Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/jt1Zmt4DT_Y7sXSl35beVxp19QA.roa
File:                     jt1Zmt4DT_Y7sXSl35beVxp19QA.roa (raw, json)
Hash identifier:          DdgpSXcI3OxSMNfJJ9ZhlWPoGPhoA4vkTZiBlBg5a+8=
Subject key identifier:   8E:DD:59:9A:DE:03:4F:F6:3B:B1:74:A5:DF:96:DE:57:1A:75:F5:00
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0196E7724F531AE1617AB6999FE9E185B669
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/jt1Zmt4DT_Y7sXSl35beVxp19QA.roa
Signing time:             Mon 19 May 2025 07:29:10 +0000
ROA not before:           Mon 19 May 2025 07:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        109.122.196.0/22 maxlen: 24
                          185.102.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:72:4f:53:1a:e1:61:7a:b6:99:9f:e9:e1:85:b6:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: May 19 07:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8edd599ade034ff63bb174a5df96de571a75f500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ae:99:51:ab:b3:ad:8a:12:30:19:17:bd:88:
                    b5:fa:60:2b:e1:f3:8a:f9:57:a9:df:8b:3c:a5:98:
                    98:b2:df:b2:27:41:ed:c7:d5:9d:70:1d:bc:e2:ed:
                    85:26:0d:2f:21:b6:75:82:e0:78:f4:6e:ce:3e:e9:
                    45:2b:af:bf:06:65:42:38:cb:5a:13:5c:8c:01:9c:
                    b7:02:33:a8:f3:1d:60:dc:0d:a1:0e:9b:e9:41:71:
                    ae:3e:d8:a9:74:26:7a:d7:f7:e9:53:10:15:12:fd:
                    6d:42:3f:b6:87:9f:b6:28:3a:23:b0:3c:a7:08:38:
                    63:aa:71:9b:cf:56:24:73:f4:fb:90:b6:ad:63:b5:
                    f2:02:54:39:11:07:b9:92:50:4d:9a:56:79:bc:54:
                    0a:0b:34:65:70:13:a1:09:b7:e4:fe:b6:fa:ac:91:
                    42:43:72:c4:89:f8:9b:13:c2:8b:b5:cd:d6:78:37:
                    51:6c:5c:52:5c:5a:b7:ad:e9:ca:3e:f8:d8:5d:a0:
                    b8:b8:2a:b1:31:82:06:e2:0a:26:19:87:04:65:3f:
                    a0:2b:fe:d9:a7:a5:8a:2a:09:5b:3a:c3:5e:98:3c:
                    86:f6:84:24:6d:3e:d8:e4:c3:da:7a:25:b9:4a:62:
                    b5:14:7a:69:6e:1f:ac:b3:67:78:37:57:71:1e:8e:
                    b1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DD:59:9A:DE:03:4F:F6:3B:B1:74:A5:DF:96:DE:57:1A:75:F5:00
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/jt1Zmt4DT_Y7sXSl35beVxp19QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.196.0/22
                  185.102.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a4:60:64:0c:2e:3c:4e:e7:18:5f:c5:3f:a5:67:36:bb:9b:
         c9:5f:7d:e3:de:a4:11:38:ef:a8:45:5e:06:aa:d2:94:8f:74:
         42:e4:ef:a5:d2:62:b0:f4:dc:e9:cf:9f:ab:8a:5f:4c:e3:6d:
         6f:50:38:05:75:85:20:4f:b0:8d:6e:92:29:5f:6f:d5:f0:08:
         37:db:e4:e2:a6:60:39:bc:16:ee:96:e0:bf:e2:ca:74:ae:ec:
         06:c0:11:1a:82:86:69:56:4e:7b:30:3e:4a:08:7a:a4:f4:b8:
         5b:19:16:93:cc:d9:6f:03:f1:5c:90:b7:2d:e4:d1:4b:04:bc:
         28:70:73:ef:5f:69:1a:60:52:76:43:ce:e0:25:65:dc:48:fc:
         0d:26:7c:10:56:3d:7f:12:20:5b:2d:b6:68:c3:64:2f:f7:11:
         92:75:3f:4b:e2:bd:76:87:ae:34:3a:90:a0:30:38:cf:91:12:
         81:c0:a3:3d:09:5f:d6:42:78:3a:46:5a:09:5a:6e:3f:98:a9:
         c8:b2:f3:dc:b1:be:8c:d1:c3:c4:97:a8:41:05:e0:71:ce:e3:
         e2:45:09:6b:eb:ec:12:7f:2d:c6:d6:56:95:b0:26:ce:98:72:
         04:ac:40:22:55:08:94:33:30:e5:e7:e8:1a:49:10:84:82:a3:
         fe:c1:9e:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbnck9TGuFheraZn+nhhbZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwNTE5MDcyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWRkNTk5YWRlMDM0ZmY2M2JiMTc0YTVkZjk2ZGU1NzFhNzVmNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr66ZUauzrYoSMBkXvYi1+mAr4fOK
+Vep34s8pZiYst+yJ0Htx9WdcB284u2FJg0vIbZ1guB49G7OPulFK6+/BmVCOMta
E1yMAZy3AjOo8x1g3A2hDpvpQXGuPtipdCZ61/fpUxAVEv1tQj+2h5+2KDojsDyn
CDhjqnGbz1Ykc/T7kLatY7XyAlQ5EQe5klBNmlZ5vFQKCzRlcBOhCbfk/rb6rJFC
Q3LEifibE8KLtc3WeDdRbFxSXFq3renKPvjYXaC4uCqxMYIG4gomGYcEZT+gK/7Z
p6WKKglbOsNemDyG9oQkbT7Y5MPaeiW5SmK1FHppbh+ss2d4N1dxHo6xdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI7dWZreA0/2O7F0pd+W3lcadfUAMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvanQxWm10NERUX1k3c1hTbDM1YmVWeHAxOVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbXrEAwQA
uWZzMA0GCSqGSIb3DQEBCwUAA4IBAQCYpGBkDC48TucYX8U/pWc2u5vJX33j3qQR
OO+oRV4GqtKUj3RC5O+l0mKw9Nzpz5+ril9M421vUDgFdYUgT7CNbpIpX2/V8Ag3
2+TipmA5vBbuluC/4sp0ruwGwBEagoZpVk57MD5KCHqk9LhbGRaTzNlvA/FckLct
5NFLBLwocHPvX2kaYFJ2Q87gJWXcSPwNJnwQVj1/EiBbLbZow2Qv9xGSdT9L4r12
h640OpCgMDjPkRKBwKM9CV/WQng6RloJWm4/mKnIsvPcsb6M0cPEl6hBBeBxzuPi
RQlr6+wSfy3G1laVsCbOmHIErEAiVQiUMzDl5+gaSRCEgqP+wZ4e
-----END CERTIFICATE-----