Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JmvIC92QP-dONhWPJYAFhdvTBno.roa
File:                     JmvIC92QP-dONhWPJYAFhdvTBno.roa (raw, json)
Hash identifier:          PIglhIfqHwcgmVBwYicnLlOwh98RxljyNFNBfHvHp6U=
Subject key identifier:   26:6B:C8:0B:DD:90:3F:E7:4E:36:15:8F:25:80:05:85:DB:D3:06:7A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019427485077466AAB541A07849AF8A6B8FE
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JmvIC92QP-dONhWPJYAFhdvTBno.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269782
IP address blocks:        46.29.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:50:77:46:6a:ab:54:1a:07:84:9a:f8:a6:b8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=266bc80bdd903fe74e36158f25800585dbd3067a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3a:cf:cc:e1:a8:d1:05:b6:06:cc:7b:d4:db:
                    3b:db:cd:8a:1c:50:5e:b2:fc:7f:4c:f5:74:9b:93:
                    b7:66:c9:48:64:49:fe:ca:a8:85:4e:52:ad:55:4b:
                    a8:06:02:f8:a4:1a:18:d0:33:c5:9b:eb:ed:e8:14:
                    47:0e:07:53:30:5a:bb:77:97:17:c0:14:c4:f5:d3:
                    24:20:be:09:4b:16:70:2c:da:c3:82:4f:fb:24:33:
                    e1:b6:fa:aa:dc:7d:6d:72:42:98:e0:82:2f:b0:7e:
                    06:5b:8f:86:a7:33:b9:02:f3:97:dc:31:c8:d5:c8:
                    aa:8d:c0:d1:ad:ef:33:72:f8:63:64:96:a3:3f:df:
                    bd:2d:e4:c3:02:9b:0f:e0:78:76:fd:0b:9f:1b:26:
                    4a:cd:89:61:7a:30:0e:e7:be:89:bd:4c:07:b8:ca:
                    e9:af:b2:4e:9d:e1:15:aa:2d:69:73:e8:40:66:0c:
                    30:d6:43:cc:51:6e:b6:6f:8f:5a:4c:56:d2:bd:c4:
                    79:74:88:7c:79:97:30:60:01:cc:6b:cb:d9:be:b4:
                    6d:b2:6a:6d:e0:8c:d5:4a:72:6a:1e:45:4c:22:d3:
                    76:4d:fc:bb:63:72:1d:f3:db:9f:4d:58:9f:e9:f3:
                    01:41:f3:9d:2c:c3:15:65:bc:db:71:e3:32:76:b1:
                    49:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:6B:C8:0B:DD:90:3F:E7:4E:36:15:8F:25:80:05:85:DB:D3:06:7A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JmvIC92QP-dONhWPJYAFhdvTBno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:3d:f0:50:76:4f:1a:7a:df:25:ad:e0:5b:f0:0d:27:5e:62:
         dc:01:b6:19:4c:eb:89:1e:21:cf:e7:28:7d:31:fa:c3:e8:d6:
         07:d7:6d:44:e0:a9:8c:46:56:d9:38:aa:9e:8f:f9:c5:46:0d:
         bf:d4:3e:db:47:6b:d0:17:2a:34:ad:73:86:44:38:eb:b1:b5:
         6a:e0:8f:53:bb:fd:f8:bd:7b:f1:53:00:2c:e3:ac:96:78:34:
         ef:81:c6:d5:1b:64:cd:07:ad:aa:ce:59:08:91:f9:c2:ce:17:
         89:19:fc:fa:fd:4a:f9:85:63:62:a1:42:75:0f:10:40:1d:54:
         53:12:9d:8b:f6:22:34:42:05:1f:be:c9:47:f0:18:f3:e6:c5:
         45:87:6d:5b:d7:7e:62:1a:05:fc:2a:ff:57:ff:9f:62:69:17:
         f8:b0:d0:dc:d6:94:cf:21:e7:dc:11:f2:43:12:c4:c7:4d:47:
         b6:e2:0b:ee:67:fc:26:da:e3:93:a8:2c:4b:25:38:39:a4:4e:
         e2:a2:0e:e4:87:e3:d3:b3:65:b8:f5:b7:8b:e2:da:47:2a:75:
         1b:92:aa:f9:70:f3:6c:1a:7a:42:81:af:27:ac:1d:47:54:a8:
         8e:b6:08:52:8e:07:8f:b0:27:60:42:6b:99:a8:22:af:b3:d2:
         37:d4:72:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFB3RmqrVBoHhJr4prj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjZiYzgwYmRkOTAzZmU3NGUzNjE1OGYyNTgwMDU4NWRiZDMwNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDrPzOGo0QW2Bsx71Ns7282KHFBe
svx/TPV0m5O3ZslIZEn+yqiFTlKtVUuoBgL4pBoY0DPFm+vt6BRHDgdTMFq7d5cX
wBTE9dMkIL4JSxZwLNrDgk/7JDPhtvqq3H1tckKY4IIvsH4GW4+GpzO5AvOX3DHI
1ciqjcDRre8zcvhjZJajP9+9LeTDApsP4Hh2/QufGyZKzYlhejAO576JvUwHuMrp
r7JOneEVqi1pc+hAZgww1kPMUW62b49aTFbSvcR5dIh8eZcwYAHMa8vZvrRtsmpt
4IzVSnJqHkVMItN2Tfy7Y3Id89ufTVif6fMBQfOdLMMVZbzbceMydrFJNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZryAvdkD/nTjYVjyWABYXb0wZ6MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSm12SUM5MlFQLWRPTmhXUEpZQUZoZHZUQm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0dMA0G
CSqGSIb3DQEBCwUAA4IBAQAHPfBQdk8aet8lreBb8A0nXmLcAbYZTOuJHiHP5yh9
MfrD6NYH121E4KmMRlbZOKqej/nFRg2/1D7bR2vQFyo0rXOGRDjrsbVq4I9Tu/34
vXvxUwAs46yWeDTvgcbVG2TNB62qzlkIkfnCzheJGfz6/Ur5hWNioUJ1DxBAHVRT
Ep2L9iI0QgUfvslH8Bjz5sVFh21b135iGgX8Kv9X/59iaRf4sNDc1pTPIefcEfJD
EsTHTUe24gvuZ/wm2uOTqCxLJTg5pE7iog7kh+PTs2W49beL4tpHKnUbkqr5cPNs
GnpCga8nrB1HVKiOtghSjgePsCdgQmuZqCKvs9I31HLT
-----END CERTIFICATE-----