Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/JHvjruZud8UPbDjx1Bd9LjVOBzk.roa
File:                     JHvjruZud8UPbDjx1Bd9LjVOBzk.roa (raw, json)
Hash identifier:          vjoEoMaWJ1MAMYUlr7M3XUcS+6k16egCExbMn9yAMb4=
Subject key identifier:   24:7B:E3:AE:E6:6E:77:C5:0F:6C:38:F1:D4:17:7D:2E:35:4E:07:39
Certificate issuer:       /CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
Certificate serial:       0196D305BB3568931339C218086B83E50493
Authority key identifier: 2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/JHvjruZud8UPbDjx1Bd9LjVOBzk.roa
Signing time:             Thu 15 May 2025 08:18:10 +0000
ROA not before:           Thu 15 May 2025 08:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        185.113.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:05:bb:35:68:93:13:39:c2:18:08:6b:83:e5:04:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
        Validity
            Not Before: May 15 08:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=247be3aee66e77c50f6c38f1d4177d2e354e0739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e8:e4:68:0c:f0:c7:0c:46:96:45:0b:7b:17:
                    d6:4e:ed:e9:a7:00:ab:f0:65:45:74:f8:ef:86:2d:
                    6d:df:93:ac:a5:eb:dc:6b:80:fa:c2:13:9f:d9:fc:
                    4d:b9:e6:2f:b2:b3:44:83:8d:d3:e7:50:39:52:50:
                    ae:2c:32:ea:84:2c:9c:65:1b:32:0c:9a:ab:65:57:
                    c2:83:81:b5:6a:ef:10:0e:de:a3:86:02:c7:b4:56:
                    55:8b:5b:0d:9e:7d:4b:a0:f4:70:1b:ab:fb:2f:1d:
                    3c:3f:c4:b6:8e:de:38:66:66:2f:01:fb:29:33:9a:
                    fa:cb:1e:1f:b2:4e:68:30:c7:6a:e4:2d:30:d3:24:
                    34:20:51:b0:3a:54:f9:70:57:2e:a2:16:51:8a:82:
                    16:07:30:24:44:b7:0e:76:32:28:7e:19:e2:50:77:
                    7f:68:cd:de:b9:a1:6d:5e:1f:5c:24:32:e7:69:55:
                    f0:ce:ca:ee:2f:fd:46:5e:3f:60:aa:10:d4:8a:96:
                    f9:fd:b7:8e:3c:78:ff:d2:98:17:ea:b9:eb:02:13:
                    8e:c4:aa:f4:8b:01:d6:19:64:4a:ed:ec:0b:bb:f1:
                    20:af:9c:47:2e:32:68:92:2b:93:93:93:3f:a6:23:
                    d9:41:22:06:68:11:76:1b:18:db:49:e7:16:e3:2c:
                    60:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7B:E3:AE:E6:6E:77:C5:0F:6C:38:F1:D4:17:7D:2E:35:4E:07:39
            X509v3 Authority Key Identifier:
                keyid:2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/JHvjruZud8UPbDjx1Bd9LjVOBzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a8:23:64:89:87:5f:50:4c:12:86:c6:26:2a:ec:0f:4e:93:
         b6:72:68:e0:8c:a6:18:75:a1:0b:a3:ea:59:54:e7:64:37:d9:
         f6:cf:a7:6c:d2:25:1a:d6:d5:26:fc:cc:11:f8:67:56:f9:28:
         7c:aa:86:26:c8:29:a2:11:37:9c:80:80:1f:d6:5e:19:7e:df:
         1b:99:36:05:dc:6a:57:1d:4c:d1:d2:52:89:7c:6c:c2:ea:3f:
         cb:17:60:80:d7:f1:80:7d:de:d5:59:5b:1e:22:27:e7:08:e2:
         8b:c5:5f:b7:e4:a8:29:ec:ab:91:0c:f5:51:6b:e4:6e:22:28:
         e8:50:d6:74:44:ae:de:ea:4e:d1:53:c7:9e:3d:40:4f:87:b4:
         bc:b7:2e:a9:f9:b4:db:d2:97:91:33:ae:ed:86:30:a7:ec:0d:
         db:05:2d:6e:f8:70:d0:c3:94:ae:66:d1:99:83:69:f8:be:d2:
         22:64:79:d7:99:30:4b:72:c4:21:c7:2d:a9:3f:22:74:59:16:
         6f:5f:00:4c:b6:da:96:eb:6a:6e:30:cb:17:39:01:5f:76:7b:
         ca:aa:8c:f3:d2:b5:4f:d9:79:79:48:d4:a2:75:6b:72:96:78:
         2e:3e:3f:0e:d9:52:9c:65:57:7b:51:07:59:b7:eb:64:93:64:
         91:b9:1d:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbTBbs1aJMTOcIYCGuD5QSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGE5MzMzZjkzY2NhNTQ0ZmRhYmUyZWE3YTY3MzhhNTRh
Zjc1OWUwHhcNMjUwNTE1MDgxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdiZTNhZWU2NmU3N2M1MGY2YzM4ZjFkNDE3N2QyZTM1NGUwNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOjkaAzwxwxGlkULexfWTu3ppwCr
8GVFdPjvhi1t35Ospevca4D6whOf2fxNueYvsrNEg43T51A5UlCuLDLqhCycZRsy
DJqrZVfCg4G1au8QDt6jhgLHtFZVi1sNnn1LoPRwG6v7Lx08P8S2jt44ZmYvAfsp
M5r6yx4fsk5oMMdq5C0w0yQ0IFGwOlT5cFcuohZRioIWBzAkRLcOdjIofhniUHd/
aM3euaFtXh9cJDLnaVXwzsruL/1GXj9gqhDUipb5/beOPHj/0pgX6rnrAhOOxKr0
iwHWGWRK7ewLu/Egr5xHLjJokiuTk5M/piPZQSIGaBF2GxjbSecW4yxg9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCR7467mbnfFD2w48dQXfS41Tgc5MB8GA1UdIwQY
MBaAFC4KkzP5PMpUT9q+Lqemc4pUr3WeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEt
MGEwYWFlYWVlNGYxLzEvSkh2anJ1WnVkOFVQYkRqeDFCZDlMalZPQnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEtMGEwYWFlYWVlNGYx
LzEvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXHdMA0G
CSqGSIb3DQEBCwUAA4IBAQBrqCNkiYdfUEwShsYmKuwPTpO2cmjgjKYYdaELo+pZ
VOdkN9n2z6ds0iUa1tUm/MwR+GdW+Sh8qoYmyCmiETecgIAf1l4Zft8bmTYF3GpX
HUzR0lKJfGzC6j/LF2CA1/GAfd7VWVseIifnCOKLxV+35Kgp7KuRDPVRa+RuIijo
UNZ0RK7e6k7RU8eePUBPh7S8ty6p+bTb0peRM67thjCn7A3bBS1u+HDQw5SuZtGZ
g2n4vtIiZHnXmTBLcsQhxy2pPyJ0WRZvXwBMttqW62puMMsXOQFfdnvKqozz0rVP
2Xl5SNSidWtylnguPj8O2VKcZVd7UQdZt+tkk2SRuR1b
-----END CERTIFICATE-----