Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/jkdGIndQz1w9lSn5gC2Ktns7PmQ.roa
File:                     jkdGIndQz1w9lSn5gC2Ktns7PmQ.roa (raw, json)
Hash identifier:          VwGNfeMCv18NN23Twwp0pPWxKthypMsuMJxPjN6yLC0=
Subject key identifier:   8E:47:46:22:77:50:CF:5C:3D:95:29:F9:80:2D:8A:B6:7B:3B:3E:64
Certificate issuer:       /CN=dc0e25e17a51696923a5c02966787409aac9aa36
Certificate serial:       019427466D821E6D951A6230B858DB07724B
Authority key identifier: DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/jkdGIndQz1w9lSn5gC2Ktns7PmQ.roa
Signing time:             Thu 02 Jan 2025 13:48:34 +0000
ROA not before:           Thu 02 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42521
IP address blocks:        37.230.201.0/24 maxlen: 24
                          212.86.99.0/24 maxlen: 24
                          2a13:b200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:6d:82:1e:6d:95:1a:62:30:b8:58:db:07:72:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0e25e17a51696923a5c02966787409aac9aa36
        Validity
            Not Before: Jan  2 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e4746227750cf5c3d9529f9802d8ab67b3b3e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:15:38:d5:b5:a8:52:1a:20:56:fa:74:89:5a:
                    0e:c5:00:c2:2d:28:f0:68:92:80:cf:c4:7f:ce:11:
                    66:fd:79:cb:24:89:b4:25:52:7c:6d:f0:67:76:e3:
                    85:79:1f:0d:02:2c:24:54:f5:d1:58:23:b8:bc:9c:
                    5d:11:c1:c6:ae:fb:d1:b5:67:db:f4:04:f8:39:c4:
                    30:3f:df:45:c9:e1:3c:52:15:89:8e:a3:4c:97:ad:
                    95:7a:a1:a6:b1:ae:03:c5:72:d8:c5:79:55:0e:77:
                    66:37:ac:1c:f1:7c:30:0b:24:b6:ca:82:80:f8:cd:
                    4d:aa:e4:0d:77:71:30:e6:69:fa:90:10:c5:7f:a4:
                    9d:09:d9:6c:9d:51:95:c5:90:d2:26:2e:dd:ad:35:
                    65:3a:9d:db:0e:50:0e:95:51:ec:58:84:97:bd:fd:
                    ef:87:c0:7a:87:df:85:af:e8:7d:3f:58:91:1f:30:
                    03:c7:43:cd:2a:62:b9:0d:3d:e7:80:d2:bd:bc:b3:
                    e0:3d:ba:55:d1:da:9f:b3:55:32:bf:a2:d5:a2:3f:
                    dc:46:fa:cb:1a:6f:21:18:71:61:a1:2b:74:29:96:
                    bc:5b:74:7c:b0:65:5f:78:67:f7:45:2f:ca:b5:b1:
                    b4:d0:01:d5:88:78:7a:38:62:3f:15:6f:89:f3:78:
                    d6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:47:46:22:77:50:CF:5C:3D:95:29:F9:80:2D:8A:B6:7B:3B:3E:64
            X509v3 Authority Key Identifier:
                keyid:DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/jkdGIndQz1w9lSn5gC2Ktns7PmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.201.0/24
                  212.86.99.0/24
                IPv6:
                  2a13:b200::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:5f:d8:ee:7f:73:5f:0f:82:54:2b:18:dd:63:c7:b3:65:2a:
         e8:45:54:8e:13:6f:2d:b9:01:a4:20:ef:69:0b:4b:a5:49:ed:
         0b:88:53:92:3d:19:32:ec:98:d5:f8:c0:7d:bd:62:b5:5a:62:
         ff:19:d3:12:5a:71:32:27:6d:64:34:64:6a:74:b0:63:6e:c9:
         24:82:08:e7:ab:88:7d:82:93:2b:4e:2d:46:a5:03:dc:18:d0:
         28:d8:0b:05:85:40:07:bd:b9:c8:c1:86:c1:d0:6b:d1:81:08:
         8f:61:23:a7:6c:e5:98:98:7b:69:ae:b3:ce:eb:33:32:52:8e:
         10:73:70:40:31:8d:ea:90:b2:03:b2:02:d1:a0:ef:c9:9b:46:
         91:1a:2b:7b:07:b4:ba:1d:b0:17:5f:70:f2:dc:65:14:92:08:
         16:b6:c8:44:c5:44:9e:9b:3e:e7:16:88:f0:e3:9a:0e:b4:94:
         2f:3c:98:ad:62:d4:08:a9:b3:fb:f0:29:bb:35:bd:66:28:45:
         ca:66:9d:c1:5c:67:70:29:af:b3:83:18:cd:a6:aa:15:30:b0:
         46:66:74:e6:bc:d5:53:63:8c:2e:e7:ca:15:49:4e:cd:57:b4:
         4b:c7:7f:b9:3c:0b:e8:07:5c:d0:2b:a5:45:18:03:d8:eb:44:
         6d:59:dd:31
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnRm2CHm2VGmIwuFjbB3JLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGUyNWUxN2E1MTY5NjkyM2E1YzAyOTY2Nzg3NDA5YWFj
OWFhMzYwHhcNMjUwMTAyMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ3NDYyMjc3NTBjZjVjM2Q5NTI5Zjk4MDJkOGFiNjdiM2IzZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRU41bWoUhogVvp0iVoOxQDCLSjw
aJKAz8R/zhFm/XnLJIm0JVJ8bfBnduOFeR8NAiwkVPXRWCO4vJxdEcHGrvvRtWfb
9AT4OcQwP99FyeE8UhWJjqNMl62VeqGmsa4DxXLYxXlVDndmN6wc8XwwCyS2yoKA
+M1NquQNd3Ew5mn6kBDFf6SdCdlsnVGVxZDSJi7drTVlOp3bDlAOlVHsWISXvf3v
h8B6h9+Fr+h9P1iRHzADx0PNKmK5DT3ngNK9vLPgPbpV0dqfs1Uyv6LVoj/cRvrL
Gm8hGHFhoSt0KZa8W3R8sGVfeGf3RS/KtbG00AHViHh6OGI/FW+J83jWLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI5HRiJ3UM9cPZUp+YAtirZ7Oz5kMB8GA1UdIwQY
MBaAFNwOJeF6UWlpI6XAKWZ4dAmqyao2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMt
MTgzNWNjOGExZDlkLzEvamtkR0luZFF6MXc5bFNuNWdDMkt0bnM3UG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMtMTgzNWNjOGExZDlk
LzEvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJebJAwQA
1FZjMA0EAgACMAcDBQMqE7IAMA0GCSqGSIb3DQEBCwUAA4IBAQBcX9juf3NfD4JU
KxjdY8ezZSroRVSOE28tuQGkIO9pC0ulSe0LiFOSPRky7JjV+MB9vWK1WmL/GdMS
WnEyJ21kNGRqdLBjbskkggjnq4h9gpMrTi1GpQPcGNAo2AsFhUAHvbnIwYbB0GvR
gQiPYSOnbOWYmHtprrPO6zMyUo4Qc3BAMY3qkLIDsgLRoO/Jm0aRGit7B7S6HbAX
X3Dy3GUUkggWtshExUSemz7nFojw45oOtJQvPJitYtQIqbP78Cm7Nb1mKEXKZp3B
XGdwKa+zgxjNpqoVMLBGZnTmvNVTY4wu58oVSU7NV7RLx3+5PAvoB1zQK6VFGAPY
60RtWd0x
-----END CERTIFICATE-----