Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/jGYUYth-JS9LpEgUYHaooWrb7Tc.roa
File:                     jGYUYth-JS9LpEgUYHaooWrb7Tc.roa (raw, json)
Hash identifier:          frlNr3HLKX2GRFBcwYSe2xt1qGCkZ5xJR/twdkhb4cE=
Subject key identifier:   8C:66:14:62:D8:7E:25:2F:4B:A4:48:14:60:76:A8:A1:6A:DB:ED:37
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       01942520A54B9A2C66098067C57F6A9E494A
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/jGYUYth-JS9LpEgUYHaooWrb7Tc.roa
Signing time:             Thu 02 Jan 2025 03:48:03 +0000
ROA not before:           Thu 02 Jan 2025 03:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46235
IP address blocks:        195.245.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:a5:4b:9a:2c:66:09:80:67:c5:7f:6a:9e:49:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Jan  2 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c661462d87e252f4ba448146076a8a16adbed37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:34:d8:e7:be:9a:4c:bc:50:95:a3:e4:2e:b3:
                    4e:51:8e:f4:82:83:78:89:8f:5c:a3:ab:ab:3a:12:
                    c2:c5:5f:e0:dc:d8:45:70:e5:48:27:d4:9f:7e:89:
                    b2:12:79:09:4f:61:92:59:13:e9:b7:a3:c5:e2:f0:
                    1e:f2:9c:52:71:ec:e1:12:6d:69:53:8a:4e:08:67:
                    af:c4:c1:ff:41:3d:56:52:72:ba:39:b9:ab:90:46:
                    95:5b:3b:1d:e1:95:fd:a1:88:0e:f0:9b:6a:c5:39:
                    93:f8:79:e8:f4:3f:e3:17:a1:7f:92:32:ba:03:b3:
                    1e:dd:5d:d9:cd:51:56:a6:34:25:cf:29:7c:76:e0:
                    b3:33:48:0c:88:d5:01:26:79:8f:fb:b2:0c:66:52:
                    f3:c7:70:9d:2b:09:a9:76:e4:e7:61:06:16:4e:77:
                    08:7c:5e:19:2a:55:bb:85:d2:70:21:44:45:d6:ef:
                    0e:bf:29:3e:60:ec:f6:56:26:65:6a:bb:ce:03:b9:
                    dd:c1:ab:af:71:23:4d:fc:f1:be:20:e2:21:8b:fc:
                    36:ef:59:7d:f6:72:68:e3:8b:1f:9d:08:32:85:28:
                    50:96:57:85:80:c9:08:96:5c:35:f2:08:df:5e:31:
                    63:0c:a7:76:23:b3:66:0f:6d:b4:36:3b:26:e4:ef:
                    03:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:66:14:62:D8:7E:25:2F:4B:A4:48:14:60:76:A8:A1:6A:DB:ED:37
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/jGYUYth-JS9LpEgUYHaooWrb7Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:f9:8d:45:52:57:5d:75:54:b9:57:13:2f:8f:26:da:d8:7e:
         00:3a:01:41:16:03:ef:93:29:d9:51:f1:ad:bf:4e:91:a1:fc:
         6e:94:cb:a8:8b:3d:59:b0:09:79:26:18:c6:d7:35:1e:4d:d8:
         25:0f:a0:00:10:8a:81:ae:18:45:7d:31:a4:e3:9f:bb:3f:95:
         b5:af:f3:4f:19:34:dd:eb:7b:7e:07:f4:fd:83:69:ec:0b:21:
         eb:07:bc:54:92:f6:0a:e6:b6:b8:a9:36:1b:0e:59:74:57:0a:
         1a:9c:9b:a5:d2:e6:3e:8e:55:d9:f9:b9:94:0b:7d:c3:a7:f9:
         9a:8e:09:3f:ba:9b:22:c2:28:94:aa:e0:7e:72:1a:ad:10:64:
         86:88:86:92:05:43:bd:cf:ea:36:bb:38:de:c9:15:08:bd:25:
         ec:e9:94:f8:7a:9d:47:00:a4:b1:1d:aa:b9:a9:be:56:65:2a:
         56:af:24:1f:2a:6b:90:4d:f5:f1:61:18:f3:40:95:c5:74:f7:
         d0:8e:92:aa:5e:6e:aa:fc:2c:46:54:f8:0b:b0:36:b7:1b:9e:
         3b:1a:93:79:48:18:e4:b5:ac:c4:1d:57:52:35:fc:9b:5c:a7:
         a8:1c:69:83:6d:b9:47:1d:3c:d5:18:60:a3:bf:2e:36:7f:d8:
         0b:e0:f5:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIKVLmixmCYBnxX9qnklKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjUwMTAyMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzY2MTQ2MmQ4N2UyNTJmNGJhNDQ4MTQ2MDc2YThhMTZhZGJlZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TTY576aTLxQlaPkLrNOUY70goN4
iY9co6urOhLCxV/g3NhFcOVIJ9SffomyEnkJT2GSWRPpt6PF4vAe8pxScezhEm1p
U4pOCGevxMH/QT1WUnK6ObmrkEaVWzsd4ZX9oYgO8JtqxTmT+Hno9D/jF6F/kjK6
A7Me3V3ZzVFWpjQlzyl8duCzM0gMiNUBJnmP+7IMZlLzx3CdKwmpduTnYQYWTncI
fF4ZKlW7hdJwIURF1u8Ovyk+YOz2ViZlarvOA7ndwauvcSNN/PG+IOIhi/w271l9
9nJo44sfnQgyhShQlleFgMkIllw18gjfXjFjDKd2I7NmD220Njsm5O8DvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxmFGLYfiUvS6RIFGB2qKFq2+03MB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvakdZVVl0aC1KUzlMcEVnVVlIYW9vV3JiN1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQAF+Y1FUldddVS5VxMvjyba2H4AOgFBFgPvkynZUfGt
v06RofxulMuoiz1ZsAl5JhjG1zUeTdglD6AAEIqBrhhFfTGk45+7P5W1r/NPGTTd
63t+B/T9g2nsCyHrB7xUkvYK5ra4qTYbDll0VwoanJul0uY+jlXZ+bmUC33Dp/ma
jgk/upsiwiiUquB+chqtEGSGiIaSBUO9z+o2uzjeyRUIvSXs6ZT4ep1HAKSxHaq5
qb5WZSpWryQfKmuQTfXxYRjzQJXFdPfQjpKqXm6q/CxGVPgLsDa3G547GpN5SBjk
tazEHVdSNfybXKeoHGmDbblHHTzVGGCjvy42f9gL4PV6
-----END CERTIFICATE-----