Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/JGRvPNVs3QazRb-3Yj9Lmu3EFrc.roa
File:                     JGRvPNVs3QazRb-3Yj9Lmu3EFrc.roa (raw, json)
Hash identifier:          zEfElC4xy0I65Idl73lF7MYcW3sf1hiO0d8+XQ24z5w=
Subject key identifier:   24:64:6F:3C:D5:6C:DD:06:B3:45:BF:B7:62:3F:4B:9A:ED:C4:16:B7
Certificate issuer:       /CN=576705b557b823086b6a532324bfbba36995cb1c
Certificate serial:       0196FD760F1051EED544D469314AF4EC0676
Authority key identifier: 57:67:05:B5:57:B8:23:08:6B:6A:53:23:24:BF:BB:A3:69:95:CB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/JGRvPNVs3QazRb-3Yj9Lmu3EFrc.roa
Signing time:             Fri 23 May 2025 14:04:54 +0000
ROA not before:           Fri 23 May 2025 14:04:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214098
IP address blocks:        185.56.161.0/24 maxlen: 24
                          2a07:5c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:76:0f:10:51:ee:d5:44:d4:69:31:4a:f4:ec:06:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=576705b557b823086b6a532324bfbba36995cb1c
        Validity
            Not Before: May 23 14:04:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24646f3cd56cdd06b345bfb7623f4b9aedc416b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4d:c1:31:12:5e:85:69:a1:10:4c:62:0b:f1:
                    7c:92:f9:c5:29:35:2d:30:95:77:a3:fa:d5:fc:22:
                    83:da:cf:a0:dd:a0:e1:54:60:b6:a7:4f:d4:d9:32:
                    c5:44:ba:1b:6e:e2:fe:50:a5:04:ac:cb:1b:d0:d2:
                    34:b3:45:41:c3:d2:44:23:0a:99:44:e6:7e:25:60:
                    f2:3a:77:39:1f:3d:ea:8f:91:2a:a6:29:0e:db:8d:
                    26:67:f1:46:0f:fb:5c:f7:5f:fb:2d:16:dd:6f:98:
                    94:f6:91:3c:95:dd:f3:11:bf:d9:55:70:28:54:e6:
                    0f:f2:e0:e7:69:12:7d:32:eb:74:b8:4b:b3:03:e7:
                    b5:d2:07:f3:c5:2e:32:68:1c:6d:05:f2:bf:e6:ee:
                    83:05:c7:b3:ec:6c:4f:a0:a2:e0:29:dc:44:bf:78:
                    bd:bf:8d:a0:19:12:26:9b:69:44:20:15:2f:c2:e4:
                    5b:89:1b:6a:6e:f5:c1:88:64:cd:e4:c4:a1:0c:a3:
                    ec:0d:7c:3f:c4:8c:2f:74:1b:6c:71:bc:0c:ed:4a:
                    8e:75:b6:80:1d:50:e1:e2:84:27:6d:9d:04:93:ad:
                    db:ac:15:ba:a5:85:2c:8b:4e:b7:45:6a:3d:f8:0e:
                    98:68:b5:01:61:ef:67:1c:68:3f:e0:96:f6:9d:66:
                    ef:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:64:6F:3C:D5:6C:DD:06:B3:45:BF:B7:62:3F:4B:9A:ED:C4:16:B7
            X509v3 Authority Key Identifier:
                keyid:57:67:05:B5:57:B8:23:08:6B:6A:53:23:24:BF:BB:A3:69:95:CB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/JGRvPNVs3QazRb-3Yj9Lmu3EFrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.161.0/24
                IPv6:
                  2a07:5c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:52:28:73:b7:7d:11:cb:ab:c8:4a:44:db:11:05:49:67:53:
         a5:70:4a:17:76:64:26:81:e4:a8:40:b9:3d:09:be:1e:fe:09:
         3d:e5:85:65:9d:ee:53:9f:dd:12:72:9f:be:16:2d:43:f6:16:
         7d:ef:9c:40:4d:b9:21:d7:3c:9a:4e:44:cf:6c:b3:90:ec:c0:
         ae:1c:37:54:59:7f:64:37:1c:7c:4c:8e:a2:87:c6:28:90:12:
         1f:cb:ce:87:7c:15:15:25:24:44:a3:d9:e1:c4:a5:5c:ef:10:
         db:d8:68:82:97:05:1a:4f:ac:d0:ee:62:f8:7a:3e:2f:1f:06:
         0c:79:9b:a6:0f:68:f3:ed:b2:50:be:f5:b4:61:ca:f9:f7:ce:
         f5:81:35:c2:8a:12:d0:4a:2b:4b:6b:2e:f5:d1:48:22:dc:e3:
         31:c0:ce:17:e5:b4:74:39:3a:c6:2a:31:0c:a7:69:b0:8c:6f:
         ba:94:61:a5:3e:d7:74:bb:e6:74:55:e0:3b:8d:d2:f2:e7:e6:
         5e:28:79:da:c0:bb:1f:c6:89:49:8e:b9:3b:35:fa:be:ac:20:
         37:55:37:d4:b7:fd:79:2b:4b:d1:98:76:2a:97:56:7a:12:de:
         d9:03:be:a7:91:bd:d0:aa:fc:38:b3:7f:ce:6d:da:b1:f3:46:
         6c:bd:c1:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZb9dg8QUe7VRNRpMUr07AZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NjcwNWI1NTdiODIzMDg2YjZhNTMyMzI0YmZiYmEzNjk5
NWNiMWMwHhcNMjUwNTIzMTQwNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDY0NmYzY2Q1NmNkZDA2YjM0NWJmYjc2MjNmNGI5YWVkYzQxNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE3BMRJehWmhEExiC/F8kvnFKTUt
MJV3o/rV/CKD2s+g3aDhVGC2p0/U2TLFRLobbuL+UKUErMsb0NI0s0VBw9JEIwqZ
ROZ+JWDyOnc5Hz3qj5EqpikO240mZ/FGD/tc91/7LRbdb5iU9pE8ld3zEb/ZVXAo
VOYP8uDnaRJ9Mut0uEuzA+e10gfzxS4yaBxtBfK/5u6DBcez7GxPoKLgKdxEv3i9
v42gGRImm2lEIBUvwuRbiRtqbvXBiGTN5MShDKPsDXw/xIwvdBtscbwM7UqOdbaA
HVDh4oQnbZ0Ek63brBW6pYUsi063RWo9+A6YaLUBYe9nHGg/4Jb2nWbvXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCRkbzzVbN0Gs0W/t2I/S5rtxBa3MB8GA1UdIwQY
MBaAFFdnBbVXuCMIa2pTIyS/u6NplcscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjJjRnRWZTRJd2hyYWxNakpMLTdvMm1WeXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83ZDdlMWQtMzNjMC00MzQyLWIyNTkt
YTdiZjNiZjkwMmQ4LzEvSkdSdlBOVnMzUWF6UmItM1lqOUxtdTNFRnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83ZDdlMWQtMzNjMC00MzQyLWIyNTktYTdiZjNiZjkwMmQ4
LzEvVjJjRnRWZTRJd2hyYWxNakpMLTdvMm1WeXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuTihMA8E
AgACMAkDBwAqBwXAAAEwDQYJKoZIhvcNAQELBQADggEBALhSKHO3fRHLq8hKRNsR
BUlnU6VwShd2ZCaB5KhAuT0Jvh7+CT3lhWWd7lOf3RJyn74WLUP2Fn3vnEBNuSHX
PJpORM9ss5DswK4cN1RZf2Q3HHxMjqKHxiiQEh/Lzod8FRUlJESj2eHEpVzvENvY
aIKXBRpPrNDuYvh6Pi8fBgx5m6YPaPPtslC+9bRhyvn3zvWBNcKKEtBKK0trLvXR
SCLc4zHAzhfltHQ5OsYqMQynabCMb7qUYaU+13S75nRV4DuN0vLn5l4oedrAux/G
iUmOuTs1+r6sIDdVN9S3/XkrS9GYdiqXVnoS3tkDvqeRvdCq/Dizf85t2rHzRmy9
wSg=
-----END CERTIFICATE-----