Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/juhHhfMZKtMv7VJHZvSyHbChAaI.roa
File:                     juhHhfMZKtMv7VJHZvSyHbChAaI.roa (raw, json)
Hash identifier:          TVL933SmsCckOHxjM78yEFmonP+viUg+iondjs0ZENY=
Subject key identifier:   8E:E8:47:85:F3:19:2A:D3:2F:ED:52:47:66:F4:B2:1D:B0:A1:01:A2
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       01956DC71A9DCA3912386F05D3249D106A41
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/juhHhfMZKtMv7VJHZvSyHbChAaI.roa
Signing time:             Thu 06 Mar 2025 23:25:19 +0000
ROA not before:           Thu 06 Mar 2025 23:25:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31229
IP address blocks:        2.57.136.0/22 maxlen: 22
                          195.2.254.0/24 maxlen: 24
                          2a14:4bc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6d:c7:1a:9d:ca:39:12:38:6f:05:d3:24:9d:10:6a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Mar  6 23:25:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ee84785f3192ad32fed524766f4b21db0a101a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a2:51:35:c0:08:cc:f2:9d:68:e5:e0:e5:eb:
                    db:27:72:a3:9c:f3:7a:63:0b:b3:d6:36:b1:5c:5e:
                    4a:28:04:75:50:d2:63:b4:04:8a:6d:8c:f7:41:74:
                    d7:09:23:af:0e:75:71:84:b4:cd:f6:44:3e:95:39:
                    40:1c:b6:f3:5a:a8:01:e8:25:13:76:99:d0:44:7c:
                    5d:79:09:c4:7b:9c:a8:ec:79:ab:b4:17:00:49:15:
                    07:03:70:e3:c0:23:0f:ef:03:97:72:80:de:b6:2a:
                    c8:d5:59:a3:63:19:88:be:84:15:5d:1c:8d:f3:42:
                    18:9e:ff:a9:11:e9:b8:47:46:c8:63:1c:5c:db:3a:
                    e3:b5:89:21:55:7a:51:e4:0c:30:75:32:ea:1b:76:
                    51:15:3f:4e:97:10:97:0f:1f:80:a7:be:48:ea:f1:
                    67:c3:c7:4d:ad:0b:43:36:0d:5a:cc:cb:40:b4:d4:
                    13:39:ce:b2:ad:00:c9:2d:d8:35:d3:42:59:14:33:
                    2a:ee:eb:c2:d5:73:66:03:75:a8:91:ab:2d:45:72:
                    2d:d6:f1:2a:c7:72:f6:07:03:b8:d7:d2:50:80:7b:
                    49:5a:27:a1:3f:09:41:8e:d0:db:05:e7:51:42:d2:
                    1c:1f:99:34:9b:5f:79:9f:9c:e5:44:e3:ba:a3:29:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E8:47:85:F3:19:2A:D3:2F:ED:52:47:66:F4:B2:1D:B0:A1:01:A2
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/juhHhfMZKtMv7VJHZvSyHbChAaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.136.0/22
                  195.2.254.0/24
                IPv6:
                  2a14:4bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:00:e2:3e:4c:eb:c0:7b:83:97:e6:af:cf:d5:0d:31:76:e8:
         02:9c:e0:c1:d8:29:4a:e8:50:4e:7f:b3:5f:7e:c0:41:54:99:
         83:b8:cf:21:8f:1c:ef:a1:78:7c:37:04:7d:75:9d:c3:3c:c7:
         d6:0f:3e:03:31:62:08:12:8f:29:f1:c8:b0:86:53:6b:a5:eb:
         12:87:3b:67:10:af:71:08:da:f6:6b:e1:51:eb:21:61:6b:d6:
         2a:cf:83:c6:c1:bb:26:d0:5d:98:dc:1c:b4:52:cb:ee:34:7b:
         b2:30:0b:69:7a:01:48:11:3c:35:0e:c6:5e:0f:ee:26:cd:0f:
         1f:de:bf:f6:70:0f:a5:fe:12:1e:fb:3f:4f:09:a6:6b:1d:1b:
         2a:ac:ad:eb:03:37:cb:64:cc:92:5f:ab:79:91:cb:18:8a:36:
         bc:91:f0:60:28:7a:cf:4a:fd:a5:79:7e:83:e8:ef:82:32:31:
         96:52:b8:ce:8e:aa:cb:ca:00:9d:6d:84:9f:8d:ed:7e:fb:79:
         53:12:ab:c1:a4:04:0f:3e:0e:99:cc:be:89:3e:82:18:8a:30:
         6d:e1:30:a2:25:3b:e1:76:50:33:67:53:74:f0:c6:4a:e5:a3:
         a7:c1:50:54:e1:12:25:15:a1:86:7f:b9:06:87:e3:6a:9a:84:
         ba:3b:79:f9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZVtxxqdyjkSOG8F0ySdEGpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjUwMzA2MjMyNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWU4NDc4NWYzMTkyYWQzMmZlZDUyNDc2NmY0YjIxZGIwYTEwMWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKJRNcAIzPKdaOXg5evbJ3KjnPN6
Ywuz1jaxXF5KKAR1UNJjtASKbYz3QXTXCSOvDnVxhLTN9kQ+lTlAHLbzWqgB6CUT
dpnQRHxdeQnEe5yo7HmrtBcASRUHA3DjwCMP7wOXcoDetirI1VmjYxmIvoQVXRyN
80IYnv+pEem4R0bIYxxc2zrjtYkhVXpR5AwwdTLqG3ZRFT9OlxCXDx+Ap75I6vFn
w8dNrQtDNg1azMtAtNQTOc6yrQDJLdg100JZFDMq7uvC1XNmA3WokastRXIt1vEq
x3L2BwO419JQgHtJWiehPwlBjtDbBedRQtIcH5k0m195n5zlROO6oykE8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI7oR4XzGSrTL+1SR2b0sh2woQGiMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvanVoSGhmTVpLdE12N1ZKSFp2U3lIYkNoQWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCAjmIAwQA
wwL+MA0EAgACMAcDBQAqFEvAMA0GCSqGSIb3DQEBCwUAA4IBAQB4AOI+TOvAe4OX
5q/P1Q0xdugCnODB2ClK6FBOf7NffsBBVJmDuM8hjxzvoXh8NwR9dZ3DPMfWDz4D
MWIIEo8p8ciwhlNrpesShztnEK9xCNr2a+FR6yFha9Yqz4PGwbsm0F2Y3By0Usvu
NHuyMAtpegFIETw1DsZeD+4mzQ8f3r/2cA+l/hIe+z9PCaZrHRsqrK3rAzfLZMyS
X6t5kcsYija8kfBgKHrPSv2leX6D6O+CMjGWUrjOjqrLygCdbYSfje1++3lTEqvB
pAQPPg6ZzL6JPoIYijBt4TCiJTvhdlAzZ1N08MZK5aOnwVBU4RIlFaGGf7kGh+Nq
moS6O3n5
-----END CERTIFICATE-----