Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/jm_LwTAsKa9hMc9LKIm0Nv8-66A.roa
File:                     jm_LwTAsKa9hMc9LKIm0Nv8-66A.roa (raw, json)
Hash identifier:          GfUSYnSkjh7ptVBb/X/b+7Fylh0BdmY1nbsxoYo2vaM=
Subject key identifier:   8E:6F:CB:C1:30:2C:29:AF:61:31:CF:4B:28:89:B4:36:FF:3E:EB:A0
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       01957FEF3CDFDB186DEEFE2299AC262135D2
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/jm_LwTAsKa9hMc9LKIm0Nv8-66A.roa
Signing time:             Mon 10 Mar 2025 12:02:19 +0000
ROA not before:           Mon 10 Mar 2025 12:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329007
IP address blocks:        85.11.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:ef:3c:df:db:18:6d:ee:fe:22:99:ac:26:21:35:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Mar 10 12:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e6fcbc1302c29af6131cf4b2889b436ff3eeba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:5a:6b:fc:c4:0e:62:88:7a:21:2a:18:79:
                    30:7c:ac:ec:d0:7e:56:ac:43:a7:4e:0c:87:c9:9e:
                    12:60:b4:54:8b:b2:0e:3e:2f:2a:76:10:33:e1:a7:
                    53:66:0c:07:0c:c1:a7:6a:db:1d:3c:65:d8:6d:b0:
                    05:e7:2f:36:80:be:60:77:69:cd:bc:49:77:8a:6a:
                    2a:5a:97:0a:61:c8:b7:ae:a5:ad:80:fa:e9:37:f0:
                    68:ae:22:85:aa:0a:71:f4:ca:c6:b6:0e:cd:39:d7:
                    0e:eb:ef:07:94:7d:3b:42:ec:9e:38:38:e2:7e:84:
                    d7:c2:46:2d:4a:ee:86:0e:1a:a7:9c:b3:83:39:df:
                    b0:03:8c:8f:6d:8c:65:c4:57:ca:3b:ad:34:26:df:
                    25:92:67:65:bc:07:0e:37:3c:f7:71:32:41:00:e0:
                    e5:2f:7e:79:2c:30:73:ea:a4:f7:05:6a:ec:e8:5b:
                    5d:5c:c3:2d:ab:10:4f:a3:ab:0e:a7:ec:55:57:15:
                    ce:03:86:f5:38:5c:aa:c1:b9:60:03:78:d5:56:c5:
                    35:93:97:01:7e:3a:5d:7a:b8:4e:83:78:c2:4c:bf:
                    30:45:20:51:1c:c2:54:e8:36:e5:3e:26:d9:de:11:
                    76:f6:d6:12:22:c5:ea:5f:40:65:e2:35:b9:32:8d:
                    73:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:6F:CB:C1:30:2C:29:AF:61:31:CF:4B:28:89:B4:36:FF:3E:EB:A0
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/jm_LwTAsKa9hMc9LKIm0Nv8-66A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:d7:12:e1:93:31:8d:ee:b1:f8:a7:7f:4b:f6:a3:34:75:
         3d:eb:5b:db:94:ab:44:7f:bb:eb:d4:2c:dc:f2:6c:e6:68:7e:
         53:e3:8c:6d:95:c3:3e:0a:27:cd:92:8b:10:7c:5c:43:5a:b3:
         19:16:b5:f3:75:68:c6:c7:aa:fc:56:55:f9:a7:ca:5a:05:db:
         38:63:37:73:2d:9f:ad:e9:cb:b7:eb:d6:04:d5:f8:e8:b0:2c:
         57:dd:f3:e8:6e:99:5e:a0:ec:24:f7:20:cf:b5:f4:3f:13:8b:
         dc:42:5e:cf:b1:7f:9b:b8:33:44:65:70:ef:a0:d1:59:4a:0e:
         27:db:26:d0:7c:af:94:45:08:27:2e:d8:8c:f3:9d:b8:f8:9c:
         1c:86:d0:2a:8e:19:a0:9f:f7:cf:7d:82:0f:29:f6:a5:ba:73:
         ce:7d:61:91:a8:e5:d3:45:97:78:09:b1:9e:f3:70:37:52:d8:
         5a:18:85:dc:a1:20:d2:94:ad:32:6f:ea:83:25:27:1e:a2:b1:
         ef:63:09:68:47:09:a3:eb:70:55:78:e1:88:9f:bb:6c:f8:79:
         6f:45:6d:7b:ac:df:99:4a:2f:df:4e:07:7b:36:d1:55:ce:01:
         3e:67:23:cb:89:a6:18:81:cb:0e:cc:9c:68:9b:fe:40:4c:aa:
         74:ca:8c:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV/7zzf2xht7v4imawmITXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjUwMzEwMTIwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTZmY2JjMTMwMmMyOWFmNjEzMWNmNGIyODg5YjQzNmZmM2VlYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthxaa/zEDmKIeiEqGHkwfKzs0H5W
rEOnTgyHyZ4SYLRUi7IOPi8qdhAz4adTZgwHDMGnatsdPGXYbbAF5y82gL5gd2nN
vEl3imoqWpcKYci3rqWtgPrpN/BoriKFqgpx9MrGtg7NOdcO6+8HlH07QuyeODji
foTXwkYtSu6GDhqnnLODOd+wA4yPbYxlxFfKO600Jt8lkmdlvAcONzz3cTJBAODl
L355LDBz6qT3BWrs6FtdXMMtqxBPo6sOp+xVVxXOA4b1OFyqwblgA3jVVsU1k5cB
fjpderhOg3jCTL8wRSBRHMJU6DblPibZ3hF29tYSIsXqX0Bl4jW5Mo1z8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5vy8EwLCmvYTHPSyiJtDb/PuugMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvam1fTHdUQXNLYTloTWM5TEtJbTBOdjgtNjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVQu0MA0G
CSqGSIb3DQEBCwUAA4IBAQA8oNcS4ZMxje6x+Kd/S/ajNHU961vblKtEf7vr1Czc
8mzmaH5T44xtlcM+CifNkosQfFxDWrMZFrXzdWjGx6r8VlX5p8paBds4YzdzLZ+t
6cu369YE1fjosCxX3fPobpleoOwk9yDPtfQ/E4vcQl7PsX+buDNEZXDvoNFZSg4n
2ybQfK+URQgnLtiM8524+JwchtAqjhmgn/fPfYIPKfalunPOfWGRqOXTRZd4CbGe
83A3UthaGIXcoSDSlK0yb+qDJSceorHvYwloRwmj63BVeOGIn7ts+HlvRW17rN+Z
Si/fTgd7NtFVzgE+ZyPLiaYYgcsOzJxom/5ATKp0yoyh
-----END CERTIFICATE-----