Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/JFdpz4qHx_4cniX3BWWOLLPVqtE.roa
File:                     JFdpz4qHx_4cniX3BWWOLLPVqtE.roa (raw, json)
Hash identifier:          p/0kdoGRXrffXN49KkQkmbIDXM/4wVxkOOygBUu78vA=
Subject key identifier:   24:57:69:CF:8A:87:C7:FE:1C:9E:25:F7:05:65:8E:2C:B3:D5:AA:D1
Certificate issuer:       /CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
Certificate serial:       0195526893260FFD7CE51FAC89E941B5DC5B
Authority key identifier: EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/JFdpz4qHx_4cniX3BWWOLLPVqtE.roa
Signing time:             Sat 01 Mar 2025 15:52:19 +0000
ROA not before:           Sat 01 Mar 2025 15:52:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        193.9.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:52:68:93:26:0f:fd:7c:e5:1f:ac:89:e9:41:b5:dc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
        Validity
            Not Before: Mar  1 15:52:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=245769cf8a87c7fe1c9e25f705658e2cb3d5aad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:49:1f:40:12:d3:0b:89:45:15:eb:60:76:24:
                    e8:0e:cc:70:82:60:13:29:9c:16:a0:cf:59:f1:77:
                    d4:d8:af:e9:ed:ed:59:ab:2a:3c:b4:7e:c1:84:f3:
                    07:57:14:48:4f:71:3a:f9:e5:33:16:d5:cf:86:8d:
                    4e:79:ba:ef:43:ef:e8:a0:a2:f1:ae:30:43:3f:cd:
                    f9:dc:73:da:93:f6:a7:21:06:34:4e:9a:88:4d:a6:
                    44:1e:78:f8:85:ce:f1:11:73:ce:dd:77:3c:71:21:
                    5f:00:de:06:cd:8a:d1:c9:bb:63:99:58:07:ab:33:
                    b2:1f:83:e0:b6:8f:47:27:7b:42:2a:00:7d:c0:1a:
                    22:16:bd:65:aa:6a:de:67:05:0d:04:12:e3:00:02:
                    ef:37:f2:ab:55:85:4c:6f:c8:ab:ae:65:36:45:da:
                    a3:cd:d6:aa:3a:9d:f1:2f:14:b5:c6:0d:f5:4d:47:
                    46:72:41:0c:45:16:e6:0f:60:3d:9e:20:89:91:6a:
                    06:2b:e1:0d:43:cb:65:a2:15:a1:3f:49:a5:b9:b4:
                    cd:5e:52:06:56:da:95:9f:06:5f:43:a6:59:e7:59:
                    1b:c4:ec:5f:be:3e:2f:cf:76:b2:fc:fe:bc:de:79:
                    d7:70:75:03:b0:1e:e0:db:6e:6d:fa:a7:0e:c2:f5:
                    28:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:57:69:CF:8A:87:C7:FE:1C:9E:25:F7:05:65:8E:2C:B3:D5:AA:D1
            X509v3 Authority Key Identifier:
                keyid:EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/JFdpz4qHx_4cniX3BWWOLLPVqtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d4:a9:33:d1:ab:a9:2b:ce:b4:10:19:81:2f:eb:48:16:53:
         2c:90:0b:c7:5e:0a:4d:c3:76:d8:9d:2e:37:e8:61:fd:61:6d:
         0d:02:fb:09:8b:4e:c2:61:5f:2e:e1:c7:3d:82:65:b7:06:eb:
         6a:0f:aa:be:c7:28:61:f2:41:b8:dd:83:e3:ed:be:bc:95:89:
         6f:bc:b9:be:7d:f3:7f:c9:10:50:8e:72:dd:f8:f4:42:d8:69:
         0c:a7:c6:50:f4:33:61:07:dc:3e:18:76:05:ce:5e:07:08:ba:
         76:a7:7d:27:29:ec:a4:9d:12:a1:72:9a:e0:41:7e:1f:49:5a:
         7b:b6:d1:22:0a:c2:8e:cd:09:b8:c9:fc:d1:24:82:42:ba:5c:
         52:a8:ca:b5:a3:9d:47:14:02:9a:cf:53:a6:fa:7d:60:6d:6b:
         5b:0f:ec:31:74:9b:7a:34:70:f2:fc:01:b6:05:3f:d4:18:2b:
         d8:07:37:7e:07:f8:db:59:05:2f:91:17:0f:c9:82:05:6c:28:
         d9:ab:61:1d:30:81:e5:09:31:8c:f1:98:03:0b:e0:f8:1f:19:
         9c:bf:97:2c:75:9f:00:45:84:0d:30:95:53:92:ab:bf:ba:03:
         37:d7:e8:30:22:d5:ac:52:a3:58:b9:5c:b8:3d:e2:21:d1:f5:
         ca:9e:ea:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVSaJMmD/185R+sielBtdxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVmMjQ2YmZjMWVhOGZjMzg2Yzg2ZGQ0OWZiYWE4ZDg4
YzQ4ODEwHhcNMjUwMzAxMTU1MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU3NjljZjhhODdjN2ZlMWM5ZTI1ZjcwNTY1OGUyY2IzZDVhYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUkfQBLTC4lFFetgdiToDsxwgmAT
KZwWoM9Z8XfU2K/p7e1Zqyo8tH7BhPMHVxRIT3E6+eUzFtXPho1OebrvQ+/ooKLx
rjBDP8353HPak/anIQY0TpqITaZEHnj4hc7xEXPO3Xc8cSFfAN4GzYrRybtjmVgH
qzOyH4Pgto9HJ3tCKgB9wBoiFr1lqmreZwUNBBLjAALvN/KrVYVMb8irrmU2Rdqj
zdaqOp3xLxS1xg31TUdGckEMRRbmD2A9niCJkWoGK+ENQ8tlohWhP0mlubTNXlIG
VtqVnwZfQ6ZZ51kbxOxfvj4vz3ay/P683nnXcHUDsB7g225t+qcOwvUoPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRXac+Kh8f+HJ4l9wVljiyz1arRMB8GA1UdIwQY
MBaAFOxl8ka/weqPw4bIbdSfuqjYjEiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTkt
NzgxMjgwZmQyNDEyLzEvSkZkcHo0cUh4XzRjbmlYM0JXV09MTFBWcXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTktNzgxMjgwZmQyNDEy
LzEvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkQMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ1Kkz0aupK860EBmBL+tIFlMskAvHXgpNw3bYnS43
6GH9YW0NAvsJi07CYV8u4cc9gmW3ButqD6q+xyhh8kG43YPj7b68lYlvvLm+ffN/
yRBQjnLd+PRC2GkMp8ZQ9DNhB9w+GHYFzl4HCLp2p30nKeyknRKhcprgQX4fSVp7
ttEiCsKOzQm4yfzRJIJCulxSqMq1o51HFAKaz1Om+n1gbWtbD+wxdJt6NHDy/AG2
BT/UGCvYBzd+B/jbWQUvkRcPyYIFbCjZq2EdMIHlCTGM8ZgDC+D4Hxmcv5csdZ8A
RYQNMJVTkqu/ugM31+gwItWsUqNYuVy4PeIh0fXKnuqx
-----END CERTIFICATE-----