Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Jfbp60TqKTaaXrwQL7LgGpAWEpg.roa
File:                     Jfbp60TqKTaaXrwQL7LgGpAWEpg.roa (raw, json)
Hash identifier:          77aXq5T/xLpRDc/RPjSdhF/Q92mfSJbZ1p52uiAiKLY=
Subject key identifier:   25:F6:E9:EB:44:EA:29:36:9A:5E:BC:10:2F:B2:E0:1A:90:16:12:98
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0196CF69F75E15917899583856DFBD9AB837
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Jfbp60TqKTaaXrwQL7LgGpAWEpg.roa
Signing time:             Wed 14 May 2025 15:29:10 +0000
ROA not before:           Wed 14 May 2025 15:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48031
IP address blocks:        89.187.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:69:f7:5e:15:91:78:99:58:38:56:df:bd:9a:b8:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: May 14 15:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25f6e9eb44ea29369a5ebc102fb2e01a90161298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:21:b2:f9:fa:7a:f6:67:17:0d:be:9f:28:c5:
                    4d:8a:d2:ef:eb:84:6d:1a:24:3c:57:1b:b4:6a:2d:
                    9c:54:80:92:0b:a2:b7:e7:e3:07:b6:88:4a:87:d3:
                    a7:d3:d3:b7:92:2b:45:92:8c:ae:47:c4:c9:69:1a:
                    c7:70:13:74:92:5e:04:6b:c7:49:d6:94:e4:a7:40:
                    ca:88:9e:1f:6f:02:cd:4e:31:5f:bd:76:21:cb:e5:
                    1a:ef:1a:01:2c:04:f7:e4:a3:1b:c9:bf:a5:e8:69:
                    0c:6b:b5:9f:83:aa:1a:c2:65:37:e1:9f:91:65:9f:
                    64:3e:a4:6c:75:c4:be:b7:5e:46:27:87:e3:a0:27:
                    b5:8e:3f:5d:6a:ba:a2:a9:07:94:57:f8:91:c5:52:
                    ca:af:18:5f:ad:ae:4d:8f:89:65:df:1c:01:6a:03:
                    30:28:9a:6d:6b:1f:b9:ee:a9:01:8c:0e:83:ac:e4:
                    45:58:e6:79:19:f6:12:cc:58:25:12:2c:60:00:80:
                    7f:16:5e:f3:ed:77:c8:d9:de:84:75:b9:40:88:4c:
                    18:b8:2c:22:48:c7:e0:cf:e0:1b:37:72:7b:54:b7:
                    94:e8:36:16:6c:e0:10:1a:c5:60:c3:19:92:f1:b3:
                    7a:68:3f:56:69:0e:37:f2:81:44:fc:aa:25:f7:4e:
                    c4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F6:E9:EB:44:EA:29:36:9A:5E:BC:10:2F:B2:E0:1A:90:16:12:98
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Jfbp60TqKTaaXrwQL7LgGpAWEpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:64:15:ca:ef:f6:73:bc:cc:47:20:ba:24:85:b0:b2:fb:35:
         2f:08:d4:c7:b1:42:0f:e1:c7:30:60:a1:e2:8f:39:fd:4a:17:
         ae:13:f8:42:ec:81:8a:90:c0:49:9b:34:62:9a:96:a0:13:79:
         ab:54:04:53:b5:09:39:64:2a:65:a4:30:ce:46:bd:d6:e1:ad:
         e2:4d:54:ad:d0:88:c4:98:06:9f:83:9f:50:85:10:c4:94:12:
         f3:bb:8e:08:e2:31:37:4c:42:bd:1f:a5:66:bf:e9:78:49:4b:
         a5:ab:87:82:dc:d7:63:c6:53:c7:34:06:7f:9d:e5:19:b1:01:
         e1:a5:16:bf:78:ce:45:80:8b:86:72:98:da:ac:1e:76:fe:a1:
         83:89:b9:46:8a:12:2c:c4:6c:62:41:a5:e0:15:3d:3d:ed:eb:
         77:9b:28:4f:28:b7:e8:a2:42:7f:4c:c3:85:03:10:75:81:1c:
         ca:2b:5e:fb:3c:e0:8a:d7:d1:a6:ae:a5:48:cd:0a:98:c1:7f:
         6a:ce:03:6b:2f:7e:31:43:d6:99:d5:aa:c5:36:97:c4:4d:e6:
         1f:80:02:e9:e8:d7:a1:75:6e:a7:52:30:9f:93:59:f0:e1:40:
         ba:89:d5:4b:f2:f1:0c:f6:45:f6:78:0b:ae:fe:f1:fd:a9:56:
         6f:fd:b8:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPafdeFZF4mVg4Vt+9mrg3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwNTE0MTUyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY2ZTllYjQ0ZWEyOTM2OWE1ZWJjMTAyZmIyZTAxYTkwMTYxMjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yGy+fp69mcXDb6fKMVNitLv64Rt
GiQ8Vxu0ai2cVICSC6K35+MHtohKh9On09O3kitFkoyuR8TJaRrHcBN0kl4Ea8dJ
1pTkp0DKiJ4fbwLNTjFfvXYhy+Ua7xoBLAT35KMbyb+l6GkMa7Wfg6oawmU34Z+R
ZZ9kPqRsdcS+t15GJ4fjoCe1jj9darqiqQeUV/iRxVLKrxhfra5Nj4ll3xwBagMw
KJptax+57qkBjA6DrORFWOZ5GfYSzFglEixgAIB/Fl7z7XfI2d6EdblAiEwYuCwi
SMfgz+AbN3J7VLeU6DYWbOAQGsVgwxmS8bN6aD9WaQ438oFE/Kol907EjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX26etE6ik2ml68EC+y4BqQFhKYMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvSmZicDYwVHFLVGFhWHJ3UUw3TGdHcEFXRXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsNMA0G
CSqGSIb3DQEBCwUAA4IBAQCeZBXK7/ZzvMxHILokhbCy+zUvCNTHsUIP4ccwYKHi
jzn9SheuE/hC7IGKkMBJmzRimpagE3mrVARTtQk5ZCplpDDORr3W4a3iTVSt0IjE
mAafg59QhRDElBLzu44I4jE3TEK9H6Vmv+l4SUulq4eC3NdjxlPHNAZ/neUZsQHh
pRa/eM5FgIuGcpjarB52/qGDiblGihIsxGxiQaXgFT097et3myhPKLfookJ/TMOF
AxB1gRzKK177POCK19GmrqVIzQqYwX9qzgNrL34xQ9aZ1arFNpfETeYfgALp6Neh
dW6nUjCfk1nw4UC6idVL8vEM9kX2eAuu/vH9qVZv/bgP
-----END CERTIFICATE-----