Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/jbGvVuouVUGuodE3wSjw_6Kl_WQ.roa
File:                     jbGvVuouVUGuodE3wSjw_6Kl_WQ.roa (raw, json)
Hash identifier:          0q3TS/imhDlO4EU7lxVd1fwILuDkXznK6ePE6/PQttU=
Subject key identifier:   8D:B1:AF:56:EA:2E:55:41:AE:A1:D1:37:C1:28:F0:FF:A2:A5:FD:64
Certificate issuer:       /CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
Certificate serial:       019427B62A085295E221957F87CB5B2CB128
Authority key identifier: 13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/jbGvVuouVUGuodE3wSjw_6Kl_WQ.roa
Signing time:             Thu 02 Jan 2025 15:50:37 +0000
ROA not before:           Thu 02 Jan 2025 15:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        195.242.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:2a:08:52:95:e2:21:95:7f:87:cb:5b:2c:b1:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
        Validity
            Not Before: Jan  2 15:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8db1af56ea2e5541aea1d137c128f0ffa2a5fd64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:af:12:e0:dd:72:ac:6c:4b:5c:c3:51:2f:ff:
                    33:7c:52:c7:e3:23:60:c0:f1:bc:4e:e9:d0:14:f5:
                    f6:4f:d6:63:21:02:36:17:cf:88:0f:19:c7:63:f8:
                    63:cd:5b:a7:4c:86:90:ce:00:e0:41:19:cd:ec:05:
                    c5:9f:16:8c:f0:89:f4:ab:1e:03:88:99:fe:30:e8:
                    db:ea:3f:f6:54:90:46:5a:5b:85:63:d6:62:16:2c:
                    26:12:53:b0:93:4a:bb:d9:89:53:d5:d4:cb:78:45:
                    2f:be:9b:9b:67:a7:78:9a:f8:21:12:eb:e4:b7:e0:
                    6d:66:b6:0e:b4:3a:27:70:5e:c9:c1:b0:fc:f4:62:
                    ab:84:9d:59:8b:1b:ad:01:8b:30:f6:78:5e:5c:f0:
                    7b:8a:8a:0a:8d:48:ed:fc:3a:0f:15:3b:d5:61:c4:
                    a2:e6:f3:3d:22:b2:1b:41:5c:e4:c0:f5:19:f3:ba:
                    45:7e:90:6f:c0:d5:69:1f:b4:b6:d2:74:c2:5e:7e:
                    82:03:bf:3f:03:03:8e:f8:7d:4b:92:a9:a6:92:a6:
                    0b:96:3a:cf:67:a4:e6:a0:ef:4b:b4:55:d2:3d:42:
                    5e:cb:4d:85:6e:bc:96:f1:bf:6c:34:63:7e:1a:42:
                    36:eb:4d:81:cf:46:08:dd:ea:d8:c5:4d:01:26:3b:
                    5b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B1:AF:56:EA:2E:55:41:AE:A1:D1:37:C1:28:F0:FF:A2:A5:FD:64
            X509v3 Authority Key Identifier:
                keyid:13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/jbGvVuouVUGuodE3wSjw_6Kl_WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:5a:9b:2f:7c:62:b7:07:66:cc:14:14:24:d4:0e:b2:7f:e8:
         25:42:d9:07:7b:78:ab:30:8b:70:91:b6:7e:76:49:de:ca:19:
         29:03:20:06:91:03:66:c1:d2:8d:09:6e:93:69:57:4a:69:27:
         17:6f:3f:29:a2:7c:29:3b:99:87:3f:41:a4:ff:28:32:d4:b3:
         ac:7d:87:21:b8:9b:b8:7c:0b:4d:ad:13:ae:77:b1:f4:cb:76:
         75:ac:6f:44:ef:2b:ab:db:98:2a:63:ed:d3:48:a6:80:ba:6f:
         d6:5f:dd:a2:4d:eb:5a:61:73:a0:76:8f:31:a6:56:fe:c5:39:
         d1:cb:b8:15:d0:7b:08:40:11:11:6a:90:74:de:0b:46:11:79:
         3e:17:9a:3e:c3:c1:86:8d:4f:df:0a:24:85:74:bb:77:69:78:
         e9:cf:dd:70:2a:a4:d7:56:91:2b:b6:c1:64:76:1b:52:6c:ca:
         17:2c:92:fa:56:84:9f:31:c2:95:7d:6d:d1:0c:30:3d:d7:e7:
         ad:29:37:58:a8:b6:06:bc:99:aa:27:89:40:8a:e8:51:ca:e5:
         4f:97:ea:1b:60:c8:89:83:68:b7:d2:70:38:53:64:2c:ba:44:
         f5:1e:44:6d:51:b2:8e:d8:3c:a7:31:e9:d3:31:52:7c:38:29:
         ce:a6:26:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntioIUpXiIZV/h8tbLLEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjg0OTZiNzlkMWMwNGQwODJhZjgzZjFiZTZhNWVhYjBj
NjYwODkwHhcNMjUwMTAyMTU1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGIxYWY1NmVhMmU1NTQxYWVhMWQxMzdjMTI4ZjBmZmEyYTVmZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta8S4N1yrGxLXMNRL/8zfFLH4yNg
wPG8TunQFPX2T9ZjIQI2F8+IDxnHY/hjzVunTIaQzgDgQRnN7AXFnxaM8In0qx4D
iJn+MOjb6j/2VJBGWluFY9ZiFiwmElOwk0q72YlT1dTLeEUvvpubZ6d4mvghEuvk
t+BtZrYOtDoncF7JwbD89GKrhJ1ZixutAYsw9nheXPB7iooKjUjt/DoPFTvVYcSi
5vM9IrIbQVzkwPUZ87pFfpBvwNVpH7S20nTCXn6CA78/AwOO+H1LkqmmkqYLljrP
Z6TmoO9LtFXSPUJey02FbryW8b9sNGN+GkI2602Bz0YI3erYxU0BJjtbaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2xr1bqLlVBrqHRN8Eo8P+ipf1kMB8GA1UdIwQY
MBaAFBP4SWt50cBNCCr4PxvmpeqwxmCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2Mt
NTRhMjVlMmNkYWE5LzEvamJHdlZ1b3VWVUd1b2RFM3dTandfNktsX1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2MtNTRhMjVlMmNkYWE5
LzEvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/LtMA0G
CSqGSIb3DQEBCwUAA4IBAQBCWpsvfGK3B2bMFBQk1A6yf+glQtkHe3irMItwkbZ+
dkneyhkpAyAGkQNmwdKNCW6TaVdKaScXbz8ponwpO5mHP0Gk/ygy1LOsfYchuJu4
fAtNrROud7H0y3Z1rG9E7yur25gqY+3TSKaAum/WX92iTetaYXOgdo8xplb+xTnR
y7gV0HsIQBERapB03gtGEXk+F5o+w8GGjU/fCiSFdLt3aXjpz91wKqTXVpErtsFk
dhtSbMoXLJL6VoSfMcKVfW3RDDA91+etKTdYqLYGvJmqJ4lAiuhRyuVPl+obYMiJ
g2i30nA4U2QsukT1HkRtUbKO2DynMenTMVJ8OCnOpiY6
-----END CERTIFICATE-----