Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/JLrvN6gy-l8oqZZ6A2f-EeS0QQc.roa
File:                     JLrvN6gy-l8oqZZ6A2f-EeS0QQc.roa (raw, json)
Hash identifier:          kxEu7XapzO+8FKwUNiG2TUK6bp7351KlBBspHS3oFSo=
Subject key identifier:   24:BA:EF:37:A8:32:FA:5F:28:A9:96:7A:03:67:FE:11:E4:B4:41:07
Certificate issuer:       /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial:       01990CF9B8108F1DB415613840ED9096A7D9
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/JLrvN6gy-l8oqZZ6A2f-EeS0QQc.roa
Signing time:             Wed 03 Sep 2025 00:28:36 +0000
ROA not before:           Wed 03 Sep 2025 00:28:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.12.207.0/24 maxlen: 24
                          45.66.132.0/24 maxlen: 24
                          2a0c:8a40:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0c:f9:b8:10:8f:1d:b4:15:61:38:40:ed:90:96:a7:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
        Validity
            Not Before: Sep  3 00:28:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24baef37a832fa5f28a9967a0367fe11e4b44107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:be:c9:bc:1c:8d:14:5d:1d:3b:82:80:37:
                    bc:f5:27:ac:fb:c1:f7:1b:ca:e6:cd:35:94:df:0c:
                    db:6c:6b:b8:d7:8a:d1:7a:2a:5d:d4:5e:5b:6d:3a:
                    49:41:d1:14:67:23:26:35:1e:a6:f5:06:17:a6:c2:
                    a4:6c:ad:25:7c:1a:71:23:b3:73:14:56:2d:11:1c:
                    47:de:df:97:42:05:63:27:e4:e0:52:66:96:28:fb:
                    7d:68:91:3a:94:a6:3c:7c:38:a6:67:61:1c:bc:78:
                    02:fe:7b:e5:9b:13:64:78:cf:5d:69:b3:d6:17:79:
                    15:a1:2b:cb:8c:b2:80:42:03:78:05:40:75:e0:2b:
                    5c:38:dc:11:13:4a:12:4b:03:5b:f3:f1:39:26:66:
                    0a:c6:9e:96:a4:17:0b:66:2b:2f:4b:56:de:99:e6:
                    77:df:0e:2d:b7:5d:01:09:d5:e0:33:4b:40:7e:24:
                    20:4e:3b:10:aa:da:ae:28:1a:96:1b:06:29:e4:c5:
                    39:a9:12:57:2f:c3:57:c9:74:9b:69:65:be:82:bc:
                    b0:3a:51:28:34:ed:3f:3b:32:b0:d6:07:7a:7c:59:
                    27:23:0a:ca:60:bb:5c:ba:4f:37:5e:3a:97:7e:34:
                    83:eb:0e:26:09:cb:3e:f0:9f:aa:ee:16:73:cc:11:
                    9e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BA:EF:37:A8:32:FA:5F:28:A9:96:7A:03:67:FE:11:E4:B4:41:07
            X509v3 Authority Key Identifier:
                keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/JLrvN6gy-l8oqZZ6A2f-EeS0QQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.207.0/24
                  45.66.132.0/24
                IPv6:
                  2a0c:8a40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:1b:94:c9:43:4c:f0:9d:af:e8:64:2b:18:69:0f:08:41:c7:
         3c:5c:06:44:e1:ef:f2:52:84:db:39:83:81:64:d9:35:05:d0:
         17:b7:43:6b:0e:43:70:82:fb:01:a1:4e:42:ac:1b:76:ec:9e:
         94:27:60:94:09:55:fa:5b:fd:30:e0:ab:24:c4:a5:6c:1a:f2:
         2d:df:87:d3:80:77:e9:b0:69:a5:ee:ac:ca:fb:3f:11:21:0e:
         0a:38:4f:63:10:22:66:ed:47:a9:72:73:f2:a3:6c:24:35:05:
         80:89:f1:53:f5:36:46:de:84:fa:a3:79:ea:cd:d4:e0:3f:50:
         9d:e1:5a:4d:e0:2d:4c:ea:99:15:3c:3d:03:0d:4a:5d:48:dc:
         38:63:12:9b:52:10:b6:a2:be:ff:47:dc:b0:c3:cb:dd:8c:ea:
         40:e4:48:e9:83:6b:9f:07:88:02:06:d8:ce:43:d6:10:2f:01:
         45:71:e1:78:a0:7d:19:81:11:63:d4:96:17:99:c7:5f:ac:c0:
         d2:6e:12:36:07:5d:1d:14:a1:44:d0:63:30:3d:13:c8:b5:a0:
         3c:cb:56:52:8e:a9:7a:f2:ef:3b:ed:c2:32:19:12:ed:c0:e9:
         63:8f:b8:a3:a6:b9:3a:b1:43:9e:7b:2e:a4:9d:d1:d6:cf:55:
         21:5b:b8:11
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZkM+bgQjx20FWE4QO2QlqfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUwOTAzMDAyODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJhZWYzN2E4MzJmYTVmMjhhOTk2N2EwMzY3ZmUxMWU0YjQ0MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMa+ybwcjRRdHTuCgDe89Ses+8H3
G8rmzTWU3wzbbGu414rReipd1F5bbTpJQdEUZyMmNR6m9QYXpsKkbK0lfBpxI7Nz
FFYtERxH3t+XQgVjJ+TgUmaWKPt9aJE6lKY8fDimZ2EcvHgC/nvlmxNkeM9dabPW
F3kVoSvLjLKAQgN4BUB14CtcONwRE0oSSwNb8/E5JmYKxp6WpBcLZisvS1bemeZ3
3w4tt10BCdXgM0tAfiQgTjsQqtquKBqWGwYp5MU5qRJXL8NXyXSbaWW+grywOlEo
NO0/OzKw1gd6fFknIwrKYLtcuk83XjqXfjSD6w4mCcs+8J+q7hZzzBGeDwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCS67zeoMvpfKKmWegNn/hHktEEHMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvSkxydk42Z3ktbDhvcVpaNkEyZi1FZVMwUVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALQzPAwQA
LUKEMA8EAgACMAkDBwAqDIpAAAIwDQYJKoZIhvcNAQELBQADggEBAMYblMlDTPCd
r+hkKxhpDwhBxzxcBkTh7/JShNs5g4Fk2TUF0Be3Q2sOQ3CC+wGhTkKsG3bsnpQn
YJQJVfpb/TDgqyTEpWwa8i3fh9OAd+mwaaXurMr7PxEhDgo4T2MQImbtR6lyc/Kj
bCQ1BYCJ8VP1NkbehPqjeerN1OA/UJ3hWk3gLUzqmRU8PQMNSl1I3DhjEptSELai
vv9H3LDDy92M6kDkSOmDa58HiAIG2M5D1hAvAUVx4XigfRmBEWPUlheZx1+swNJu
EjYHXR0UoUTQYzA9E8i1oDzLVlKOqXry7zvtwjIZEu3A6WOPuKOmuTqxQ557LqSd
0dbPVSFbuBE=
-----END CERTIFICATE-----