Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/JsNpDFVTIVYgUCJ1BB9Q_OSa1eI.roa
File:                     JsNpDFVTIVYgUCJ1BB9Q_OSa1eI.roa (raw, json)
Hash identifier:          WP14cmIm0lMtM89Vbr+2k9QFB+POLX7HRTX2iqF9kl8=
Subject key identifier:   26:C3:69:0C:55:53:21:56:20:50:22:75:04:1F:50:FC:E4:9A:D5:E2
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0195FF29961A5A7CD93270F77A9BFCB9AEB8
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/JsNpDFVTIVYgUCJ1BB9Q_OSa1eI.roa
Signing time:             Fri 04 Apr 2025 04:57:49 +0000
ROA not before:           Fri 04 Apr 2025 04:57:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211091
IP address blocks:        84.55.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 16:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:29:96:1a:5a:7c:d9:32:70:f7:7a:9b:fc:b9:ae:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Apr  4 04:57:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c3690c5553215620502275041f50fce49ad5e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:15:78:e5:e6:9e:ea:6f:57:58:fb:a5:7d:
                    6f:59:a5:00:49:4b:e0:8a:ef:ad:26:82:a7:d1:08:
                    b7:57:fe:7a:f2:ae:f7:80:de:4c:15:28:c1:4e:92:
                    de:10:1f:a9:af:7b:5a:d8:52:cc:69:b0:53:c9:fa:
                    00:0a:87:ec:e7:b6:12:c3:51:31:28:03:ef:72:ac:
                    fc:61:35:72:16:96:15:77:21:4c:87:a0:23:5c:2d:
                    39:12:1f:7b:47:64:ab:c9:2a:07:4b:30:16:5e:45:
                    f4:8e:b8:26:ca:b0:2e:f0:f0:ee:6f:8d:57:e9:d3:
                    8f:43:b9:46:28:d4:f5:bd:67:6a:98:f5:55:13:ea:
                    29:69:42:1d:a5:6d:3a:0e:f7:2f:2e:84:d9:85:ba:
                    b8:5c:02:e6:9d:4c:a8:4b:be:7b:7f:2f:81:ea:ed:
                    97:b8:a8:6b:50:da:f5:97:26:1c:08:c3:a5:a1:d8:
                    ea:be:1f:81:f8:a6:30:cf:a8:d2:da:e8:c8:cc:a2:
                    0c:62:5f:b2:88:ea:f5:e7:90:09:4f:a3:3f:3a:a7:
                    33:94:21:7b:63:c1:fe:80:75:9f:ce:af:71:e2:fb:
                    f6:0c:bf:eb:7b:02:c8:5e:3e:ba:84:12:76:a3:a1:
                    67:c0:f1:7a:cd:88:6a:5e:6d:85:e8:9d:13:04:0c:
                    28:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C3:69:0C:55:53:21:56:20:50:22:75:04:1F:50:FC:E4:9A:D5:E2
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/JsNpDFVTIVYgUCJ1BB9Q_OSa1eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:3f:5c:e6:42:a7:42:78:bd:18:88:d8:05:50:3c:0a:7c:90:
         c7:9c:f1:1f:b7:c8:d2:c3:24:df:71:b1:41:f9:c9:2c:c5:36:
         18:55:81:ac:7f:7e:47:ca:be:40:f9:fb:e0:13:13:19:29:c7:
         b5:2a:66:57:09:1c:9b:5f:14:dd:65:c3:02:3d:50:66:3d:7f:
         01:66:85:7c:36:6a:05:50:f7:95:6b:0b:cb:1e:f3:95:1b:f0:
         99:c5:ca:18:55:4b:db:84:d2:83:67:6a:24:a8:55:28:39:56:
         41:84:85:3f:7f:32:68:d2:cc:03:40:60:32:56:d7:ef:2f:7f:
         67:4e:e0:ec:e3:fd:e5:0b:b0:39:ae:db:3f:12:8d:e3:e4:e5:
         f6:74:e4:3b:93:6e:ee:d1:fe:33:58:ee:bb:74:01:b3:57:89:
         52:66:53:19:25:d7:7f:f0:18:43:dc:da:c0:35:70:95:6d:3d:
         9d:e6:d2:64:60:81:08:4e:72:b3:7f:67:c0:a8:55:ce:cf:13:
         74:71:7c:c5:7e:4a:ef:7b:16:f5:eb:f5:df:33:ef:21:1c:2d:
         2a:32:3e:45:e6:38:38:f4:c4:8d:3d:92:53:14:79:44:89:44:
         9b:b3:77:f9:9e:03:d6:fa:6c:74:7f:c0:73:cb:ed:49:b0:77:
         78:11:65:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX/KZYaWnzZMnD3epv8ua64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwNDA0MDQ1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmMzNjkwYzU1NTMyMTU2MjA1MDIyNzUwNDFmNTBmY2U0OWFkNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPIVeOXmnupvV1j7pX1vWaUASUvg
iu+tJoKn0Qi3V/568q73gN5MFSjBTpLeEB+pr3ta2FLMabBTyfoACofs57YSw1Ex
KAPvcqz8YTVyFpYVdyFMh6AjXC05Eh97R2SrySoHSzAWXkX0jrgmyrAu8PDub41X
6dOPQ7lGKNT1vWdqmPVVE+opaUIdpW06DvcvLoTZhbq4XALmnUyoS757fy+B6u2X
uKhrUNr1lyYcCMOlodjqvh+B+KYwz6jS2ujIzKIMYl+yiOr155AJT6M/OqczlCF7
Y8H+gHWfzq9x4vv2DL/rewLIXj66hBJ2o6FnwPF6zYhqXm2F6J0TBAwoFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbDaQxVUyFWIFAidQQfUPzkmtXiMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvSnNOcERGVlRJVllnVUNKMUJCOVFfT1NhMWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDcIMA0G
CSqGSIb3DQEBCwUAA4IBAQAxP1zmQqdCeL0YiNgFUDwKfJDHnPEft8jSwyTfcbFB
+cksxTYYVYGsf35Hyr5A+fvgExMZKce1KmZXCRybXxTdZcMCPVBmPX8BZoV8NmoF
UPeVawvLHvOVG/CZxcoYVUvbhNKDZ2okqFUoOVZBhIU/fzJo0swDQGAyVtfvL39n
TuDs4/3lC7A5rts/Eo3j5OX2dOQ7k27u0f4zWO67dAGzV4lSZlMZJdd/8BhD3NrA
NXCVbT2d5tJkYIEITnKzf2fAqFXOzxN0cXzFfkrvexb16/XfM+8hHC0qMj5F5jg4
9MSNPZJTFHlEiUSbs3f5ngPW+mx0f8Bzy+1JsHd4EWXs
-----END CERTIFICATE-----