Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/JTBFzZ_Xd-qKEEB1M2yH_cqN0L8.roa
File:                     JTBFzZ_Xd-qKEEB1M2yH_cqN0L8.roa (raw, json)
Hash identifier:          UtmE2VrYOG/N+bYO3QuLYMQZyMdAh9FYCP1pfkSwK6Q=
Subject key identifier:   25:30:45:CD:9F:D7:77:EA:8A:10:40:75:33:6C:87:FD:CA:8D:D0:BF
Certificate issuer:       /CN=a84471a66f7907107e4534716bfa4208d406969f
Certificate serial:       019819D1909A14F568736C16271CAE4DDB33
Authority key identifier: A8:44:71:A6:6F:79:07:10:7E:45:34:71:6B:FA:42:08:D4:06:96:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/JTBFzZ_Xd-qKEEB1M2yH_cqN0L8.roa
Signing time:             Thu 17 Jul 2025 19:17:00 +0000
ROA not before:           Thu 17 Jul 2025 19:17:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198153
IP address blocks:        79.98.64.0/21 maxlen: 30
                          185.197.0.0/22 maxlen: 32
                          2a03:ad80::/32 maxlen: 126
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:19:d1:90:9a:14:f5:68:73:6c:16:27:1c:ae:4d:db:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a84471a66f7907107e4534716bfa4208d406969f
        Validity
            Not Before: Jul 17 19:17:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=253045cd9fd777ea8a104075336c87fdca8dd0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0d:bf:ec:f3:48:a8:7e:72:64:20:47:47:2e:
                    b9:ab:c9:bb:03:54:b2:3f:1e:74:ce:88:4f:e1:81:
                    e9:85:7e:1a:6b:1b:ef:e5:56:79:31:da:50:1d:bd:
                    10:66:ea:93:aa:f8:17:7f:c0:17:7c:5a:ed:08:19:
                    25:18:81:df:32:60:8d:64:72:9d:c6:92:ef:f7:9a:
                    78:c4:9d:71:12:b8:03:ed:f1:38:96:01:0c:7f:49:
                    f2:8c:5b:88:7f:6a:70:fd:7e:ef:1b:5f:ca:a5:9f:
                    f2:2e:4a:98:c1:d8:e9:57:2a:8c:b4:9c:2c:99:22:
                    f0:c0:03:2d:21:a7:29:c5:a4:e4:5d:20:cb:da:8e:
                    5b:fa:38:54:b5:5f:b0:96:94:0d:d5:05:06:2a:54:
                    ed:35:c6:bc:37:32:db:13:00:a6:16:eb:6c:cd:ab:
                    d1:97:e8:27:31:e9:31:c7:9d:be:5d:76:4b:8b:e2:
                    af:8b:16:00:04:44:e3:66:46:a4:c8:31:e9:98:d2:
                    18:52:fc:0e:2f:b7:e2:91:06:90:ab:13:51:a7:fa:
                    f9:2c:de:02:04:94:80:f9:d3:b9:f4:93:a7:19:7b:
                    1e:99:f3:b3:c9:c6:dc:b8:3f:13:2b:88:89:31:29:
                    4a:b2:30:50:0b:34:4e:17:49:01:f6:7a:e0:eb:ac:
                    78:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:30:45:CD:9F:D7:77:EA:8A:10:40:75:33:6C:87:FD:CA:8D:D0:BF
            X509v3 Authority Key Identifier:
                keyid:A8:44:71:A6:6F:79:07:10:7E:45:34:71:6B:FA:42:08:D4:06:96:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/JTBFzZ_Xd-qKEEB1M2yH_cqN0L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.64.0/21
                  185.197.0.0/22
                IPv6:
                  2a03:ad80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:a0:2d:c6:ac:fb:3b:3c:c9:39:4b:21:5f:ee:3a:b0:46:5e:
         e1:b3:79:6d:c4:af:40:4c:1e:be:85:1a:2b:2d:4e:25:bc:4e:
         2c:70:1e:ab:31:58:1f:0b:2d:e5:1c:c0:c1:d9:c1:b2:82:eb:
         28:cd:5f:32:82:ab:50:d1:7f:20:af:72:f4:60:31:76:7e:73:
         bf:d0:7b:ad:a6:5b:ad:e3:c9:0e:45:26:11:9b:b7:88:fb:d7:
         df:8a:ab:73:48:b5:a2:bd:d8:0d:56:aa:1f:5d:e0:f6:0d:58:
         53:89:aa:80:e4:9c:fe:c7:b3:ec:b1:3f:79:9a:b2:36:59:26:
         89:43:00:36:73:50:a0:3e:b3:97:3d:ca:a2:a1:3a:45:8f:35:
         77:8d:b9:ac:05:35:18:52:76:e3:2b:f7:b2:09:56:f4:15:01:
         81:25:66:cc:e3:c8:54:9e:55:ef:d7:a8:12:92:0b:2b:ed:c8:
         87:3b:46:ad:fb:8b:82:e1:03:89:4a:dc:ee:df:9b:fe:cb:ee:
         2a:47:17:0c:19:24:f4:b6:af:9d:fe:84:aa:ba:16:a2:9d:ae:
         79:ca:cd:01:f4:01:64:5d:e6:c5:20:c8:c1:80:e4:c0:34:74:
         ca:15:fb:66:41:ce:16:c3:2c:96:07:ba:b1:67:b2:5f:8f:dc:
         c4:57:6b:78
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZgZ0ZCaFPVoc2wWJxyuTdszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDQ3MWE2NmY3OTA3MTA3ZTQ1MzQ3MTZiZmE0MjA4ZDQw
Njk2OWYwHhcNMjUwNzE3MTkxNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTMwNDVjZDlmZDc3N2VhOGExMDQwNzUzMzZjODdmZGNhOGRkMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg2/7PNIqH5yZCBHRy65q8m7A1Sy
Px50zohP4YHphX4aaxvv5VZ5MdpQHb0QZuqTqvgXf8AXfFrtCBklGIHfMmCNZHKd
xpLv95p4xJ1xErgD7fE4lgEMf0nyjFuIf2pw/X7vG1/KpZ/yLkqYwdjpVyqMtJws
mSLwwAMtIacpxaTkXSDL2o5b+jhUtV+wlpQN1QUGKlTtNca8NzLbEwCmFutszavR
l+gnMekxx52+XXZLi+KvixYABETjZkakyDHpmNIYUvwOL7fikQaQqxNRp/r5LN4C
BJSA+dO59JOnGXsemfOzycbcuD8TK4iJMSlKsjBQCzROF0kB9nrg66x4nQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCUwRc2f13fqihBAdTNsh/3KjdC/MB8GA1UdIwQY
MBaAFKhEcaZveQcQfkU0cWv6QgjUBpafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVSeHBtOTVCeEItUlRSeGFfcENDTlFHbHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84NWQwOTctMDE1My00OTAyLWFmN2Et
YjhjMzMxYTg0OGFhLzEvSlRCRnpaX1hkLXFLRUVCMU0yeUhfY3FOMEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84NWQwOTctMDE1My00OTAyLWFmN2EtYjhjMzMxYTg0OGFh
LzEvcUVSeHBtOTVCeEItUlRSeGFfcENDTlFHbHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT2JAAwQC
ucUAMA0EAgACMAcDBQAqA62AMA0GCSqGSIb3DQEBCwUAA4IBAQBvoC3GrPs7PMk5
SyFf7jqwRl7hs3ltxK9ATB6+hRorLU4lvE4scB6rMVgfCy3lHMDB2cGygusozV8y
gqtQ0X8gr3L0YDF2fnO/0Hutplut48kORSYRm7eI+9ffiqtzSLWivdgNVqofXeD2
DVhTiaqA5Jz+x7PssT95mrI2WSaJQwA2c1CgPrOXPcqioTpFjzV3jbmsBTUYUnbj
K/eyCVb0FQGBJWbM48hUnlXv16gSkgsr7ciHO0at+4uC4QOJStzu35v+y+4qRxcM
GST0tq+d/oSquhaina55ys0B9AFkXebFIMjBgOTANHTKFftmQc4WwyyWB7qxZ7Jf
j9zEV2t4
-----END CERTIFICATE-----