Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/JzLK_RuW2YrAUdpuSrVy9ah6ExI.roa
File:                     JzLK_RuW2YrAUdpuSrVy9ah6ExI.roa (raw, json)
Hash identifier:          nTndM4XcS9E+e59L3cu27IGmN7O5M6Mq4tjFNX+ECFM=
Subject key identifier:   27:32:CA:FD:1B:96:D9:8A:C0:51:DA:6E:4A:B5:72:F5:A8:7A:13:12
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01972BEBACED8F09547CB89175EA9E786A50
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/JzLK_RuW2YrAUdpuSrVy9ah6ExI.roa
Signing time:             Sun 01 Jun 2025 14:35:54 +0000
ROA not before:           Sun 01 Jun 2025 14:35:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140627
IP address blocks:        87.229.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2b:eb:ac:ed:8f:09:54:7c:b8:91:75:ea:9e:78:6a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  1 14:35:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2732cafd1b96d98ac051da6e4ab572f5a87a1312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:73:dd:77:37:f3:e8:3c:14:1f:88:f5:28:02:
                    ce:60:35:a6:db:ee:6f:23:53:15:c8:96:7b:34:4e:
                    e8:56:22:12:1d:bc:10:20:98:61:58:91:71:ef:c5:
                    1f:64:54:a9:17:da:ec:9e:7e:de:95:76:21:62:f7:
                    fe:f8:56:4b:c3:db:2f:e3:e9:f6:17:54:94:1d:34:
                    29:f4:25:c2:b0:95:0c:58:d3:91:b3:17:28:2f:a4:
                    a7:f1:f3:97:fb:13:d0:9b:9a:b3:06:9e:aa:0d:60:
                    9d:f7:e3:89:b1:e7:01:41:00:2f:94:14:a1:a9:ab:
                    87:3c:54:30:1a:3a:da:66:51:42:21:ce:06:94:02:
                    de:5d:5a:8b:c9:ed:f0:d0:f5:da:74:8a:0c:03:46:
                    f7:85:51:bf:06:8d:f0:5d:38:18:bb:48:55:6d:d5:
                    b5:fa:c3:fc:b4:ee:a8:32:5e:88:f1:d0:60:d4:65:
                    53:72:f0:e4:a4:88:6d:e8:8d:ec:b7:6d:2d:73:e5:
                    c5:21:73:8a:ec:46:ee:5d:26:23:7e:26:6b:5c:01:
                    de:59:f4:56:cb:a0:96:50:cb:fe:04:8f:90:6f:fa:
                    99:36:0b:5a:c9:31:54:84:50:10:84:45:4c:72:85:
                    6c:cd:13:52:a9:b6:97:4f:52:45:08:cf:dc:3c:77:
                    8a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:32:CA:FD:1B:96:D9:8A:C0:51:DA:6E:4A:B5:72:F5:A8:7A:13:12
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/JzLK_RuW2YrAUdpuSrVy9ah6ExI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:96:04:f1:3a:27:ce:90:9f:aa:07:bf:cb:1b:b9:ac:70:6c:
         e6:35:78:f1:7e:8a:9c:2b:12:6a:60:3e:0b:2f:4f:ff:78:ea:
         49:a4:d3:f0:57:b1:fa:88:10:72:90:04:bc:ba:e9:96:60:ee:
         ba:69:1f:bb:16:25:65:a9:94:f2:bf:d1:57:10:a2:73:bb:11:
         4c:c0:2f:32:20:88:86:45:f8:72:ac:9b:f1:24:6c:43:d3:39:
         e5:e4:d6:6e:55:82:f8:16:03:87:e2:a4:6b:a1:fc:dd:d8:e4:
         30:62:e7:d6:21:6c:95:d9:bb:54:2f:51:9c:b7:fd:bd:5c:2d:
         cd:ed:6f:f6:22:f0:1b:84:4a:0f:22:ae:c1:6f:5a:d4:52:8a:
         ec:47:83:40:e0:df:d4:7c:d5:71:b6:fe:bf:48:cd:03:7f:54:
         aa:17:23:fa:c2:9a:0b:47:a6:4f:ae:f0:f2:e6:6a:90:96:02:
         d7:15:db:7a:8f:db:59:47:8a:cd:a3:db:7a:c7:8a:e6:75:5b:
         02:59:3d:c7:1b:28:f2:8a:5d:0b:45:19:05:bc:9d:ea:e4:b0:
         9e:f2:22:29:7f:3f:84:fa:72:80:99:ab:97:c9:8b:83:53:cd:
         cd:96:a6:49:ea:00:d7:3d:a6:83:42:95:fb:8a:98:ca:03:0f:
         65:46:ad:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcr66ztjwlUfLiRdeqeeGpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNjAxMTQzNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMyY2FmZDFiOTZkOThhYzA1MWRhNmU0YWI1NzJmNWE4N2ExMzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHPddzfz6DwUH4j1KALOYDWm2+5v
I1MVyJZ7NE7oViISHbwQIJhhWJFx78UfZFSpF9rsnn7elXYhYvf++FZLw9sv4+n2
F1SUHTQp9CXCsJUMWNORsxcoL6Sn8fOX+xPQm5qzBp6qDWCd9+OJsecBQQAvlBSh
qauHPFQwGjraZlFCIc4GlALeXVqLye3w0PXadIoMA0b3hVG/Bo3wXTgYu0hVbdW1
+sP8tO6oMl6I8dBg1GVTcvDkpIht6I3st20tc+XFIXOK7EbuXSYjfiZrXAHeWfRW
y6CWUMv+BI+Qb/qZNgtayTFUhFAQhEVMcoVszRNSqbaXT1JFCM/cPHeK6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcyyv0bltmKwFHabkq1cvWoehMSMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvSnpMS19SdVcyWXJBVWRwdVNyVnk5YWg2RXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VuMA0G
CSqGSIb3DQEBCwUAA4IBAQASlgTxOifOkJ+qB7/LG7mscGzmNXjxfoqcKxJqYD4L
L0//eOpJpNPwV7H6iBBykAS8uumWYO66aR+7FiVlqZTyv9FXEKJzuxFMwC8yIIiG
RfhyrJvxJGxD0znl5NZuVYL4FgOH4qRrofzd2OQwYufWIWyV2btUL1Gct/29XC3N
7W/2IvAbhEoPIq7Bb1rUUorsR4NA4N/UfNVxtv6/SM0Df1SqFyP6wpoLR6ZPrvDy
5mqQlgLXFdt6j9tZR4rNo9t6x4rmdVsCWT3HGyjyil0LRRkFvJ3q5LCe8iIpfz+E
+nKAmauXyYuDU83NlqZJ6gDXPaaDQpX7ipjKAw9lRq0a
-----END CERTIFICATE-----