Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/J-BM_Ca54Ppe1TH_JAPmfmThPF8.roa
File:                     J-BM_Ca54Ppe1TH_JAPmfmThPF8.roa (raw, json)
Hash identifier:          2hiZg6+oGhdSn69vdZDUaG+7SsG9WkxCcOP68C1coYw=
Subject key identifier:   27:E0:4C:FC:26:B9:E0:FA:5E:D5:31:FF:24:03:E6:7E:64:E1:3C:5F
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C77DB43BDED9F961619569793E40A
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/J-BM_Ca54Ppe1TH_JAPmfmThPF8.roa
Signing time:             Mon 11 Aug 2025 08:43:24 +0000
ROA not before:           Mon 11 Aug 2025 08:43:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42014
IP address blocks:        213.174.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:77:db:43:bd:ed:9f:96:16:19:56:97:93:e4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27e04cfc26b9e0fa5ed531ff2403e67e64e13c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:75:28:ae:25:fa:09:c5:f0:a3:84:b0:f6:24:
                    4a:7a:ee:f7:c2:75:10:3f:3e:a4:70:8a:1a:d2:19:
                    39:a7:61:bf:0e:53:67:97:8c:47:a8:e1:69:14:e7:
                    dd:d3:78:9d:8e:0e:9a:08:eb:06:21:66:03:7a:ae:
                    dd:80:76:28:06:20:b5:12:8a:dc:5d:77:ab:80:5a:
                    27:e2:49:fc:fb:01:15:2e:01:bb:26:db:52:02:bd:
                    63:eb:d2:73:75:2b:90:92:5c:89:16:98:9b:bd:f2:
                    47:ff:24:54:21:3d:2c:47:2d:6e:72:75:40:0f:25:
                    fe:a4:80:73:10:7b:46:62:18:68:20:86:9b:dd:ff:
                    5c:9c:c4:91:de:46:4d:b9:e7:b2:f8:58:0e:27:99:
                    55:cd:61:52:d7:90:af:9a:95:df:59:69:cd:4a:f6:
                    f3:49:c5:82:3d:63:2a:70:d8:07:6a:77:28:35:a2:
                    22:18:05:07:11:85:fb:26:3e:ea:c1:2e:65:a7:9f:
                    c6:19:84:80:c3:2a:80:bf:1c:57:a8:29:58:b6:c8:
                    55:fb:12:aa:85:5d:d3:bc:15:bb:bb:eb:c3:7a:75:
                    50:b5:81:fe:f5:cd:a7:40:20:71:3a:9e:ff:9d:d6:
                    3a:de:14:b1:22:72:b5:ea:3a:49:51:6e:45:f2:0c:
                    71:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E0:4C:FC:26:B9:E0:FA:5E:D5:31:FF:24:03:E6:7E:64:E1:3C:5F
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/J-BM_Ca54Ppe1TH_JAPmfmThPF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.174.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:18:ff:4d:8d:0d:55:d0:73:bc:a6:0c:4f:74:bc:9f:73:ed:
         8b:3b:c9:bf:00:3f:7d:9e:73:94:e9:f8:38:c0:e3:25:5a:2f:
         0b:91:8e:8f:89:81:5d:96:3e:74:6a:64:13:fb:2f:a8:95:15:
         5b:d5:3a:a0:e6:54:a4:82:98:68:83:6f:4c:0a:8f:1e:68:31:
         14:8a:56:1b:cd:5d:f2:50:1a:94:10:12:ec:c0:86:7e:3d:4c:
         db:8c:c3:45:e4:04:d4:4f:20:be:da:9f:c0:28:5a:f7:3e:17:
         b8:a0:06:93:04:a1:da:a4:9f:2c:53:a2:13:f3:4e:98:d3:24:
         97:07:e3:de:58:ee:ce:dc:a4:36:3e:80:82:1b:46:8e:4f:f8:
         a4:a6:2f:01:5b:63:59:3b:97:59:7d:16:aa:32:88:a2:60:29:
         30:ad:a2:a6:53:ec:40:80:bf:e4:2c:1b:67:25:1e:8f:6a:97:
         d0:55:dc:09:05:92:93:ee:8b:0e:8d:94:3a:b4:ef:09:f4:3f:
         a8:00:af:a4:f4:3a:0d:f8:a2:97:2f:65:a3:ca:09:1d:b2:09:
         06:1e:e2:5b:da:16:bd:bc:f8:34:e2:63:8e:30:eb:7e:4c:67:
         51:0a:c6:09:cc:cb:60:c5:80:84:f1:b8:31:b1:7c:a3:de:f1:
         8c:d2:25:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHfbQ73tn5YWGVaXk+QKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2UwNGNmYzI2YjllMGZhNWVkNTMxZmYyNDAzZTY3ZTY0ZTEzYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3UoriX6CcXwo4Sw9iRKeu73wnUQ
Pz6kcIoa0hk5p2G/DlNnl4xHqOFpFOfd03idjg6aCOsGIWYDeq7dgHYoBiC1Eorc
XXergFon4kn8+wEVLgG7JttSAr1j69JzdSuQklyJFpibvfJH/yRUIT0sRy1ucnVA
DyX+pIBzEHtGYhhoIIab3f9cnMSR3kZNueey+FgOJ5lVzWFS15CvmpXfWWnNSvbz
ScWCPWMqcNgHancoNaIiGAUHEYX7Jj7qwS5lp5/GGYSAwyqAvxxXqClYtshV+xKq
hV3TvBW7u+vDenVQtYH+9c2nQCBxOp7/ndY63hSxInK16jpJUW5F8gxxBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfgTPwmueD6XtUx/yQD5n5k4TxfMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvSi1CTV9DYTU0UHBlMVRIX0pBUG1mbVRoUEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a4VMA0G
CSqGSIb3DQEBCwUAA4IBAQAKGP9NjQ1V0HO8pgxPdLyfc+2LO8m/AD99nnOU6fg4
wOMlWi8LkY6PiYFdlj50amQT+y+olRVb1Tqg5lSkgphog29MCo8eaDEUilYbzV3y
UBqUEBLswIZ+PUzbjMNF5ATUTyC+2p/AKFr3Phe4oAaTBKHapJ8sU6IT806Y0ySX
B+PeWO7O3KQ2PoCCG0aOT/ikpi8BW2NZO5dZfRaqMoiiYCkwraKmU+xAgL/kLBtn
JR6PapfQVdwJBZKT7osOjZQ6tO8J9D+oAK+k9DoN+KKXL2WjygkdsgkGHuJb2ha9
vPg04mOOMOt+TGdRCsYJzMtgxYCE8bgxsXyj3vGM0iWy
-----END CERTIFICATE-----