Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Jw4m82sA3KWPe8ip_nX3apuUEd8.roa
File:                     Jw4m82sA3KWPe8ip_nX3apuUEd8.roa (raw, json)
Hash identifier:          N8RmuYjV1roPrnGHoDsbWbDHhJ/4UqiW+xW9KEZSt+I=
Subject key identifier:   27:0E:26:F3:6B:00:DC:A5:8F:7B:C8:A9:FE:75:F7:6A:9B:94:11:DF
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       019716994D12800D22CCDF61B9C14517E6CA
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Jw4m82sA3KWPe8ip_nX3apuUEd8.roa
Signing time:             Wed 28 May 2025 11:13:54 +0000
ROA not before:           Wed 28 May 2025 11:13:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43848
IP address blocks:        185.51.220.0/23 maxlen: 24
                          185.51.220.0/24 maxlen: 24
                          185.51.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:99:4d:12:80:0d:22:cc:df:61:b9:c1:45:17:e6:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: May 28 11:13:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=270e26f36b00dca58f7bc8a9fe75f76a9b9411df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:00:e3:a0:b0:f5:0d:10:8f:f5:49:92:e5:ad:
                    5a:0f:d6:dc:8b:0d:ec:ce:90:09:3e:42:44:ea:c5:
                    f5:06:29:5f:50:81:e0:e1:de:ef:ca:b1:1b:1c:2c:
                    4f:3f:38:f4:3a:c5:c0:e6:94:31:8e:6a:0c:a7:ef:
                    15:d0:3b:30:b4:72:14:37:78:ee:8b:d9:80:96:27:
                    a7:d5:e1:00:8f:7d:8a:4d:32:c7:e0:d6:21:2c:29:
                    74:69:af:79:ed:7f:e5:5e:d2:ea:e4:75:1d:8b:c9:
                    84:78:7d:5b:5d:50:6f:eb:c5:71:4a:a2:44:1f:ed:
                    cb:27:94:af:66:1a:20:7e:be:c7:c7:4b:3f:a9:cf:
                    5c:8e:02:54:da:55:66:10:1a:9f:78:54:de:70:e2:
                    77:53:6c:49:39:87:ac:0c:50:ef:50:3a:7b:1a:32:
                    00:50:3e:32:80:77:d4:a5:1d:24:20:b1:79:79:c9:
                    f1:5e:32:14:d2:bc:ed:f0:68:02:db:7f:ea:fc:dc:
                    00:db:7f:51:dd:f2:99:3f:7e:c5:f2:23:78:e4:ce:
                    40:6e:91:6e:d1:ff:cc:a1:30:1a:47:31:fd:08:d8:
                    2e:db:9e:4c:80:40:f1:45:be:a4:75:8c:ff:0c:c2:
                    b8:88:17:82:05:92:c9:0a:43:15:fd:2b:11:e5:5f:
                    d2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:0E:26:F3:6B:00:DC:A5:8F:7B:C8:A9:FE:75:F7:6A:9B:94:11:DF
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Jw4m82sA3KWPe8ip_nX3apuUEd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:7c:30:b5:9c:84:e8:de:85:41:fc:cf:5c:50:30:12:79:13:
         ea:fd:f8:30:33:36:54:0a:05:74:56:44:41:91:5f:ad:d0:29:
         2f:4c:97:ee:7f:1e:55:43:c0:8f:92:e2:13:44:94:3a:8d:9e:
         70:67:e6:a0:65:74:f1:3a:d0:53:30:d9:ca:cf:9e:50:7d:fb:
         88:6e:ac:50:82:3d:0a:27:d9:00:8f:cc:37:c0:85:55:d6:f7:
         71:1d:7f:2b:37:ea:fd:50:d0:72:84:15:dd:a8:f4:24:b0:60:
         12:70:87:97:a8:10:37:5c:e9:a3:c8:59:21:9c:30:72:97:b6:
         bc:29:ef:a2:b0:cb:dc:b1:1f:08:d5:e9:f5:e4:7e:c9:bc:da:
         b4:de:da:09:af:2b:b3:ff:63:55:a8:6d:77:2c:a3:39:50:e3:
         01:01:50:9c:84:71:35:a8:a3:e6:c1:0e:b8:8f:c9:e8:1c:6f:
         83:5d:07:54:4c:3c:a6:b6:87:3a:86:f6:54:94:19:a4:16:15:
         c2:ab:12:54:68:4b:82:d2:10:30:53:16:e6:a9:cf:ff:1f:11:
         3c:53:c2:d5:4c:18:a7:48:dc:80:be:92:51:ab:4f:23:96:4a:
         17:6b:b2:ff:01:77:4a:76:fd:ef:c2:df:16:3f:33:4d:30:f7:
         f4:88:0e:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcWmU0SgA0izN9hucFFF+bKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjUwNTI4MTExMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzBlMjZmMzZiMDBkY2E1OGY3YmM4YTlmZTc1Zjc2YTliOTQxMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwDjoLD1DRCP9UmS5a1aD9bciw3s
zpAJPkJE6sX1BilfUIHg4d7vyrEbHCxPPzj0OsXA5pQxjmoMp+8V0DswtHIUN3ju
i9mAlien1eEAj32KTTLH4NYhLCl0aa957X/lXtLq5HUdi8mEeH1bXVBv68VxSqJE
H+3LJ5SvZhogfr7Hx0s/qc9cjgJU2lVmEBqfeFTecOJ3U2xJOYesDFDvUDp7GjIA
UD4ygHfUpR0kILF5ecnxXjIU0rzt8GgC23/q/NwA239R3fKZP37F8iN45M5AbpFu
0f/MoTAaRzH9CNgu255MgEDxRb6kdYz/DMK4iBeCBZLJCkMV/SsR5V/SjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcOJvNrANylj3vIqf5192qblBHfMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvSnc0bTgyc0EzS1dQZThpcF9uWDNhcHVVRWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAEfDC1nITo3oVB/M9cUDASeRPq/fgwMzZUCgV0VkRB
kV+t0CkvTJfufx5VQ8CPkuITRJQ6jZ5wZ+agZXTxOtBTMNnKz55QffuIbqxQgj0K
J9kAj8w3wIVV1vdxHX8rN+r9UNByhBXdqPQksGAScIeXqBA3XOmjyFkhnDByl7a8
Ke+isMvcsR8I1en15H7JvNq03toJryuz/2NVqG13LKM5UOMBAVCchHE1qKPmwQ64
j8noHG+DXQdUTDymtoc6hvZUlBmkFhXCqxJUaEuC0hAwUxbmqc//HxE8U8LVTBin
SNyAvpJRq08jlkoXa7L/AXdKdv3vwt8WPzNNMPf0iA5h
-----END CERTIFICATE-----