Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/ju7dlcjXTVtzrpg-cXuTrngFgtw.roa
File:                     ju7dlcjXTVtzrpg-cXuTrngFgtw.roa (raw, json)
Hash identifier:          Odms44ovs7hGv3jdYt/7+590lUec8LGS69mCjmZU8q4=
Subject key identifier:   8E:EE:DD:95:C8:D7:4D:5B:73:AE:98:3E:71:7B:93:AE:78:05:82:DC
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       0194258F9696F94DEDD096A1ABE793994334
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/ju7dlcjXTVtzrpg-cXuTrngFgtw.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     327712
IP address blocks:        213.140.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:96:96:f9:4d:ed:d0:96:a1:ab:e7:93:99:43:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8eeedd95c8d74d5b73ae983e717b93ae780582dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:64:ca:4d:49:ef:6b:bc:e3:40:b9:5c:42:79:
                    9f:5a:b3:47:b9:fa:32:52:fb:38:6f:69:f8:7d:ea:
                    d7:99:58:55:06:fd:67:4b:02:70:70:a9:99:34:3b:
                    e2:d7:89:b2:03:58:9a:f6:55:30:66:a6:21:75:6b:
                    e0:21:23:1f:ec:81:dd:95:e5:e4:23:d5:54:51:d7:
                    47:cd:9a:3a:f2:ba:1a:10:78:b1:b5:a4:b1:16:af:
                    00:16:d7:ce:84:54:ed:f0:d4:88:8b:86:33:b5:ea:
                    1d:3a:2f:90:7a:57:96:97:44:bc:8e:35:b9:ec:0a:
                    3b:05:90:24:2b:a4:1b:75:03:3f:54:95:c4:47:3c:
                    17:44:7e:5f:55:da:99:3f:9d:82:2e:8e:54:1a:fd:
                    25:bb:45:54:96:bc:7f:81:de:b7:19:bd:dd:98:05:
                    5b:b3:dc:77:c9:08:97:6f:55:f9:87:34:b1:bc:31:
                    35:e7:41:00:26:d4:86:fc:be:2b:da:a0:93:8d:c9:
                    84:ac:a9:04:b4:7c:cb:d3:a3:42:36:49:62:e9:5d:
                    ed:9b:26:57:b7:85:5c:3e:bd:b8:4a:53:88:cb:0f:
                    c1:53:68:b3:22:93:57:56:5c:03:86:d3:15:e9:1a:
                    71:45:1f:f8:e0:b4:95:e3:38:b8:3e:f9:59:9c:71:
                    6a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:EE:DD:95:C8:D7:4D:5B:73:AE:98:3E:71:7B:93:AE:78:05:82:DC
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/ju7dlcjXTVtzrpg-cXuTrngFgtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:4b:d0:71:17:df:f5:7a:99:88:46:a5:dc:5e:ed:07:0a:ac:
         54:04:f0:1a:99:41:46:94:42:6f:7d:8b:c3:dc:12:08:7d:ec:
         41:47:6f:50:b8:bc:4a:dc:df:e2:bb:3a:44:cd:d6:a5:cc:66:
         d9:57:d7:d7:a9:32:78:1a:4f:74:b7:9d:23:43:ed:59:ff:e3:
         62:3e:02:65:87:79:26:a2:bf:95:59:2c:3d:79:c8:94:97:0b:
         fa:5d:14:18:d4:78:09:12:28:5e:5f:a0:96:49:c9:03:c4:f1:
         c5:60:ad:0a:7f:41:30:83:8d:1f:b6:89:7e:0a:2d:5f:12:37:
         62:3c:11:de:f3:5a:ae:47:ac:bf:66:39:af:af:b6:33:82:8c:
         08:12:3d:ee:91:69:fc:a7:86:04:29:a9:a4:37:65:16:62:5c:
         03:ae:73:99:de:88:22:e2:c9:a2:6c:d1:0d:f0:00:b4:95:ea:
         38:23:5b:6f:c5:0d:50:23:ae:91:d3:1e:df:30:9a:91:ad:92:
         78:76:ed:cb:87:5d:1e:03:f6:f7:72:52:33:e4:c1:f4:d4:ac:
         47:b3:07:28:a5:5f:20:bc:49:a9:f6:66:1b:2f:a5:10:e5:db:
         e8:1b:af:a4:09:40:20:97:0d:3b:89:92:ac:eb:86:06:bf:a6:
         7f:8e:2d:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5aW+U3t0Jahq+eTmUM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVlZGQ5NWM4ZDc0ZDViNzNhZTk4M2U3MTdiOTNhZTc4MDU4MmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2TKTUnva7zjQLlcQnmfWrNHufoy
Uvs4b2n4ferXmVhVBv1nSwJwcKmZNDvi14myA1ia9lUwZqYhdWvgISMf7IHdleXk
I9VUUddHzZo68roaEHixtaSxFq8AFtfOhFTt8NSIi4YzteodOi+QeleWl0S8jjW5
7Ao7BZAkK6QbdQM/VJXERzwXRH5fVdqZP52CLo5UGv0lu0VUlrx/gd63Gb3dmAVb
s9x3yQiXb1X5hzSxvDE150EAJtSG/L4r2qCTjcmErKkEtHzL06NCNkli6V3tmyZX
t4VcPr24SlOIyw/BU2izIpNXVlwDhtMV6RpxRR/44LSV4zi4PvlZnHFqlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7u3ZXI101bc66YPnF7k654BYLcMB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvanU3ZGxjalhUVnR6cnBnLWNYdVRybmdGZ3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Yw7MA0G
CSqGSIb3DQEBCwUAA4IBAQDAS9BxF9/1epmIRqXcXu0HCqxUBPAamUFGlEJvfYvD
3BIIfexBR29QuLxK3N/iuzpEzdalzGbZV9fXqTJ4Gk90t50jQ+1Z/+NiPgJlh3km
or+VWSw9eciUlwv6XRQY1HgJEiheX6CWSckDxPHFYK0Kf0Ewg40ftol+Ci1fEjdi
PBHe81quR6y/Zjmvr7YzgowIEj3ukWn8p4YEKamkN2UWYlwDrnOZ3ogi4smibNEN
8AC0leo4I1tvxQ1QI66R0x7fMJqRrZJ4du3Lh10eA/b3clIz5MH01KxHswcopV8g
vEmp9mYbL6UQ5dvoG6+kCUAglw07iZKs64YGv6Z/ji0H
-----END CERTIFICATE-----