Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/JzMC6J-x27UinyjGPkrtJtPKKbM.roa
File:                     JzMC6J-x27UinyjGPkrtJtPKKbM.roa (raw, json)
Hash identifier:          MM6S0DzqbOgEC1Eeh2U4n74HZ5Ntf2dFAQc2wkIxZDw=
Subject key identifier:   27:33:02:E8:9F:B1:DB:B5:22:9F:28:C6:3E:4A:ED:26:D3:CA:29:B3
Certificate issuer:       /CN=864106540f30a9dcdf8ef9be72ffef8bd8a72e5c
Certificate serial:       0196C82946941ACF71D854A466C51EFE971F
Authority key identifier: 86:41:06:54:0F:30:A9:DC:DF:8E:F9:BE:72:FF:EF:8B:D8:A7:2E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/JzMC6J-x27UinyjGPkrtJtPKKbM.roa
Signing time:             Tue 13 May 2025 05:41:10 +0000
ROA not before:           Tue 13 May 2025 05:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42061
IP address blocks:        195.8.212.0/23 maxlen: 23
                          195.60.92.64/26 maxlen: 26
                          2001:67c:1d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:29:46:94:1a:cf:71:d8:54:a4:66:c5:1e:fe:97:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864106540f30a9dcdf8ef9be72ffef8bd8a72e5c
        Validity
            Not Before: May 13 05:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=273302e89fb1dbb5229f28c63e4aed26d3ca29b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bb:a3:58:bb:f2:82:f9:03:34:29:99:35:a6:
                    cf:62:9c:d5:90:82:53:06:a6:bd:49:11:63:f3:60:
                    b3:48:36:6e:40:6f:a3:00:e9:36:c7:62:7c:c3:86:
                    72:5e:1b:08:6d:99:5d:b0:82:39:d4:2b:c6:ed:39:
                    af:c1:fc:44:e2:56:29:ae:fd:43:ce:8b:03:04:9f:
                    d3:82:bd:50:5d:ad:38:7a:a8:5e:8a:92:00:1a:28:
                    8d:9e:eb:26:f4:56:0a:d2:a4:26:82:b2:32:28:59:
                    d2:a8:65:c2:63:bb:61:f5:7e:d4:82:28:6c:d4:39:
                    b1:d6:fa:9f:af:d9:dd:34:31:d7:9f:27:17:3d:ae:
                    7b:8b:24:2b:d3:3f:a9:e9:bc:9e:7f:cd:93:24:1f:
                    05:ba:e5:64:a7:66:2c:39:3c:e9:d8:a8:ed:a1:bc:
                    15:25:b2:58:a5:68:34:85:30:77:6d:f1:22:24:87:
                    31:85:ab:7a:fc:9f:94:2b:45:e9:f7:09:18:5f:3c:
                    25:41:23:f9:12:aa:af:f6:91:5d:37:44:04:a0:94:
                    b9:82:30:87:3e:18:6f:03:87:bf:83:d5:16:1b:d0:
                    b6:d0:f2:6b:06:2c:87:45:74:3b:5e:c8:bb:e7:67:
                    fe:4f:8e:e1:09:57:76:76:e0:e7:c6:ef:0c:61:89:
                    6e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:33:02:E8:9F:B1:DB:B5:22:9F:28:C6:3E:4A:ED:26:D3:CA:29:B3
            X509v3 Authority Key Identifier:
                keyid:86:41:06:54:0F:30:A9:DC:DF:8E:F9:BE:72:FF:EF:8B:D8:A7:2E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/JzMC6J-x27UinyjGPkrtJtPKKbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.212.0/23
                  195.60.92.64/26
                IPv6:
                  2001:67c:1d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:62:b9:12:65:bf:36:c2:81:c4:0c:3c:82:48:22:df:61:a8:
         0e:8e:a5:32:5e:64:d7:8f:b3:1e:1b:ff:9d:ce:19:77:56:01:
         25:e7:9b:c4:25:4b:64:2e:7d:e7:4c:c1:b6:68:1f:21:cf:2f:
         64:93:fd:b3:28:c4:ed:05:81:33:64:70:ea:1f:cc:cc:24:1f:
         0d:ff:ec:a5:84:f0:bd:23:b3:9f:aa:e2:9a:38:a6:97:38:ec:
         d1:52:94:19:6a:b7:23:5c:8a:dd:2b:f9:86:ff:dd:70:86:90:
         7d:8d:f7:fb:15:da:57:53:7c:45:b7:f8:e5:57:8a:9e:50:73:
         ef:52:a6:46:0a:98:89:63:cc:2a:08:d9:20:11:71:68:29:ad:
         84:b7:a2:18:01:ce:69:2b:e1:4b:17:e2:f8:31:bf:70:08:af:
         da:a2:ca:f6:5e:a9:21:1c:54:1b:27:f3:06:34:a3:35:82:36:
         a0:86:6d:fa:b1:cf:46:53:19:4c:31:37:8e:f9:cd:34:10:e0:
         d0:fa:0a:54:d5:ae:12:1b:30:61:bf:ec:24:bd:18:07:e7:1c:
         48:85:64:a3:c2:35:7d:8b:da:c0:ce:9a:d4:73:52:19:80:a7:
         55:95:86:68:80:6e:d0:de:5c:15:07:2a:42:8c:44:2a:0d:40:
         b4:bc:c1:38
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZbIKUaUGs9x2FSkZsUe/pcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NDEwNjU0MGYzMGE5ZGNkZjhlZjliZTcyZmZlZjhiZDhh
NzJlNWMwHhcNMjUwNTEzMDU0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMzMDJlODlmYjFkYmI1MjI5ZjI4YzYzZTRhZWQyNmQzY2EyOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37ujWLvygvkDNCmZNabPYpzVkIJT
Bqa9SRFj82CzSDZuQG+jAOk2x2J8w4ZyXhsIbZldsII51CvG7TmvwfxE4lYprv1D
zosDBJ/Tgr1QXa04eqheipIAGiiNnusm9FYK0qQmgrIyKFnSqGXCY7th9X7Ugihs
1Dmx1vqfr9ndNDHXnycXPa57iyQr0z+p6byef82TJB8FuuVkp2YsOTzp2KjtobwV
JbJYpWg0hTB3bfEiJIcxhat6/J+UK0Xp9wkYXzwlQSP5Eqqv9pFdN0QEoJS5gjCH
PhhvA4e/g9UWG9C20PJrBiyHRXQ7Xsi752f+T47hCVd2duDnxu8MYYluwQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCczAuifsdu1Ip8oxj5K7SbTyimzMB8GA1UdIwQY
MBaAFIZBBlQPMKnc3475vnL/74vYpy5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtFR1ZBOHdxZHpmanZtLWN2X3ZpOWluTGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wYmU3ZjItNjM4ZC00ZjQ1LWI2OTct
M2IzMThlNDcyNzZkLzEvSnpNQzZKLXgyN1VpbnlqR1BrcnRKdFBLS2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wYmU3ZjItNjM4ZC00ZjQ1LWI2OTctM2IzMThlNDcyNzZk
LzEvaGtFR1ZBOHdxZHpmanZtLWN2X3ZpOWluTGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjATBAIAATANAwQBwwjUAwUG
wzxcQDAPBAIAAjAJAwcAIAEGfAHQMA0GCSqGSIb3DQEBCwUAA4IBAQAAYrkSZb82
woHEDDyCSCLfYagOjqUyXmTXj7MeG/+dzhl3VgEl55vEJUtkLn3nTMG2aB8hzy9k
k/2zKMTtBYEzZHDqH8zMJB8N/+ylhPC9I7OfquKaOKaXOOzRUpQZarcjXIrdK/mG
/91whpB9jff7FdpXU3xFt/jlV4qeUHPvUqZGCpiJY8wqCNkgEXFoKa2Et6IYAc5p
K+FLF+L4Mb9wCK/aosr2XqkhHFQbJ/MGNKM1gjaghm36sc9GUxlMMTeO+c00EODQ
+gpU1a4SGzBhv+wkvRgH5xxIhWSjwjV9i9rAzprUc1IZgKdVlYZogG7Q3lwVBypC
jEQqDUC0vME4
-----END CERTIFICATE-----