
Subject key identifier:   24:CE:CE:54:EE:C6:DB:C8:AD:2D:E0:C0:E7:59:52:19:F7:51:19:B1
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01974511199819872FBAB87C2CD425721D5C
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/JM7OVO7G28itLeDA51lSGfdRGbE.roa
Signing time:             Fri 06 Jun 2025 11:47:17 +0000
ROA not before:           Fri 06 Jun 2025 11:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43607
IP address blocks:        77.90.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:11:19:98:19:87:2f:ba:b8:7c:2c:d4:25:72:1d:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun  6 11:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24cece54eec6dbc8ad2de0c0e7595219f75119b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e3:7f:68:20:34:3b:d6:fc:40:6f:f9:49:f3:
                    6d:10:92:3f:2a:0e:d0:00:c8:60:6e:7b:e8:29:89:
                    04:9c:cb:6d:40:04:e0:ca:67:d4:63:27:71:54:1c:
                    72:40:bb:4b:1a:27:c5:eb:80:fd:9a:8e:a9:4c:67:
                    44:a3:52:d1:db:3c:7e:77:1b:7b:f7:4a:18:09:2a:
                    5e:7c:9e:2d:17:ed:0b:e6:53:3e:1e:93:97:53:9b:
                    6b:ee:e6:96:14:c3:76:3f:ae:85:d0:45:08:ba:f8:
                    f4:12:e7:1d:7b:39:77:21:71:3f:5e:30:90:cf:de:
                    31:2d:d1:05:ea:11:95:8b:18:15:3b:64:27:c2:5e:
                    51:48:8f:ce:33:4d:5d:2e:4f:e8:e7:50:58:d5:10:
                    36:f9:ff:55:18:4d:6a:cb:90:81:5e:b9:74:11:01:
                    a7:a8:29:0a:b6:47:62:d0:0f:44:44:01:bd:09:91:
                    b4:05:d3:e8:b0:f9:99:21:52:c8:67:7d:97:e1:71:
                    90:1e:78:e9:4d:c3:92:0b:49:ff:60:5f:a9:49:b1:
                    ef:f2:ec:cf:9e:0a:18:4a:cc:2d:60:ee:5d:b9:54:
                    81:c7:ce:2c:ac:91:99:58:6a:9b:61:90:cd:df:ba:
                    88:b4:6a:56:58:a8:75:09:35:cd:47:e6:7d:d1:da:
                    b2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:CE:CE:54:EE:C6:DB:C8:AD:2D:E0:C0:E7:59:52:19:F7:51:19:B1
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/JM7OVO7G28itLeDA51lSGfdRGbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:93:4b:96:69:2e:a3:be:ac:fa:f7:7a:0f:1f:81:84:1d:64:
         a8:de:98:07:b8:41:38:a2:11:1a:88:ce:ef:bf:31:e8:fb:11:
         e3:5a:fe:fc:a8:9b:21:59:6b:84:47:02:1e:dc:ac:d6:8f:3f:
         25:48:30:06:bd:4c:31:93:45:0f:ce:9d:07:58:8f:2e:7e:f1:
         95:56:25:40:bd:5b:ae:57:43:20:e7:79:8b:81:ae:23:61:18:
         82:71:d5:69:e6:b8:d9:dc:12:53:b5:fa:69:05:57:37:40:13:
         9b:4c:b1:f3:de:00:98:8a:b1:00:81:d3:d1:4a:50:5f:91:11:
         a7:cb:5d:db:93:b0:77:05:cf:f0:32:6a:1f:5d:97:93:5c:75:
         37:46:b0:90:cb:c8:85:5b:07:de:ef:0a:23:83:1d:6e:8b:3f:
         36:e2:5a:02:30:5a:91:3e:68:02:33:61:cb:8f:2a:20:c8:10:
         f4:51:07:3a:31:fd:d8:ae:69:56:02:86:c7:88:fa:99:86:c7:
         52:4c:68:6c:18:f5:bf:23:30:b4:4c:d4:bd:41:ba:ee:b0:d0:
         af:11:7b:cb:90:68:6a:b8:85:01:db:e7:5a:6c:8b:f3:f9:3b:
         04:de:b4:90:01:42:a3:af:0b:68:ad:c7:10:fd:dd:50:f5:a1:
         66:81:48:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdFERmYGYcvurh8LNQlch1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjA2MTE0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNlY2U1NGVlYzZkYmM4YWQyZGUwYzBlNzU5NTIxOWY3NTExOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuN/aCA0O9b8QG/5SfNtEJI/Kg7Q
AMhgbnvoKYkEnMttQATgymfUYydxVBxyQLtLGifF64D9mo6pTGdEo1LR2zx+dxt7
90oYCSpefJ4tF+0L5lM+HpOXU5tr7uaWFMN2P66F0EUIuvj0Eucdezl3IXE/XjCQ
z94xLdEF6hGVixgVO2Qnwl5RSI/OM01dLk/o51BY1RA2+f9VGE1qy5CBXrl0EQGn
qCkKtkdi0A9ERAG9CZG0BdPosPmZIVLIZ32X4XGQHnjpTcOSC0n/YF+pSbHv8uzP
ngoYSswtYO5duVSBx84srJGZWGqbYZDN37qItGpWWKh1CTXNR+Z90dqyDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTOzlTuxtvIrS3gwOdZUhn3URmxMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSk03T1ZPN0cyOGl0TGVEQTUxbFNHZmRSR2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoYMA0G
CSqGSIb3DQEBCwUAA4IBAQDfk0uWaS6jvqz693oPH4GEHWSo3pgHuEE4ohEaiM7v
vzHo+xHjWv78qJshWWuERwIe3KzWjz8lSDAGvUwxk0UPzp0HWI8ufvGVViVAvVuu
V0Mg53mLga4jYRiCcdVp5rjZ3BJTtfppBVc3QBObTLHz3gCYirEAgdPRSlBfkRGn
y13bk7B3Bc/wMmofXZeTXHU3RrCQy8iFWwfe7wojgx1uiz824loCMFqRPmgCM2HL
jyogyBD0UQc6Mf3YrmlWAobHiPqZhsdSTGhsGPW/IzC0TNS9QbrusNCvEXvLkGhq
uIUB2+dabIvz+TsE3rSQAUKjrwtorccQ/d1Q9aFmgUiX
-----END CERTIFICATE-----