Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/JpZlGPUSnNPcPAQ7HrfbEiiCY90.roa
File:                     JpZlGPUSnNPcPAQ7HrfbEiiCY90.roa (raw, json)
Hash identifier:          sj/ySyRWLvZHGTxRHODxTY1XK4NRx1uXT8wwjiiWvG0=
Subject key identifier:   26:96:65:18:F5:12:9C:D3:DC:3C:04:3B:1E:B7:DB:12:28:82:63:DD
Certificate issuer:       /CN=997c27d15b46db184bc02b303c86b47c449c1b54
Certificate serial:       019427B52C2363E6E88690A94790A44FFFC9
Authority key identifier: 99:7C:27:D1:5B:46:DB:18:4B:C0:2B:30:3C:86:B4:7C:44:9C:1B:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/JpZlGPUSnNPcPAQ7HrfbEiiCY90.roa
Signing time:             Thu 02 Jan 2025 15:49:32 +0000
ROA not before:           Thu 02 Jan 2025 15:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210693
IP address blocks:        188.93.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:2c:23:63:e6:e8:86:90:a9:47:90:a4:4f:ff:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=997c27d15b46db184bc02b303c86b47c449c1b54
        Validity
            Not Before: Jan  2 15:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26966518f5129cd3dc3c043b1eb7db12288263dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b2:76:d2:d8:29:f6:77:cd:38:27:3e:c3:ea:
                    f5:77:db:91:a0:a9:cb:ef:6d:c9:5d:bb:cd:54:92:
                    82:1a:d8:4d:e0:06:a1:d7:7b:0c:c9:97:23:91:dd:
                    06:61:cc:f1:b8:5d:58:8e:7d:25:c2:51:bf:b1:2f:
                    fe:c6:a8:82:22:69:27:9d:ab:08:49:f6:00:04:24:
                    95:b3:36:56:9d:59:53:4d:9f:4e:c5:55:e1:f0:fe:
                    71:19:59:0b:c5:77:5e:93:a7:f2:42:43:4a:b0:38:
                    b4:23:ae:68:f8:03:d2:90:82:77:dd:26:e2:9b:aa:
                    f1:d3:73:c7:5c:b8:54:1c:0f:5f:04:a9:67:13:08:
                    db:85:82:99:4c:08:57:4e:30:d1:f6:f3:e7:30:5e:
                    5a:db:6c:9b:fa:82:d1:30:a1:b3:16:8f:c3:c0:78:
                    96:9b:c8:68:70:60:e3:eb:07:5d:79:07:27:01:7c:
                    7e:2c:43:20:87:80:f9:e3:6f:3c:82:3f:06:92:59:
                    89:a3:75:1f:79:33:be:1a:85:2f:f3:7c:93:43:22:
                    1c:2e:f9:82:3c:2d:b0:9f:db:d8:d2:bf:73:a1:35:
                    d5:a2:13:74:f1:18:0e:e4:fa:6c:57:89:6c:97:a8:
                    77:23:9a:8a:14:fe:6e:10:8f:3b:be:fe:e2:2f:a2:
                    be:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:96:65:18:F5:12:9C:D3:DC:3C:04:3B:1E:B7:DB:12:28:82:63:DD
            X509v3 Authority Key Identifier:
                keyid:99:7C:27:D1:5B:46:DB:18:4B:C0:2B:30:3C:86:B4:7C:44:9C:1B:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mXwn0VtG2xhLwCswPIa0fEScG1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/JpZlGPUSnNPcPAQ7HrfbEiiCY90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/5ccbaf-c51d-4e76-a3ee-35ab420173db/1/mXwn0VtG2xhLwCswPIa0fEScG1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:52:39:0f:d2:47:72:54:55:6e:d7:45:7a:88:47:1d:db:7e:
         22:ac:e9:06:7a:16:22:be:ee:d7:6c:86:32:1d:5f:56:7b:d6:
         6a:42:85:9c:4c:a8:7c:9e:cf:98:40:49:5a:b3:dd:7a:08:0b:
         2e:39:34:87:5f:83:a2:cb:e0:73:83:01:b0:c8:67:51:ff:51:
         7d:7a:1a:b3:7b:72:a8:b4:d0:2c:54:d3:ed:e7:68:35:a6:cf:
         b4:16:08:02:63:af:db:44:eb:a1:53:06:8a:0e:bd:c3:68:76:
         4e:1c:5a:7a:7c:36:a3:00:55:f5:9c:65:dd:de:d5:20:93:78:
         61:3f:fc:2f:52:78:70:d4:b6:2e:ad:f3:6a:a7:a6:d9:54:15:
         72:3d:8b:f0:cd:65:8b:2d:5e:cc:4a:27:34:bf:b0:f2:2d:d5:
         ee:66:3c:08:97:8c:e5:76:78:92:53:84:78:4f:6c:8c:b4:20:
         2b:ad:f0:4a:0b:62:dc:93:48:99:b5:7f:bd:1c:a7:bd:7a:13:
         2b:2d:5f:90:f6:33:d2:41:25:65:4d:42:f7:0f:4b:45:7b:ee:
         8e:b2:19:20:85:f7:0a:31:2c:df:4d:dd:9a:c0:72:87:05:ba:
         6d:a1:e2:fb:d1:68:19:1d:6e:2f:25:02:64:17:18:0f:eb:96:
         62:46:57:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntSwjY+bohpCpR5CkT//JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5N2MyN2QxNWI0NmRiMTg0YmMwMmIzMDNjODZiNDdjNDQ5
YzFiNTQwHhcNMjUwMTAyMTU0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjk2NjUxOGY1MTI5Y2QzZGMzYzA0M2IxZWI3ZGIxMjI4ODI2M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7J20tgp9nfNOCc+w+r1d9uRoKnL
723JXbvNVJKCGthN4Aah13sMyZcjkd0GYczxuF1Yjn0lwlG/sS/+xqiCImknnasI
SfYABCSVszZWnVlTTZ9OxVXh8P5xGVkLxXdek6fyQkNKsDi0I65o+APSkIJ33Sbi
m6rx03PHXLhUHA9fBKlnEwjbhYKZTAhXTjDR9vPnMF5a22yb+oLRMKGzFo/DwHiW
m8hocGDj6wddeQcnAXx+LEMgh4D54288gj8GklmJo3UfeTO+GoUv83yTQyIcLvmC
PC2wn9vY0r9zoTXVohN08RgO5PpsV4lsl6h3I5qKFP5uEI87vv7iL6K+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaWZRj1EpzT3DwEOx632xIogmPdMB8GA1UdIwQY
MBaAFJl8J9FbRtsYS8ArMDyGtHxEnBtUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVh3bjBWdEcyeGhMd0Nzd1BJYTBmRVNjRzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81Y2NiYWYtYzUxZC00ZTc2LWEzZWUt
MzVhYjQyMDE3M2RiLzEvSnBabEdQVVNuTlBjUEFRN0hyZmJFaWlDWTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81Y2NiYWYtYzUxZC00ZTc2LWEzZWUtMzVhYjQyMDE3M2Ri
LzEvbVh3bjBWdEcyeGhMd0Nzd1BJYTBmRVNjRzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAWUjkP0kdyVFVu10V6iEcd234irOkGehYivu7XbIYy
HV9We9ZqQoWcTKh8ns+YQElas916CAsuOTSHX4Oiy+BzgwGwyGdR/1F9ehqze3Ko
tNAsVNPt52g1ps+0FggCY6/bROuhUwaKDr3DaHZOHFp6fDajAFX1nGXd3tUgk3hh
P/wvUnhw1LYurfNqp6bZVBVyPYvwzWWLLV7MSic0v7DyLdXuZjwIl4zldniSU4R4
T2yMtCArrfBKC2Lck0iZtX+9HKe9ehMrLV+Q9jPSQSVlTUL3D0tFe+6OshkghfcK
MSzfTd2awHKHBbptoeL70WgZHW4vJQJkFxgP65ZiRldw
-----END CERTIFICATE-----