Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/j2dInOKpWqZNeq23W-YQp9_TTtI.roa
File:                     j2dInOKpWqZNeq23W-YQp9_TTtI.roa (raw, json)
Hash identifier:          Y7lLCeMhmVVAzQkmAPLy3meqPRfE8Cd9MxVgH5sdtHc=
Subject key identifier:   8F:67:48:9C:E2:A9:5A:A6:4D:7A:AD:B7:5B:E6:10:A7:DF:D3:4E:D2
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       01963E3962FF164B7C9E59126AC3F69AAB85
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/j2dInOKpWqZNeq23W-YQp9_TTtI.roa
Signing time:             Wed 16 Apr 2025 10:51:10 +0000
ROA not before:           Wed 16 Apr 2025 10:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43212
IP address blocks:        94.182.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:39:62:ff:16:4b:7c:9e:59:12:6a:c3:f6:9a:ab:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Apr 16 10:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f67489ce2a95aa64d7aadb75be610a7dfd34ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bc:04:e0:59:64:d2:44:91:4b:69:7e:b0:41:
                    f1:e8:80:a2:5b:4d:a8:81:0b:d4:17:d3:f8:8b:2b:
                    62:55:d7:f6:bd:55:9a:b8:3d:af:a9:6e:1b:27:29:
                    39:69:65:17:1a:5c:5e:e9:f1:97:3c:d9:5c:36:4b:
                    77:14:13:7b:f6:d2:5e:e7:b6:a1:37:06:a0:96:0d:
                    85:ad:a9:88:64:d2:17:2a:bb:7b:46:bf:87:5e:bb:
                    21:18:94:f2:ac:07:65:d6:8b:ad:7d:5a:95:1f:26:
                    ef:5c:83:02:96:95:a7:e1:9f:0a:ce:81:bc:3e:6b:
                    f9:dc:4b:47:37:da:b9:3d:bb:7d:24:42:ca:58:45:
                    86:39:33:d7:c7:22:30:40:54:ee:ed:66:3f:a8:07:
                    dd:f1:cd:eb:24:fc:4f:06:59:43:27:60:98:c2:c5:
                    00:42:b0:bf:67:83:88:25:a6:cd:b2:1f:89:42:1b:
                    f3:09:fa:87:c5:96:a5:85:65:ba:98:4f:01:8c:9c:
                    6b:2c:59:82:3b:85:e3:3a:fa:07:b6:68:23:fa:f0:
                    f8:b7:67:f9:a3:f3:6b:64:3d:6e:e7:6a:db:5f:07:
                    fd:2e:4b:ea:81:87:9b:12:08:5e:31:f6:25:ef:66:
                    5e:ce:29:cd:9b:ca:35:b3:f0:65:af:cc:f5:1b:02:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:67:48:9C:E2:A9:5A:A6:4D:7A:AD:B7:5B:E6:10:A7:DF:D3:4E:D2
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/j2dInOKpWqZNeq23W-YQp9_TTtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.182.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:7d:b4:72:9b:e7:e6:a2:a4:4c:6c:17:f9:e1:83:5a:ac:dd:
         b9:ca:53:d4:49:9d:7d:c7:32:37:c0:58:c8:e1:94:97:1c:a7:
         42:35:15:b4:2c:a1:92:ec:ef:aa:10:1b:82:aa:c4:ec:0c:85:
         3a:e7:60:34:0f:b1:20:c8:8c:03:d9:34:76:0f:90:df:97:66:
         10:ba:65:fa:b2:47:d8:d6:14:de:86:79:1a:94:f7:74:f4:df:
         a9:08:3e:0d:77:c6:fa:39:de:29:cc:50:e3:58:ec:8b:72:1e:
         49:fc:22:30:1b:93:2c:4d:16:ca:46:ce:b9:8e:ab:33:25:0a:
         d3:2a:43:d2:08:2d:4d:93:dd:83:34:05:d4:46:27:e7:fe:5a:
         59:80:4d:57:4f:34:63:e9:84:ec:ed:75:cf:81:4b:21:33:47:
         c1:e1:c1:49:b9:04:7e:d0:3f:5c:8f:30:a4:c9:dc:19:99:da:
         dd:7d:5f:5f:06:2b:0a:78:2b:34:de:26:b4:dc:1c:8e:9f:f0:
         ba:fe:ed:e6:d4:d1:2e:a0:2d:2f:dd:7c:b8:ee:1d:49:b2:6a:
         86:b1:86:25:28:9a:95:d8:2a:bc:95:3b:e2:40:ea:38:ec:ca:
         3c:e0:4f:a7:6b:25:08:8c:c6:55:fa:66:dc:25:04:ed:c1:b1:
         a4:57:dd:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+OWL/Fkt8nlkSasP2mquFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwNDE2MTA1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY3NDg5Y2UyYTk1YWE2NGQ3YWFkYjc1YmU2MTBhN2RmZDM0ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLwE4Flk0kSRS2l+sEHx6ICiW02o
gQvUF9P4iytiVdf2vVWauD2vqW4bJyk5aWUXGlxe6fGXPNlcNkt3FBN79tJe57ah
Nwaglg2FramIZNIXKrt7Rr+HXrshGJTyrAdl1outfVqVHybvXIMClpWn4Z8KzoG8
Pmv53EtHN9q5Pbt9JELKWEWGOTPXxyIwQFTu7WY/qAfd8c3rJPxPBllDJ2CYwsUA
QrC/Z4OIJabNsh+JQhvzCfqHxZalhWW6mE8BjJxrLFmCO4XjOvoHtmgj+vD4t2f5
o/NrZD1u52rbXwf9LkvqgYebEgheMfYl72ZezinNm8o1s/Blr8z1GwLIEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9nSJziqVqmTXqtt1vmEKff007SMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvajJkSW5PS3BXcVpOZXEyM1ctWVFwOV9UVHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXrYEMA0G
CSqGSIb3DQEBCwUAA4IBAQBEfbRym+fmoqRMbBf54YNarN25ylPUSZ19xzI3wFjI
4ZSXHKdCNRW0LKGS7O+qEBuCqsTsDIU652A0D7EgyIwD2TR2D5Dfl2YQumX6skfY
1hTehnkalPd09N+pCD4Nd8b6Od4pzFDjWOyLch5J/CIwG5MsTRbKRs65jqszJQrT
KkPSCC1Nk92DNAXURifn/lpZgE1XTzRj6YTs7XXPgUshM0fB4cFJuQR+0D9cjzCk
ydwZmdrdfV9fBisKeCs03ia03ByOn/C6/u3m1NEuoC0v3Xy47h1JsmqGsYYlKJqV
2Cq8lTviQOo47Mo84E+nayUIjMZV+mbcJQTtwbGkV926
-----END CERTIFICATE-----