Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/JwPrp9zPI8mSIbB_O0eMHGoYapY.roa
File:                     JwPrp9zPI8mSIbB_O0eMHGoYapY.roa (raw, json)
Hash identifier:          IwCg2TuOsRRHQCPAN/Mgxb8cdQtIJjR9uHKISiCsG7Q=
Subject key identifier:   27:03:EB:A7:DC:CF:23:C9:92:21:B0:7F:3B:47:8C:1C:6A:18:6A:96
Certificate issuer:       /CN=665c39bfbc52e9693a4ddf2d56e1ca99f4537e45
Certificate serial:       019424B3A4EEE6CBD89EC796D4D09FA32587
Authority key identifier: 66:5C:39:BF:BC:52:E9:69:3A:4D:DF:2D:56:E1:CA:99:F4:53:7E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/JwPrp9zPI8mSIbB_O0eMHGoYapY.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211651
IP address blocks:        185.251.69.0/24 maxlen: 24
                          2a13:1700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a4:ee:e6:cb:d8:9e:c7:96:d4:d0:9f:a3:25:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665c39bfbc52e9693a4ddf2d56e1ca99f4537e45
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2703eba7dccf23c99221b07f3b478c1c6a186a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:1b:f0:1c:5a:a1:8a:5c:7f:5e:48:b1:69:
                    39:f3:d0:80:2f:02:e1:64:9a:21:20:7e:31:ed:d8:
                    5f:97:7b:37:dd:48:b8:a8:ab:13:c9:79:7f:b2:1e:
                    6f:3e:86:3f:7e:32:56:cf:ce:24:c4:6e:59:24:8e:
                    a3:c7:d7:1b:5a:c8:33:6c:82:f6:df:14:cc:1b:3f:
                    f8:51:ce:73:39:8f:51:7c:6f:31:af:17:f3:72:45:
                    54:2d:7d:75:67:63:00:50:d3:4a:1d:9e:d2:35:e4:
                    70:c1:cd:52:d2:e7:89:95:82:34:a6:9c:59:e8:b3:
                    c4:79:b4:19:69:5c:2e:74:2e:b3:d7:b2:4f:c3:3f:
                    04:b9:34:f6:98:cf:ba:01:a1:a5:65:25:b3:05:c7:
                    84:e2:e5:73:cf:4f:45:57:e5:8a:82:c5:b6:27:39:
                    39:54:dc:25:f8:e8:d4:22:56:92:3c:6e:ef:04:b3:
                    38:bf:f2:12:71:41:b6:6c:9b:59:a3:51:ea:da:d1:
                    ce:3e:56:b8:ee:02:99:34:64:63:ef:79:40:67:fc:
                    d5:88:cc:cd:c4:f2:f2:2e:56:c3:0a:22:c6:c2:0f:
                    5f:b7:01:e7:c7:d4:2a:38:af:50:26:dd:86:26:76:
                    3c:e9:ba:99:83:d3:d8:b2:1e:67:05:c0:d8:8b:a9:
                    f5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:03:EB:A7:DC:CF:23:C9:92:21:B0:7F:3B:47:8C:1C:6A:18:6A:96
            X509v3 Authority Key Identifier:
                keyid:66:5C:39:BF:BC:52:E9:69:3A:4D:DF:2D:56:E1:CA:99:F4:53:7E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/JwPrp9zPI8mSIbB_O0eMHGoYapY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/0bea33-bb40-4bd1-9724-f64c70f4d445/1/Zlw5v7xS6Wk6Td8tVuHKmfRTfkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.69.0/24
                IPv6:
                  2a13:1700::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:86:7f:42:fc:2e:17:dd:e2:fd:59:5e:98:78:6d:48:33:c6:
         af:61:b6:7c:9f:0a:97:f0:c5:0f:35:f8:55:75:1a:ab:4c:03:
         4a:b7:9e:3e:c8:23:cd:f4:d6:82:06:f1:f7:b3:e6:a7:87:ca:
         ed:bf:a7:af:4a:f9:60:f2:b3:36:ed:26:2d:4c:fe:cd:80:06:
         93:3c:61:01:0b:f5:26:00:ef:bc:5b:a6:f7:c0:ff:5b:60:2a:
         79:fe:9a:9a:ec:ed:69:9d:9b:ef:b5:61:38:d6:6f:c3:90:99:
         7a:4b:0f:59:2a:91:a8:52:ca:e3:ce:9a:f1:b0:fd:6a:5f:c8:
         41:59:cf:51:25:78:a5:47:8d:06:f2:b3:2f:64:3d:c8:1f:46:
         66:54:c1:3e:0b:e8:d8:23:64:7d:21:f1:bd:5d:bf:8c:5e:32:
         b3:31:41:f7:f3:4d:30:7b:61:03:af:fd:89:db:78:0f:10:24:
         72:c1:09:35:63:b0:43:33:1f:f6:11:a7:18:be:1e:cc:3d:04:
         b4:b6:49:c9:a6:ea:30:71:f7:0e:9a:0c:a8:c3:c5:fd:00:48:
         18:e0:5d:9d:99:c9:f0:e9:c3:c2:ed:2e:b9:8f:02:b8:3e:01:
         6b:fe:fc:b1:8b:0e:a1:48:41:b4:94:4d:e6:aa:74:ae:6f:9d:
         fd:6f:59:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks6Tu5svYnseW1NCfoyWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWMzOWJmYmM1MmU5NjkzYTRkZGYyZDU2ZTFjYTk5ZjQ1
MzdlNDUwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzAzZWJhN2RjY2YyM2M5OTIyMWIwN2YzYjQ3OGMxYzZhMTg2YTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9kb8BxaoYpcf15IsWk589CALwLh
ZJohIH4x7dhfl3s33Ui4qKsTyXl/sh5vPoY/fjJWz84kxG5ZJI6jx9cbWsgzbIL2
3xTMGz/4Uc5zOY9RfG8xrxfzckVULX11Z2MAUNNKHZ7SNeRwwc1S0ueJlYI0ppxZ
6LPEebQZaVwudC6z17JPwz8EuTT2mM+6AaGlZSWzBceE4uVzz09FV+WKgsW2Jzk5
VNwl+OjUIlaSPG7vBLM4v/IScUG2bJtZo1Hq2tHOPla47gKZNGRj73lAZ/zViMzN
xPLyLlbDCiLGwg9ftwHnx9QqOK9QJt2GJnY86bqZg9PYsh5nBcDYi6n1+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCcD66fczyPJkiGwfztHjBxqGGqWMB8GA1UdIwQY
MBaAFGZcOb+8UulpOk3fLVbhypn0U35FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmx3NXY3eFM2V2s2VGQ4dFZ1SEttZlJUZmtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8wYmVhMzMtYmI0MC00YmQxLTk3MjQt
ZjY0YzcwZjRkNDQ1LzEvSndQcnA5elBJOG1TSWJCX08wZU1IR29ZYXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8wYmVhMzMtYmI0MC00YmQxLTk3MjQtZjY0YzcwZjRkNDQ1
LzEvWmx3NXY3eFM2V2s2VGQ4dFZ1SEttZlJUZmtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuftFMA0E
AgACMAcDBQMqExcAMA0GCSqGSIb3DQEBCwUAA4IBAQAWhn9C/C4X3eL9WV6YeG1I
M8avYbZ8nwqX8MUPNfhVdRqrTANKt54+yCPN9NaCBvH3s+anh8rtv6evSvlg8rM2
7SYtTP7NgAaTPGEBC/UmAO+8W6b3wP9bYCp5/pqa7O1pnZvvtWE41m/DkJl6Sw9Z
KpGoUsrjzprxsP1qX8hBWc9RJXilR40G8rMvZD3IH0ZmVME+C+jYI2R9IfG9Xb+M
XjKzMUH3800we2EDr/2J23gPECRywQk1Y7BDMx/2EacYvh7MPQS0tknJpuowcfcO
mgyow8X9AEgY4F2dmcnw6cPC7S65jwK4PgFr/vyxiw6hSEG0lE3mqnSub539b1l4
-----END CERTIFICATE-----