Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/J2pjS99ea6SMp7lb4ewsQffNh8c.roa
File:                     J2pjS99ea6SMp7lb4ewsQffNh8c.roa (raw, json)
Hash identifier:          704wqH0ujui7TKq+2h1aj9AcNsB+Fn+EgZ7FOUmvebI=
Subject key identifier:   27:6A:63:4B:DF:5E:6B:A4:8C:A7:B9:5B:E1:EC:2C:41:F7:CD:87:C7
Certificate issuer:       /CN=d730a29941efbc7a7927f029481e2c725a1a6711
Certificate serial:       0197DDEFB0BECBE7D3DAA7B10428A4334EED
Authority key identifier: D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/J2pjS99ea6SMp7lb4ewsQffNh8c.roa
Signing time:             Sun 06 Jul 2025 04:12:42 +0000
ROA not before:           Sun 06 Jul 2025 04:12:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200069
IP address blocks:        185.250.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:dd:ef:b0:be:cb:e7:d3:da:a7:b1:04:28:a4:33:4e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d730a29941efbc7a7927f029481e2c725a1a6711
        Validity
            Not Before: Jul  6 04:12:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=276a634bdf5e6ba48ca7b95be1ec2c41f7cd87c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:a2:f7:b9:44:ae:69:99:0f:f7:6f:3e:b0:
                    4a:2d:ed:23:4e:41:72:24:8a:2d:53:4e:39:9c:1b:
                    09:d9:0e:28:ae:65:92:c4:de:36:05:62:1d:e6:ba:
                    b2:7d:04:a2:bc:cd:73:b6:99:e4:bb:42:0f:31:76:
                    66:6b:92:77:4c:0e:63:2a:3a:36:83:39:68:72:ca:
                    81:a1:cd:a2:0d:19:fb:c1:82:d4:5b:4e:c3:c5:57:
                    d0:a7:06:e6:f3:79:3a:b4:a8:45:ca:ed:23:64:1a:
                    a0:9c:e1:e1:e5:da:ac:87:77:bf:b1:33:af:4a:dd:
                    cb:d2:0a:4d:3d:57:4d:4f:35:67:80:7f:7e:9f:cc:
                    32:76:4d:9e:94:02:08:ae:29:53:01:02:ee:55:86:
                    30:54:64:3c:62:a2:33:32:9a:46:55:cb:21:37:0f:
                    93:aa:47:b8:32:ab:34:1d:eb:0f:3d:19:a5:90:85:
                    bf:e3:52:4a:82:81:76:f3:e5:7b:1d:dd:a4:79:9d:
                    f4:94:14:78:02:8a:d6:6a:e2:00:df:82:f6:2e:f6:
                    5c:48:e2:03:a1:05:2e:0c:3d:2b:72:9e:7a:a2:41:
                    fa:83:c1:7f:ec:59:e5:32:ee:8b:47:23:f6:a4:2d:
                    f9:1b:65:f1:ac:f5:de:04:c2:3f:ec:2b:e7:e2:5a:
                    39:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6A:63:4B:DF:5E:6B:A4:8C:A7:B9:5B:E1:EC:2C:41:F7:CD:87:C7
            X509v3 Authority Key Identifier:
                keyid:D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/J2pjS99ea6SMp7lb4ewsQffNh8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:32:9a:e1:e5:9f:10:fd:31:ac:bb:da:e9:86:0d:22:bb:a4:
         76:3c:52:6c:88:c2:73:e7:6b:bd:4c:38:aa:3d:9d:2e:90:8e:
         30:90:db:19:0f:3e:f2:cd:20:c5:11:bd:67:e2:b7:ce:30:b6:
         c4:4e:7b:51:0d:73:07:a7:96:ae:fe:2b:8c:d9:62:cb:b3:d8:
         a1:25:8c:98:ca:91:4d:d0:d2:94:c7:4a:0b:e7:2d:76:a2:b5:
         22:63:0a:6a:e2:9f:49:8c:f9:9f:c0:22:e1:4f:4e:7b:a5:60:
         5a:6a:61:63:05:22:71:f1:a7:71:94:b1:48:3d:6b:d5:66:83:
         d0:27:a7:a9:7c:85:ce:41:e9:18:51:5b:1a:4b:1e:aa:78:70:
         c9:80:1a:b9:37:ae:a9:af:91:d4:05:f2:be:10:76:03:f4:fa:
         f2:9a:4b:ec:55:9c:6c:42:3d:1f:72:41:04:1a:38:9d:5b:8a:
         44:15:83:c7:00:a7:3f:43:69:d5:b6:c4:10:64:7e:72:76:82:
         96:44:2b:8f:85:a5:5c:c2:56:a0:2f:88:92:f2:cc:c1:e9:96:
         ab:7b:eb:d0:d0:0f:96:77:58:d3:7b:a9:70:ef:f3:e8:e3:4b:
         ed:f9:37:d5:eb:0b:3d:42:7d:f9:fc:31:9d:09:6a:83:83:96:
         c0:dd:1e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfd77C+y+fT2qexBCikM07tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzBhMjk5NDFlZmJjN2E3OTI3ZjAyOTQ4MWUyYzcyNWEx
YTY3MTEwHhcNMjUwNzA2MDQxMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZhNjM0YmRmNWU2YmE0OGNhN2I5NWJlMWVjMmM0MWY3Y2Q4N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5ai97lErmmZD/dvPrBKLe0jTkFy
JIotU045nBsJ2Q4ormWSxN42BWId5rqyfQSivM1ztpnku0IPMXZma5J3TA5jKjo2
gzlocsqBoc2iDRn7wYLUW07DxVfQpwbm83k6tKhFyu0jZBqgnOHh5dqsh3e/sTOv
St3L0gpNPVdNTzVngH9+n8wydk2elAIIrilTAQLuVYYwVGQ8YqIzMppGVcshNw+T
qke4Mqs0HesPPRmlkIW/41JKgoF28+V7Hd2keZ30lBR4AorWauIA34L2LvZcSOID
oQUuDD0rcp56okH6g8F/7FnlMu6LRyP2pC35G2XxrPXeBMI/7Cvn4lo5hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdqY0vfXmukjKe5W+HsLEH3zYfHMB8GA1UdIwQY
MBaAFNcwoplB77x6eSfwKUgeLHJaGmcRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2Et
M2MwZmExOGM1OGNiLzEvSjJwalM5OWVhNlNNcDdsYjRld3NRZmZOaDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2EtM2MwZmExOGM1OGNi
LzEvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufrsMA0G
CSqGSIb3DQEBCwUAA4IBAQC8Mprh5Z8Q/TGsu9rphg0iu6R2PFJsiMJz52u9TDiq
PZ0ukI4wkNsZDz7yzSDFEb1n4rfOMLbETntRDXMHp5au/iuM2WLLs9ihJYyYypFN
0NKUx0oL5y12orUiYwpq4p9JjPmfwCLhT057pWBaamFjBSJx8adxlLFIPWvVZoPQ
J6epfIXOQekYUVsaSx6qeHDJgBq5N66pr5HUBfK+EHYD9PrymkvsVZxsQj0fckEE
GjidW4pEFYPHAKc/Q2nVtsQQZH5ydoKWRCuPhaVcwlagL4iS8szB6Zare+vQ0A+W
d1jTe6lw7/Po40vt+TfV6ws9Qn35/DGdCWqDg5bA3R4v
-----END CERTIFICATE-----