Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/jOJJqoS_PgQTtahvKFyYtdpryQc.roa
File:                     jOJJqoS_PgQTtahvKFyYtdpryQc.roa (raw, json)
Hash identifier:          NLWvbfmQ0GpKEPm+5C3Z0gDnOHe3vz+adN0kchftPSM=
Subject key identifier:   8C:E2:49:AA:84:BF:3E:04:13:B5:A8:6F:28:5C:98:B5:DA:6B:C9:07
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019421B22AA9651D057C588AC5F17DA9E305
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/jOJJqoS_PgQTtahvKFyYtdpryQc.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        37.221.64.0/22 maxlen: 24
                          37.221.65.0/24 maxlen: 24
                          45.86.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2a:a9:65:1d:05:7c:58:8a:c5:f1:7d:a9:e3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ce249aa84bf3e0413b5a86f285c98b5da6bc907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:66:80:fa:f5:2e:7c:dc:50:06:69:09:8c:
                    ee:33:ff:55:b7:86:b0:7b:dd:9e:8d:4c:10:a8:53:
                    2f:07:f3:87:04:fc:76:0c:52:6f:7c:88:e5:90:68:
                    be:50:8d:db:15:20:71:b9:a0:c6:f7:87:a0:24:17:
                    c1:e1:bb:d3:ed:09:12:da:57:a3:e6:2a:b4:11:98:
                    48:22:56:57:ee:f7:d5:7d:97:2e:9a:7a:86:a6:53:
                    53:fb:7e:ab:e3:9f:61:c0:71:27:72:44:05:4e:55:
                    dd:b5:28:11:8f:cf:fa:62:7a:a2:db:17:bd:68:5c:
                    6b:fa:c8:e7:64:64:04:cd:2a:56:87:39:08:87:f1:
                    08:de:cd:2c:0c:3b:f4:d4:77:0e:27:a0:78:cc:cd:
                    3a:6f:de:d2:8e:b1:46:7e:12:ff:79:27:e7:ff:03:
                    6e:dd:dd:c7:86:81:b7:bd:56:ff:0b:df:c6:b7:6f:
                    08:90:54:7b:40:e9:5d:1b:cb:62:ee:1a:f2:5c:03:
                    0b:0b:2c:17:9b:11:36:87:3e:4e:91:e6:af:bb:b4:
                    52:bf:1a:36:b8:a8:6f:f3:43:fd:33:2f:ff:f8:08:
                    00:c0:59:aa:4d:d0:7e:4c:6f:75:41:b8:31:9d:f8:
                    75:3a:6c:78:3d:07:78:68:7e:26:eb:58:4c:49:70:
                    68:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E2:49:AA:84:BF:3E:04:13:B5:A8:6F:28:5C:98:B5:DA:6B:C9:07
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/jOJJqoS_PgQTtahvKFyYtdpryQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.64.0/22
                  45.86.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6a:3f:26:13:1f:80:ee:3b:c0:46:d5:17:8e:52:aa:30:b7:
         fc:23:a8:66:15:b1:1a:b6:ee:cd:8a:9d:55:c8:10:19:ab:41:
         4d:49:1d:d4:89:4f:1d:49:fd:6b:88:05:fc:66:85:0c:a0:a0:
         a3:5c:4d:8c:44:45:cd:9a:13:a2:19:be:54:77:b1:0b:d5:bf:
         b6:38:01:70:fb:65:60:e2:e8:32:db:9e:80:13:2c:32:22:a5:
         c7:83:6a:c5:c2:72:95:0d:fa:3e:00:6e:04:9b:42:0f:80:b3:
         a0:8b:51:a0:0c:7d:f3:0e:fc:a8:9b:12:4b:44:bb:d9:fe:b8:
         1e:b3:ef:c0:2d:d3:96:be:4d:18:56:b8:d3:c2:99:d1:53:68:
         01:9f:97:54:28:a0:17:e9:40:1b:52:cd:4a:80:6c:88:b2:49:
         00:ab:98:38:5f:bd:0d:fd:12:95:b7:bb:78:87:45:57:b1:b4:
         62:d4:1b:61:7a:0a:f3:68:82:6d:d3:99:72:ef:70:60:2d:ff:
         e1:80:c0:0b:05:06:fe:47:1d:02:96:e1:c0:1c:ba:37:d8:9b:
         80:41:42:d8:c4:1f:23:f8:47:1f:3b:99:ed:34:87:d2:a3:64:
         bc:ec:bd:24:6f:f2:a5:f0:74:18:5d:aa:6f:38:b6:dc:24:a7:
         26:09:d2:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsiqpZR0FfFiKxfF9qeMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2UyNDlhYTg0YmYzZTA0MTNiNWE4NmYyODVjOThiNWRhNmJjOTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbZmgPr1LnzcUAZpCYzuM/9Vt4aw
e92ejUwQqFMvB/OHBPx2DFJvfIjlkGi+UI3bFSBxuaDG94egJBfB4bvT7QkS2lej
5iq0EZhIIlZX7vfVfZcumnqGplNT+36r459hwHEnckQFTlXdtSgRj8/6Ynqi2xe9
aFxr+sjnZGQEzSpWhzkIh/EI3s0sDDv01HcOJ6B4zM06b97SjrFGfhL/eSfn/wNu
3d3HhoG3vVb/C9/Gt28IkFR7QOldG8ti7hryXAMLCywXmxE2hz5Okeavu7RSvxo2
uKhv80P9My//+AgAwFmqTdB+TG91Qbgxnfh1Omx4PQd4aH4m61hMSXBojwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIziSaqEvz4EE7WobyhcmLXaa8kHMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvak9KSnFvU19QZ1FUdGFodktGeVl0ZHByeVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJd1AAwQA
LVZWMA0GCSqGSIb3DQEBCwUAA4IBAQBxaj8mEx+A7jvARtUXjlKqMLf8I6hmFbEa
tu7Nip1VyBAZq0FNSR3UiU8dSf1riAX8ZoUMoKCjXE2MREXNmhOiGb5Ud7EL1b+2
OAFw+2Vg4ugy256AEywyIqXHg2rFwnKVDfo+AG4Em0IPgLOgi1GgDH3zDvyomxJL
RLvZ/rges+/ALdOWvk0YVrjTwpnRU2gBn5dUKKAX6UAbUs1KgGyIskkAq5g4X70N
/RKVt7t4h0VXsbRi1BthegrzaIJt05ly73BgLf/hgMALBQb+Rx0CluHAHLo32JuA
QULYxB8j+EcfO5ntNIfSo2S87L0kb/Kl8HQYXapvOLbcJKcmCdIv
-----END CERTIFICATE-----