Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/J-eKojxMi6UoXnAnWpcgCgfxWzI.roa
File:                     J-eKojxMi6UoXnAnWpcgCgfxWzI.roa (raw, json)
Hash identifier:          3mfOivDPBdA5JQvXcz+RrhjkTiZkiP3KgPuzQa9ZrxM=
Subject key identifier:   27:E7:8A:A2:3C:4C:8B:A5:28:5E:70:27:5A:97:20:0A:07:F1:5B:32
Certificate issuer:       /CN=cae069b663ee25fd13559101dac1d5032b9fd66e
Certificate serial:       019427B57F53DB97B98A4B52C06C9D69ABFC
Authority key identifier: CA:E0:69:B6:63:EE:25:FD:13:55:91:01:DA:C1:D5:03:2B:9F:D6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yuBptmPuJf0TVZEB2sHVAyuf1m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/J-eKojxMi6UoXnAnWpcgCgfxWzI.roa
Signing time:             Thu 02 Jan 2025 15:49:53 +0000
ROA not before:           Thu 02 Jan 2025 15:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56346
IP address blocks:        185.131.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/yuBptmPuJf0TVZEB2sHVAyuf1m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/yuBptmPuJf0TVZEB2sHVAyuf1m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yuBptmPuJf0TVZEB2sHVAyuf1m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:7f:53:db:97:b9:8a:4b:52:c0:6c:9d:69:ab:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cae069b663ee25fd13559101dac1d5032b9fd66e
        Validity
            Not Before: Jan  2 15:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27e78aa23c4c8ba5285e70275a97200a07f15b32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:08:7d:19:f3:8d:ee:f4:73:1e:b0:1a:50:5a:
                    87:74:4e:86:d8:bf:05:22:ab:7a:78:eb:78:86:0f:
                    75:1e:8e:96:ee:57:18:32:09:8b:cc:ed:65:e2:a8:
                    9b:db:ca:ed:0d:e3:31:cf:f8:f5:22:41:68:cc:35:
                    e3:ea:9b:85:d0:c8:5b:2d:81:6d:65:61:db:2e:03:
                    b8:85:af:a5:12:f4:47:ba:2e:1e:c7:b1:d5:2a:03:
                    26:8d:eb:19:d8:c9:09:de:0a:bb:4d:c9:63:d3:24:
                    24:e8:e9:fe:75:87:a9:98:22:fa:3c:b1:9d:c7:37:
                    8b:d7:16:ff:7b:68:20:d2:cf:62:c6:19:60:b3:0f:
                    ec:7a:22:ad:6c:7a:6b:76:22:b8:c8:6a:b6:0d:08:
                    60:c1:16:99:33:5a:dc:d4:e4:b4:9f:bd:7d:df:9a:
                    5b:77:a9:17:39:43:2d:9b:e0:76:c2:f7:df:d3:71:
                    9f:54:a6:11:eb:27:0e:fa:23:aa:4a:80:42:bc:66:
                    94:d7:2d:48:35:23:63:56:f9:aa:34:39:e6:95:4e:
                    2f:58:82:bd:ee:6e:55:ea:4a:2e:15:2c:a5:6b:5c:
                    2a:72:c2:fe:b3:fe:1b:22:cf:af:ea:6c:d0:d0:15:
                    07:79:a6:11:7b:bd:62:39:55:aa:af:eb:46:ba:61:
                    5e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E7:8A:A2:3C:4C:8B:A5:28:5E:70:27:5A:97:20:0A:07:F1:5B:32
            X509v3 Authority Key Identifier:
                keyid:CA:E0:69:B6:63:EE:25:FD:13:55:91:01:DA:C1:D5:03:2B:9F:D6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yuBptmPuJf0TVZEB2sHVAyuf1m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/J-eKojxMi6UoXnAnWpcgCgfxWzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/e5f5f8-1ca1-4234-9a3c-ecceeee110a4/1/yuBptmPuJf0TVZEB2sHVAyuf1m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:88:0a:c5:05:47:66:4a:b5:de:c7:4c:9a:59:9c:bc:4d:08:
         e3:7d:4f:48:84:3f:64:16:e9:cb:93:bf:4e:ab:4b:e9:31:24:
         63:ab:7b:b9:ba:a3:5d:53:6d:8a:08:cd:19:6c:7d:3d:5f:c1:
         4d:9d:db:67:03:85:15:1d:cd:d3:56:bf:c7:06:a1:29:b4:cb:
         ee:ef:2e:af:49:af:5a:58:41:0f:ac:a2:01:7c:50:cd:ec:a6:
         5c:45:3f:6e:38:af:b2:23:e0:d8:d4:44:bf:a0:1c:7b:77:ba:
         20:f5:24:c4:a0:3c:29:52:18:0a:6b:dc:e7:d3:99:ac:fb:b3:
         20:80:6c:62:84:5b:d9:65:b0:78:d2:a0:f1:49:c9:78:dc:a9:
         8d:9e:e7:72:5f:ee:85:4f:72:45:f1:f1:eb:34:a1:6c:00:df:
         f1:77:8d:27:cd:2a:a3:78:f4:fe:5e:d5:c2:b3:c8:a4:a6:6c:
         67:af:79:69:21:13:d2:53:da:09:0e:8d:10:5d:60:05:fd:f9:
         c2:ad:92:bf:66:be:62:ce:e8:ac:ae:c2:96:7a:d7:16:66:3e:
         c9:6a:16:59:30:0c:09:35:9b:24:ca:70:98:74:81:d7:66:d5:
         8e:21:9f:a7:a6:d2:e4:eb:5b:4f:04:1d:e1:38:b0:a8:74:1b:
         f9:ec:6b:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntX9T25e5iktSwGydaav8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZTA2OWI2NjNlZTI1ZmQxMzU1OTEwMWRhYzFkNTAzMmI5
ZmQ2NmUwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2U3OGFhMjNjNGM4YmE1Mjg1ZTcwMjc1YTk3MjAwYTA3ZjE1YjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAh9GfON7vRzHrAaUFqHdE6G2L8F
Iqt6eOt4hg91Ho6W7lcYMgmLzO1l4qib28rtDeMxz/j1IkFozDXj6puF0MhbLYFt
ZWHbLgO4ha+lEvRHui4ex7HVKgMmjesZ2MkJ3gq7Tclj0yQk6On+dYepmCL6PLGd
xzeL1xb/e2gg0s9ixhlgsw/seiKtbHprdiK4yGq2DQhgwRaZM1rc1OS0n71935pb
d6kXOUMtm+B2wvff03GfVKYR6ycO+iOqSoBCvGaU1y1INSNjVvmqNDnmlU4vWIK9
7m5V6kouFSyla1wqcsL+s/4bIs+v6mzQ0BUHeaYRe71iOVWqr+tGumFeTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfniqI8TIulKF5wJ1qXIAoH8VsyMB8GA1UdIwQY
MBaAFMrgabZj7iX9E1WRAdrB1QMrn9ZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXVCcHRtUHVKZjBUVlpFQjJzSFZBeXVmMW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9lNWY1ZjgtMWNhMS00MjM0LTlhM2Mt
ZWNjZWVlZTExMGE0LzEvSi1lS29qeE1pNlVvWG5BbldwY2dDZ2Z4V3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9lNWY1ZjgtMWNhMS00MjM0LTlhM2MtZWNjZWVlZTExMGE0
LzEveXVCcHRtUHVKZjBUVlpFQjJzSFZBeXVmMW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYP8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRiArFBUdmSrXex0yaWZy8TQjjfU9IhD9kFunLk79O
q0vpMSRjq3u5uqNdU22KCM0ZbH09X8FNndtnA4UVHc3TVr/HBqEptMvu7y6vSa9a
WEEPrKIBfFDN7KZcRT9uOK+yI+DY1ES/oBx7d7og9STEoDwpUhgKa9zn05ms+7Mg
gGxihFvZZbB40qDxScl43KmNnudyX+6FT3JF8fHrNKFsAN/xd40nzSqjePT+XtXC
s8ikpmxnr3lpIRPSU9oJDo0QXWAF/fnCrZK/Zr5izuisrsKWetcWZj7JahZZMAwJ
NZskynCYdIHXZtWOIZ+nptLk61tPBB3hOLCodBv57Gst
-----END CERTIFICATE-----