Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/JbYLo1QJj1kYpPBxet7cXqyE9iI.roa
File:                     JbYLo1QJj1kYpPBxet7cXqyE9iI.roa (raw, json)
Hash identifier:          uTBq3yOSDGtbtq8yQmb5gw8gwOgdFXJ0dTVW45ISk3g=
Subject key identifier:   25:B6:0B:A3:54:09:8F:59:18:A4:F0:71:7A:DE:DC:5E:AC:84:F6:22
Certificate issuer:       /CN=b30fd255c96b42e72b5688c670f6e26119ad3935
Certificate serial:       019711A72041C49A418555E375B0E1927CB3
Authority key identifier: B3:0F:D2:55:C9:6B:42:E7:2B:56:88:C6:70:F6:E2:61:19:AD:39:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sw_SVclrQucrVojGcPbiYRmtOTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/JbYLo1QJj1kYpPBxet7cXqyE9iI.roa
Signing time:             Tue 27 May 2025 12:10:54 +0000
ROA not before:           Tue 27 May 2025 12:10:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51814
IP address blocks:        5.181.17.0/24 maxlen: 24
                          5.181.18.0/24 maxlen: 24
                          185.99.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/sw_SVclrQucrVojGcPbiYRmtOTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/sw_SVclrQucrVojGcPbiYRmtOTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sw_SVclrQucrVojGcPbiYRmtOTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:a7:20:41:c4:9a:41:85:55:e3:75:b0:e1:92:7c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b30fd255c96b42e72b5688c670f6e26119ad3935
        Validity
            Not Before: May 27 12:10:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25b60ba354098f5918a4f0717adedc5eac84f622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ea:9f:f6:86:06:64:7c:39:2c:91:95:c0:e2:
                    da:85:aa:1d:16:50:a4:16:eb:6c:2b:47:be:2c:80:
                    f8:f8:47:7a:83:b0:4f:20:fc:ac:63:95:e5:10:5e:
                    bd:95:75:7d:c4:16:dc:57:76:84:d8:00:63:4e:7b:
                    15:da:9b:37:e6:4b:79:52:64:25:91:b8:27:ff:b3:
                    e7:c1:15:9f:82:81:6f:17:1c:74:51:39:ac:1d:e6:
                    0b:55:b9:de:c5:9c:89:a4:f0:00:2b:6a:04:74:c7:
                    82:65:b4:40:38:2e:12:9d:52:57:e0:71:a6:db:11:
                    c2:c7:e7:bf:d1:99:23:b7:c8:fb:b5:20:a0:69:ec:
                    7f:36:fd:7f:63:e5:f1:90:ea:92:13:14:cf:22:79:
                    eb:71:44:82:32:b6:19:22:4e:3a:33:0d:7f:16:3d:
                    74:9a:86:e4:9e:a7:59:c0:56:d1:cd:68:73:b9:94:
                    a4:9e:44:a8:91:15:22:00:af:36:2d:7a:3c:1a:71:
                    5a:80:9b:65:3a:5b:af:ef:0f:a9:3d:5c:99:eb:ee:
                    2a:5a:92:27:12:fa:6d:d2:eb:6d:60:34:59:23:5c:
                    26:bb:c3:dd:ae:2f:36:16:e9:ff:f7:1c:b8:3f:34:
                    41:be:9f:5d:dc:da:00:b2:ef:b7:1f:ba:da:11:be:
                    bc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B6:0B:A3:54:09:8F:59:18:A4:F0:71:7A:DE:DC:5E:AC:84:F6:22
            X509v3 Authority Key Identifier:
                keyid:B3:0F:D2:55:C9:6B:42:E7:2B:56:88:C6:70:F6:E2:61:19:AD:39:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sw_SVclrQucrVojGcPbiYRmtOTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/JbYLo1QJj1kYpPBxet7cXqyE9iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/99b6b6-c2a6-4a7b-8045-9229cf492fb4/1/sw_SVclrQucrVojGcPbiYRmtOTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.17.0-5.181.18.255
                  185.99.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b9:16:c4:02:fc:ca:07:b1:f4:c9:69:03:55:af:55:91:09:
         a6:cf:2b:b7:25:96:04:06:46:9a:60:f9:df:13:cf:64:d4:14:
         fc:6d:f0:3c:a7:69:03:75:9f:e1:25:70:88:04:b0:5e:e4:19:
         8b:b6:a6:b4:9a:d4:e2:a5:fe:e9:fd:82:c1:53:80:9c:5a:ab:
         c0:a2:96:d5:04:e6:2b:db:71:2f:86:03:4f:9a:b2:bb:b2:6d:
         de:8b:df:b9:62:d6:57:31:cf:6a:e0:cf:db:d3:19:80:2e:c0:
         2d:f4:a6:d6:a0:96:1d:c6:34:e7:60:23:da:cc:08:87:2f:3b:
         56:34:82:09:87:e8:95:a7:65:90:1c:ce:da:8f:b2:60:39:e3:
         88:c5:db:d2:4c:7d:39:2e:c6:9d:98:44:01:c6:bb:03:92:8c:
         38:cb:04:de:73:36:80:42:1e:4d:f5:a0:da:fe:13:36:41:8f:
         b3:87:10:fc:bb:b0:63:bf:84:74:bd:96:f3:1a:a5:04:60:6f:
         4f:ec:e5:38:f9:7c:4d:56:a9:95:bc:e6:58:dd:a5:28:2e:36:
         4b:cb:8e:31:c4:50:e5:42:59:72:ee:3e:e3:38:3d:51:d3:7f:
         45:48:c4:b7:53:21:ac:ce:de:7c:ed:ca:47:8b:5c:8c:fd:8d:
         e8:01:80:2c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZcRpyBBxJpBhVXjdbDhknyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMGZkMjU1Yzk2YjQyZTcyYjU2ODhjNjcwZjZlMjYxMTlh
ZDM5MzUwHhcNMjUwNTI3MTIxMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWI2MGJhMzU0MDk4ZjU5MThhNGYwNzE3YWRlZGM1ZWFjODRmNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuqf9oYGZHw5LJGVwOLahaodFlCk
FutsK0e+LID4+Ed6g7BPIPysY5XlEF69lXV9xBbcV3aE2ABjTnsV2ps35kt5UmQl
kbgn/7PnwRWfgoFvFxx0UTmsHeYLVbnexZyJpPAAK2oEdMeCZbRAOC4SnVJX4HGm
2xHCx+e/0Zkjt8j7tSCgaex/Nv1/Y+XxkOqSExTPInnrcUSCMrYZIk46Mw1/Fj10
mobknqdZwFbRzWhzuZSknkSokRUiAK82LXo8GnFagJtlOluv7w+pPVyZ6+4qWpIn
Evpt0uttYDRZI1wmu8Pdri82Fun/9xy4PzRBvp9d3NoAsu+3H7raEb68HwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCW2C6NUCY9ZGKTwcXre3F6shPYiMB8GA1UdIwQY
MBaAFLMP0lXJa0LnK1aIxnD24mEZrTk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dfU1ZjbHJRdWNyVm9qR2NQYmlZUm10T1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC85OWI2YjYtYzJhNi00YTdiLTgwNDUt
OTIyOWNmNDkyZmI0LzEvSmJZTG8xUUpqMWtZcFBCeGV0N2NYcXlFOWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC85OWI2YjYtYzJhNi00YTdiLTgwNDUtOTIyOWNmNDkyZmI0
LzEvc3dfU1ZjbHJRdWNyVm9qR2NQYmlZUm10T1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAFtRED
BAAFtRIDBAC5YxYwDQYJKoZIhvcNAQELBQADggEBADu5FsQC/MoHsfTJaQNVr1WR
CabPK7cllgQGRppg+d8Tz2TUFPxt8DynaQN1n+ElcIgEsF7kGYu2prSa1OKl/un9
gsFTgJxaq8CiltUE5ivbcS+GA0+asruybd6L37li1lcxz2rgz9vTGYAuwC30ptag
lh3GNOdgI9rMCIcvO1Y0ggmH6JWnZZAcztqPsmA544jF29JMfTkuxp2YRAHGuwOS
jDjLBN5zNoBCHk31oNr+EzZBj7OHEPy7sGO/hHS9lvMapQRgb0/s5Tj5fE1WqZW8
5ljdpSguNkvLjjHEUOVCWXLuPuM4PVHTf0VIxLdTIazO3nztykeLXIz9jegBgCw=
-----END CERTIFICATE-----