Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/JIv5kyRXEpJpMQBeGl_ous5BCpI.roa
File:                     JIv5kyRXEpJpMQBeGl_ous5BCpI.roa (raw, json)
Hash identifier:          SnK1Ps2z7q6UdEFhsMgN2WgrL78S336zPvfcl+jdbR0=
Subject key identifier:   24:8B:F9:93:24:57:12:92:69:31:00:5E:1A:5F:E8:BA:CE:41:0A:92
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019A014645A76E996FB0F35C14DD3008B0AB
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/JIv5kyRXEpJpMQBeGl_ous5BCpI.roa
Signing time:             Mon 20 Oct 2025 10:59:33 +0000
ROA not before:           Mon 20 Oct 2025 10:59:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215823
IP address blocks:        194.68.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 11:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:46:45:a7:6e:99:6f:b0:f3:5c:14:dd:30:08:b0:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 20 10:59:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=248bf993245712926931005e1a5fe8bace410a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d8:d0:bf:b9:bb:2f:ca:54:1a:58:5f:08:23:
                    c9:d4:b5:ab:23:03:eb:87:a7:2f:6e:06:10:a1:f4:
                    6c:c6:7a:44:b9:da:31:91:5d:e0:9c:3e:3c:33:23:
                    7a:30:a8:bd:e5:e7:c7:c8:1a:dc:f0:c7:79:86:3f:
                    9d:dc:47:f9:be:f3:ef:49:76:1a:23:63:0e:89:24:
                    44:07:e5:5a:28:c3:a5:58:17:69:18:52:d6:61:ee:
                    77:f3:e5:0b:e4:52:b0:03:c3:e9:63:96:cf:d2:b2:
                    48:19:19:d6:e9:24:72:de:1a:14:96:79:07:74:6f:
                    99:fb:7f:f7:89:01:17:90:f4:58:52:ec:83:43:4e:
                    1f:2d:5c:29:7e:86:9c:f6:ec:58:ae:65:04:5d:16:
                    83:25:fb:a6:99:4a:03:44:86:0c:59:47:5e:f1:4f:
                    00:e0:b3:d8:2e:b9:31:cf:e2:69:fb:93:19:12:ff:
                    da:31:aa:45:e4:c4:2f:ee:53:5b:c3:0b:87:8c:b4:
                    9c:d2:9b:b5:ad:74:09:59:3f:6f:3b:ad:c4:20:94:
                    c1:16:c3:74:2b:64:96:65:16:a6:db:5e:70:f2:5c:
                    90:9d:8f:fa:05:ff:d8:44:8e:47:8f:8c:4e:10:2a:
                    02:f6:ec:ac:35:e6:43:9e:61:36:26:1f:24:e4:64:
                    f1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8B:F9:93:24:57:12:92:69:31:00:5E:1A:5F:E8:BA:CE:41:0A:92
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/JIv5kyRXEpJpMQBeGl_ous5BCpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.68.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:98:44:7f:2e:22:c0:7a:91:c1:70:2e:89:19:bf:3a:e4:c9:
         11:b7:d3:10:a4:30:8a:e9:0d:23:b9:25:26:2a:d1:6b:6f:d0:
         59:97:b0:a0:69:ac:aa:7c:c6:da:1d:4b:c5:c0:22:cc:0f:97:
         45:c2:bb:1c:9c:6d:c8:1e:41:38:af:da:9a:1e:e8:dc:39:46:
         9d:ab:f4:a1:44:a7:35:cb:ae:87:0e:7e:d1:b3:49:9f:0e:41:
         c4:05:20:f3:7f:d9:cf:e6:dc:51:e0:9e:97:0b:58:f2:8d:ad:
         10:10:3b:8e:fc:b2:6e:a6:5e:7d:7a:f7:00:2b:d9:72:d9:b6:
         f7:5e:d9:57:e6:8c:05:1b:33:bf:c8:d0:fe:14:6a:a1:0c:8d:
         74:45:49:f0:f1:0e:8f:a3:6c:9e:f8:d3:1d:86:f3:0c:4b:c6:
         20:38:6c:4c:af:74:35:4d:18:b6:2d:6a:d6:49:a5:50:b1:16:
         71:af:96:92:7a:6f:b1:e3:1c:cb:c7:28:a8:41:a7:4e:a1:74:
         26:4f:ef:f8:2b:21:88:51:79:11:8e:0d:fb:b8:06:c0:02:85:
         48:f9:4f:6a:ee:ca:b6:69:d6:6c:15:c0:61:11:22:72:f1:4e:
         d5:c2:45:92:69:bc:cb:99:9c:88:a7:1d:6b:e0:b0:96:a0:72:
         98:55:7f:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoBRkWnbplvsPNcFN0wCLCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUxMDIwMTA1OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhiZjk5MzI0NTcxMjkyNjkzMTAwNWUxYTVmZThiYWNlNDEwYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdjQv7m7L8pUGlhfCCPJ1LWrIwPr
h6cvbgYQofRsxnpEudoxkV3gnD48MyN6MKi95efHyBrc8Md5hj+d3Ef5vvPvSXYa
I2MOiSREB+VaKMOlWBdpGFLWYe538+UL5FKwA8PpY5bP0rJIGRnW6SRy3hoUlnkH
dG+Z+3/3iQEXkPRYUuyDQ04fLVwpfoac9uxYrmUEXRaDJfummUoDRIYMWUde8U8A
4LPYLrkxz+Jp+5MZEv/aMapF5MQv7lNbwwuHjLSc0pu1rXQJWT9vO63EIJTBFsN0
K2SWZRam215w8lyQnY/6Bf/YRI5Hj4xOECoC9uysNeZDnmE2Jh8k5GTxKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSL+ZMkVxKSaTEAXhpf6LrOQQqSMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvSkl2NWt5UlhFcEpwTVFCZUdsX291czVCQ3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkS/MA0G
CSqGSIb3DQEBCwUAA4IBAQAkmER/LiLAepHBcC6JGb865MkRt9MQpDCK6Q0juSUm
KtFrb9BZl7CgaayqfMbaHUvFwCLMD5dFwrscnG3IHkE4r9qaHujcOUadq/ShRKc1
y66HDn7Rs0mfDkHEBSDzf9nP5txR4J6XC1jyja0QEDuO/LJupl59evcAK9ly2bb3
XtlX5owFGzO/yND+FGqhDI10RUnw8Q6Po2ye+NMdhvMMS8YgOGxMr3Q1TRi2LWrW
SaVQsRZxr5aSem+x4xzLxyioQadOoXQmT+/4KyGIUXkRjg37uAbAAoVI+U9q7sq2
adZsFcBhESJy8U7VwkWSabzLmZyIpx1r4LCWoHKYVX9a
-----END CERTIFICATE-----