Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/JvqBIXiq5TxtaexDe6MiLG7Uzco.roa
File:                     JvqBIXiq5TxtaexDe6MiLG7Uzco.roa (raw, json)
Hash identifier:          huNRUsFo/Oz7iRP5jciR9/safRSwPrF9PgF6uaHgaAU=
Subject key identifier:   26:FA:81:21:78:AA:E5:3C:6D:69:EC:43:7B:A3:22:2C:6E:D4:CD:CA
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC8D0A342D402EFE9A07522ABA8E2
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/JvqBIXiq5TxtaexDe6MiLG7Uzco.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        89.251.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c8:d0:a3:42:d4:02:ef:e9:a0:75:22:ab:a8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26fa812178aae53c6d69ec437ba3222c6ed4cdca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6b:1d:89:f5:d3:6c:73:56:85:1b:c1:36:ad:
                    50:59:d5:24:a1:bd:29:69:4c:57:5c:4d:cd:55:d2:
                    31:e7:ce:b9:0e:ec:8d:e4:0e:e1:9f:e2:7a:c5:6d:
                    e1:64:ce:c3:84:fe:ba:12:1d:0f:ac:48:76:94:25:
                    89:3f:e3:c1:c7:da:23:c9:79:3f:bc:1d:d3:63:56:
                    5d:2e:71:99:b1:78:82:1a:46:5e:70:01:ab:ec:17:
                    0f:b3:c3:13:57:6b:a8:fc:64:52:5f:52:11:ab:f3:
                    d5:cf:72:e1:cb:a9:2d:64:72:4c:f1:69:4e:b3:42:
                    21:a4:cc:bd:d5:82:fc:63:92:d3:b4:6c:40:1f:5f:
                    9a:24:0a:23:7c:fd:68:0e:15:fe:03:fa:52:1c:b3:
                    d3:1a:74:3b:0b:bf:af:90:8b:6c:f1:90:08:ff:54:
                    2f:64:5a:7e:32:01:b1:f3:73:fb:41:be:8a:87:fe:
                    e3:63:11:97:0e:16:b2:c5:f3:94:5e:f0:51:36:a7:
                    7d:76:17:cd:ab:4a:cc:69:6e:32:21:c0:5c:c7:92:
                    b0:5b:ae:70:66:03:48:04:08:c2:36:60:ee:15:37:
                    52:4a:88:e5:ee:d6:99:c9:a1:f7:95:64:8d:0d:a0:
                    95:80:0d:c7:a4:ea:06:0c:69:ea:4f:7d:39:fb:29:
                    1c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:FA:81:21:78:AA:E5:3C:6D:69:EC:43:7B:A3:22:2C:6E:D4:CD:CA
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/JvqBIXiq5TxtaexDe6MiLG7Uzco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:3a:d0:97:b3:00:1c:20:52:28:bf:c5:9d:18:00:74:3c:66:
         f6:d5:d1:90:22:6b:19:ba:c3:bb:84:27:9d:ca:8a:03:77:41:
         0c:4b:b4:55:16:1d:b8:6e:3e:e7:a7:4d:f4:68:66:1d:0f:92:
         3d:c0:b9:72:d7:1d:71:5d:10:d7:94:11:7a:98:bc:9e:60:3d:
         29:1a:75:01:1b:9c:24:5a:e3:9f:6b:8e:aa:cb:f4:83:db:a7:
         19:37:08:6d:f1:b1:97:c3:7d:c7:c5:e3:be:fd:2e:ac:f3:51:
         27:05:1c:68:bf:fd:0b:17:b0:b8:d3:d8:e3:56:4c:d3:23:c9:
         f9:4e:32:09:1c:52:08:94:fe:78:bf:ff:2a:6b:f3:d4:69:82:
         4b:a2:bc:45:6a:cf:43:43:43:f7:4c:7e:cd:aa:fe:40:27:8d:
         88:8a:bc:df:04:bd:29:4f:c1:f0:86:49:7d:7b:8b:6d:bc:84:
         48:10:86:6f:4f:0c:d3:ed:ce:57:4d:8d:ba:6c:a8:66:84:4f:
         4c:56:72:38:90:e9:43:13:cb:07:2a:6a:a2:97:18:68:5c:0d:
         11:62:80:2c:2c:45:1c:10:3f:54:9d:1f:d8:b9:da:86:37:cf:
         3a:4b:9a:eb:4f:89:3d:a0:c6:29:0b:8e:15:5e:7d:1a:48:2e:
         11:d6:96:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8jQo0LUAu/poHUiq6jiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmZhODEyMTc4YWFlNTNjNmQ2OWVjNDM3YmEzMjIyYzZlZDRjZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2sdifXTbHNWhRvBNq1QWdUkob0p
aUxXXE3NVdIx5865DuyN5A7hn+J6xW3hZM7DhP66Eh0PrEh2lCWJP+PBx9ojyXk/
vB3TY1ZdLnGZsXiCGkZecAGr7BcPs8MTV2uo/GRSX1IRq/PVz3Lhy6ktZHJM8WlO
s0IhpMy91YL8Y5LTtGxAH1+aJAojfP1oDhX+A/pSHLPTGnQ7C7+vkIts8ZAI/1Qv
ZFp+MgGx83P7Qb6Kh/7jYxGXDhayxfOUXvBRNqd9dhfNq0rMaW4yIcBcx5KwW65w
ZgNIBAjCNmDuFTdSSojl7taZyaH3lWSNDaCVgA3HpOoGDGnqT305+ykcuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCb6gSF4quU8bWnsQ3ujIixu1M3KMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSnZxQklYaXE1VHh0YWV4RGU2TWlMRzdVemNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsZMA0G
CSqGSIb3DQEBCwUAA4IBAQBqOtCXswAcIFIov8WdGAB0PGb21dGQImsZusO7hCed
yooDd0EMS7RVFh24bj7np030aGYdD5I9wLly1x1xXRDXlBF6mLyeYD0pGnUBG5wk
WuOfa46qy/SD26cZNwht8bGXw33HxeO+/S6s81EnBRxov/0LF7C409jjVkzTI8n5
TjIJHFIIlP54v/8qa/PUaYJLorxFas9DQ0P3TH7Nqv5AJ42IirzfBL0pT8Hwhkl9
e4ttvIRIEIZvTwzT7c5XTY26bKhmhE9MVnI4kOlDE8sHKmqilxhoXA0RYoAsLEUc
ED9UnR/YudqGN886S5rrT4k9oMYpC44VXn0aSC4R1pYi
-----END CERTIFICATE-----