Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JPynZOHFD9eCFLg8Hgy15cX9znA.roa
File:                     JPynZOHFD9eCFLg8Hgy15cX9znA.roa (raw, json)
Hash identifier:          5JLQYisAx7T3MaJ4KQMnMa0XYOU0246nFgiD7GulqmE=
Subject key identifier:   24:FC:A7:64:E1:C5:0F:D7:82:14:B8:3C:1E:0C:B5:E5:C5:FD:CE:70
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCA9B90BCB87A149645E206F1C5857
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JPynZOHFD9eCFLg8Hgy15cX9znA.roa
Signing time:             Thu 02 Jan 2025 07:48:22 +0000
ROA not before:           Thu 02 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30725
IP address blocks:        85.232.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:a9:b9:0b:cb:87:a1:49:64:5e:20:6f:1c:58:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24fca764e1c50fd78214b83c1e0cb5e5c5fdce70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:76:87:ad:60:9f:6e:15:bc:4b:1e:a0:22:0c:
                    81:f7:e9:dc:94:48:14:6a:ba:2f:b3:1d:f2:8d:93:
                    a1:4e:8f:04:26:ee:88:3c:c8:85:a3:65:d3:27:12:
                    54:92:77:6f:69:d5:e6:9d:1b:93:34:5b:85:5f:f7:
                    35:f8:66:e9:cf:d5:a5:d6:04:71:28:19:42:d5:2c:
                    d1:44:8e:de:9c:27:7f:9a:fc:68:83:d0:02:96:92:
                    5d:15:e0:cc:fe:b0:0f:87:88:00:9c:32:ab:b9:97:
                    48:b1:94:11:f7:33:f7:36:98:e1:60:0b:e2:5c:63:
                    e9:8c:04:f0:6d:30:25:fe:04:bf:c8:cd:9f:83:2d:
                    10:67:6a:68:84:21:4f:cd:ee:5f:e1:25:23:2a:6c:
                    ee:a2:04:7b:b7:5b:50:1a:b8:fc:69:69:60:55:b0:
                    8e:87:7e:8e:94:88:90:fb:b1:46:23:d1:e0:de:21:
                    52:ca:a0:97:32:3e:85:39:57:a7:4c:11:bc:7b:25:
                    ee:a5:2a:35:68:7b:4e:89:2d:ac:5d:20:40:6c:38:
                    04:55:61:40:6b:0f:6f:f3:19:41:dc:3f:2c:e9:6c:
                    51:bd:82:72:d5:67:20:3e:99:0e:88:e2:5e:af:5a:
                    87:b7:b4:f7:28:5a:32:dc:97:81:b4:20:1c:aa:cc:
                    24:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FC:A7:64:E1:C5:0F:D7:82:14:B8:3C:1E:0C:B5:E5:C5:FD:CE:70
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JPynZOHFD9eCFLg8Hgy15cX9znA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b4:f5:de:34:f9:18:37:2f:5f:df:7c:31:fa:fa:a4:6b:12:
         99:a5:f0:25:c0:5d:f5:b1:6f:99:11:1e:1f:8c:5f:15:95:8d:
         7b:fa:e5:dd:c9:41:d9:d5:1d:f0:54:f5:99:1b:e1:d8:30:b8:
         3c:d6:c1:39:7d:0e:8f:92:b4:d5:7a:7c:24:d3:46:fc:eb:7f:
         e2:6d:cd:87:c3:93:fd:0b:0a:fe:b9:62:c8:99:e6:87:ba:61:
         23:44:9e:f4:9b:0c:cc:2f:59:e3:9e:76:55:51:73:3d:06:25:
         72:a7:71:84:8d:52:f1:ec:12:b9:05:5b:85:1e:33:9e:fd:04:
         97:a7:fa:4a:ec:68:4e:d2:38:97:5c:25:db:8e:d5:50:72:01:
         5b:71:9d:cf:44:12:22:75:39:9f:9f:9e:93:46:af:34:96:29:
         85:d2:33:ea:1f:bf:82:c7:0d:43:02:2b:94:55:aa:25:31:f4:
         4e:cd:c3:e0:73:36:6f:9a:58:ad:7f:d4:4b:6b:53:7a:ba:a4:
         ef:99:06:93:5c:e2:9c:b1:8f:01:04:3d:1e:30:61:a5:92:ad:
         7d:cb:91:f7:c2:97:5d:be:a6:d0:7e:51:34:76:ed:c4:f1:37:
         2d:f6:b7:d1:6b:95:26:6a:7f:63:64:01:52:40:fb:eb:bb:11:
         4c:60:75:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Km5C8uHoUlkXiBvHFhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZjYTc2NGUxYzUwZmQ3ODIxNGI4M2MxZTBjYjVlNWM1ZmRjZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnaHrWCfbhW8Sx6gIgyB9+nclEgU
arovsx3yjZOhTo8EJu6IPMiFo2XTJxJUkndvadXmnRuTNFuFX/c1+Gbpz9Wl1gRx
KBlC1SzRRI7enCd/mvxog9AClpJdFeDM/rAPh4gAnDKruZdIsZQR9zP3NpjhYAvi
XGPpjATwbTAl/gS/yM2fgy0QZ2pohCFPze5f4SUjKmzuogR7t1tQGrj8aWlgVbCO
h36OlIiQ+7FGI9Hg3iFSyqCXMj6FOVenTBG8eyXupSo1aHtOiS2sXSBAbDgEVWFA
aw9v8xlB3D8s6WxRvYJy1WcgPpkOiOJer1qHt7T3KFoy3JeBtCAcqswkXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCT8p2ThxQ/XghS4PB4MteXF/c5wMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvSlB5blpPSEZEOWVDRkxnOEhneTE1Y1g5em5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVej0MA0G
CSqGSIb3DQEBCwUAA4IBAQBZtPXeNPkYNy9f33wx+vqkaxKZpfAlwF31sW+ZER4f
jF8VlY17+uXdyUHZ1R3wVPWZG+HYMLg81sE5fQ6PkrTVenwk00b863/ibc2Hw5P9
Cwr+uWLImeaHumEjRJ70mwzML1njnnZVUXM9BiVyp3GEjVLx7BK5BVuFHjOe/QSX
p/pK7GhO0jiXXCXbjtVQcgFbcZ3PRBIidTmfn56TRq80limF0jPqH7+Cxw1DAiuU
VaolMfROzcPgczZvmlitf9RLa1N6uqTvmQaTXOKcsY8BBD0eMGGlkq19y5H3wpdd
vqbQflE0du3E8Tct9rfRa5Uman9jZAFSQPvruxFMYHVL
-----END CERTIFICATE-----