Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/JS-Bgecde8r4aUvux6oaDYSziLc.roa
File:                     JS-Bgecde8r4aUvux6oaDYSziLc.roa (raw, json)
Hash identifier:          pbyh/yA7joTeMLtDmSJlrjqlnHwf7lTPPfN0QpETN4E=
Subject key identifier:   25:2F:81:81:E7:1D:7B:CA:F8:69:4B:EE:C7:AA:1A:0D:84:B3:88:B7
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0196F75B40A887585E9AF5166FFE03534176
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/JS-Bgecde8r4aUvux6oaDYSziLc.roa
Signing time:             Thu 22 May 2025 09:37:54 +0000
ROA not before:           Thu 22 May 2025 09:37:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214940
IP address blocks:        176.46.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:5b:40:a8:87:58:5e:9a:f5:16:6f:fe:03:53:41:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: May 22 09:37:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=252f8181e71d7bcaf8694beec7aa1a0d84b388b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6f:2a:5e:c2:ca:7f:80:42:b7:79:11:b7:c0:
                    ae:63:96:25:36:27:83:e1:01:20:16:24:dc:aa:4f:
                    81:8d:c9:ab:63:94:da:05:ea:54:6e:fd:59:d8:1f:
                    86:6f:53:a4:91:cc:bc:70:2f:a1:5b:8d:ab:3a:08:
                    7e:ca:b1:c9:a5:49:2d:23:cb:6b:a9:82:32:02:b9:
                    46:bb:80:db:ef:d9:7a:4c:30:47:a0:69:e3:7d:a1:
                    fa:3d:fc:35:13:7c:26:19:6a:07:95:f4:7c:b0:31:
                    3a:ae:21:35:69:8d:c2:75:28:4d:e3:6e:44:e6:da:
                    3d:ba:26:93:15:5e:59:57:fe:3f:3d:4e:8a:ca:23:
                    32:16:ce:71:30:a2:62:fa:15:4c:c4:f6:0a:65:f0:
                    2e:c5:37:12:02:48:cc:93:56:96:ca:32:cc:71:ba:
                    77:5c:44:82:0b:f0:ca:b9:df:ba:a0:c2:f4:48:4e:
                    bc:27:ee:26:61:35:b4:9d:81:44:79:e2:0c:ce:49:
                    61:84:10:a5:59:46:33:ec:70:a2:7a:22:ac:1c:76:
                    c4:2c:eb:67:32:2c:fa:9e:9c:80:fe:65:ca:68:fc:
                    f5:5b:07:db:64:51:07:49:1d:f6:46:8d:87:82:9c:
                    da:a5:c6:3b:62:15:76:fa:54:fb:be:8a:1a:8e:c5:
                    fa:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2F:81:81:E7:1D:7B:CA:F8:69:4B:EE:C7:AA:1A:0D:84:B3:88:B7
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/JS-Bgecde8r4aUvux6oaDYSziLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:2c:12:29:e9:e3:53:07:62:b9:60:04:d7:7c:ce:1b:7d:40:
         c6:c1:2f:b3:72:7f:56:f8:ba:f9:6b:73:79:56:56:1b:41:69:
         68:42:6a:12:09:c4:48:8e:6a:3c:45:50:95:1d:f8:66:4b:64:
         e8:ee:47:25:4a:12:bc:b0:c3:a8:87:20:c8:77:49:65:db:cd:
         5f:a4:50:5e:da:01:bc:3b:64:65:f9:2c:f2:01:e5:e7:79:8f:
         56:eb:25:d6:84:60:f3:31:ec:c1:8e:8a:cc:90:ef:c8:10:48:
         72:55:b8:8d:48:56:d6:0f:21:ec:96:bf:c5:ca:76:04:37:85:
         e5:a7:4f:97:9d:26:23:a9:a4:dd:b9:38:f9:4f:77:96:8a:23:
         6b:15:a0:2f:2c:12:a8:1c:c9:1d:6f:04:0a:ef:e4:a2:9b:ab:
         86:a6:be:aa:a3:9d:d9:f2:fe:46:55:3a:d0:91:20:ef:87:b9:
         c0:fe:c2:44:61:8d:00:db:28:df:c5:2f:a1:b7:7f:6f:be:95:
         d6:59:43:be:30:ad:28:94:24:7c:d4:4f:76:90:2d:2b:63:0d:
         fc:f3:d6:65:83:8b:85:41:fc:cd:82:5e:5a:7e:70:a4:ad:51:
         9b:6e:0b:47:41:d1:ef:32:f6:28:e5:cc:50:05:ff:8e:7d:5f:
         19:4b:af:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3W0Coh1hemvUWb/4DU0F2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNTIyMDkzNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJmODE4MWU3MWQ3YmNhZjg2OTRiZWVjN2FhMWEwZDg0YjM4OGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG8qXsLKf4BCt3kRt8CuY5YlNieD
4QEgFiTcqk+BjcmrY5TaBepUbv1Z2B+Gb1Okkcy8cC+hW42rOgh+yrHJpUktI8tr
qYIyArlGu4Db79l6TDBHoGnjfaH6Pfw1E3wmGWoHlfR8sDE6riE1aY3CdShN425E
5to9uiaTFV5ZV/4/PU6KyiMyFs5xMKJi+hVMxPYKZfAuxTcSAkjMk1aWyjLMcbp3
XESCC/DKud+6oML0SE68J+4mYTW0nYFEeeIMzklhhBClWUYz7HCieiKsHHbELOtn
Miz6npyA/mXKaPz1WwfbZFEHSR32Ro2HgpzapcY7YhV2+lT7vooajsX6IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUvgYHnHXvK+GlL7seqGg2Es4i3MB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvSlMtQmdlY2RlOHI0YVV2dXg2b2FEWVN6aUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6eMA0G
CSqGSIb3DQEBCwUAA4IBAQCNLBIp6eNTB2K5YATXfM4bfUDGwS+zcn9W+Lr5a3N5
VlYbQWloQmoSCcRIjmo8RVCVHfhmS2To7kclShK8sMOohyDId0ll281fpFBe2gG8
O2Rl+SzyAeXneY9W6yXWhGDzMezBjorMkO/IEEhyVbiNSFbWDyHslr/FynYEN4Xl
p0+XnSYjqaTduTj5T3eWiiNrFaAvLBKoHMkdbwQK7+Sim6uGpr6qo53Z8v5GVTrQ
kSDvh7nA/sJEYY0A2yjfxS+ht39vvpXWWUO+MK0olCR81E92kC0rYw3889Zlg4uF
QfzNgl5afnCkrVGbbgtHQdHvMvYo5cxQBf+OfV8ZS68t
-----END CERTIFICATE-----