Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/jjkZ2yb-jO_dwKLdx8H317IXScQ.roa
File:                     jjkZ2yb-jO_dwKLdx8H317IXScQ.roa (raw, json)
Hash identifier:          HCz04W3HLqaOC0rvZdH98CWQlK6DEnW7DscRc2ODf9M=
Subject key identifier:   8E:39:19:DB:26:FE:8C:EF:DD:C0:A2:DD:C7:C1:F7:D7:B2:17:49:C4
Certificate issuer:       /CN=69737c6e0602be3804e277580bab7e21e6e33474
Certificate serial:       0196C92336E1B29C21F00649C16FD50FB4AA
Authority key identifier: 69:73:7C:6E:06:02:BE:38:04:E2:77:58:0B:AB:7E:21:E6:E3:34:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/jjkZ2yb-jO_dwKLdx8H317IXScQ.roa
Signing time:             Tue 13 May 2025 10:14:10 +0000
ROA not before:           Tue 13 May 2025 10:14:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        176.97.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:23:36:e1:b2:9c:21:f0:06:49:c1:6f:d5:0f:b4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69737c6e0602be3804e277580bab7e21e6e33474
        Validity
            Not Before: May 13 10:14:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e3919db26fe8cefddc0a2ddc7c1f7d7b21749c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:00:5f:96:78:f9:d5:cb:46:7a:cc:4b:43:3b:
                    2b:80:26:2c:8f:f8:6a:84:a2:2a:91:de:12:48:01:
                    33:80:ea:d4:df:7d:21:9c:36:78:a3:b4:fb:2a:1d:
                    fd:81:da:e6:eb:c0:5a:ed:c7:ca:83:2f:04:ef:c5:
                    44:49:de:f1:d8:41:b6:1d:81:de:e2:db:ac:8e:f4:
                    51:2f:52:43:f8:56:b6:b1:bd:a1:a2:e8:36:f0:8c:
                    b3:00:9d:ea:bb:85:91:57:65:e3:3a:c4:eb:40:bc:
                    cb:cb:3b:41:f5:1c:58:f6:05:61:f6:65:c8:e3:58:
                    0d:ec:fa:38:cb:fa:bf:1f:de:dd:1b:df:fc:fb:e7:
                    22:a6:0b:31:b0:f3:d3:4b:3f:9f:49:2a:90:fb:8b:
                    f9:c8:39:7f:b4:35:4a:71:54:7b:8e:b0:91:c0:aa:
                    0b:c9:c4:32:51:87:12:75:6f:b5:c2:59:7d:23:5e:
                    df:18:b9:06:e9:37:2d:a6:86:76:b3:a1:54:d5:17:
                    8f:f4:2e:46:30:02:c2:0e:73:b8:90:3b:69:96:d6:
                    76:e9:2f:95:cd:eb:38:4e:50:66:b7:c7:43:67:0c:
                    20:b0:fb:67:93:69:b8:46:fe:63:88:c3:a4:3c:03:
                    1f:2a:a4:18:28:a0:88:f4:02:63:b6:36:97:aa:9f:
                    0f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:39:19:DB:26:FE:8C:EF:DD:C0:A2:DD:C7:C1:F7:D7:B2:17:49:C4
            X509v3 Authority Key Identifier:
                keyid:69:73:7C:6E:06:02:BE:38:04:E2:77:58:0B:AB:7E:21:E6:E3:34:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/jjkZ2yb-jO_dwKLdx8H317IXScQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:05:9a:64:a8:81:58:4e:f6:a2:b2:9a:b2:11:9a:79:14:2f:
         36:7d:58:7a:89:fd:b4:7d:ee:6e:d9:04:06:61:59:30:0e:72:
         18:ee:70:19:07:23:10:80:0e:eb:5b:c8:6f:f3:c2:c1:9d:be:
         1e:86:f6:45:36:ff:1b:32:e2:1e:6e:7f:a7:6c:16:18:21:42:
         8f:da:dd:c1:80:b4:7c:19:6c:b9:11:44:d8:1f:1c:98:c5:13:
         b6:32:db:d9:73:b1:67:60:93:f9:d2:52:ac:10:dc:84:e6:01:
         46:0b:e0:52:e2:19:9e:d0:42:d1:29:37:ba:03:f9:44:82:06:
         ae:fa:2e:74:43:cc:c0:80:1d:a5:f1:62:24:9c:9e:f4:e4:a2:
         b0:89:fa:ad:f2:38:17:4b:93:7e:11:37:69:80:42:23:c3:fb:
         cb:1e:b0:54:ca:fa:ad:2d:95:7b:64:f2:ac:31:29:d2:c2:85:
         f2:09:5f:28:1f:62:17:b2:b5:12:09:71:7f:3a:e5:99:43:d5:
         15:11:e0:0e:c1:af:96:22:47:a6:fb:e9:ae:a8:13:b2:e7:79:
         fc:84:87:28:4b:86:67:49:68:93:d5:66:68:99:60:df:5b:ea:
         71:9e:a2:df:ec:e5:2a:4f:22:99:73:20:13:40:9c:72:40:47:
         78:a7:da:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJIzbhspwh8AZJwW/VD7SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NzM3YzZlMDYwMmJlMzgwNGUyNzc1ODBiYWI3ZTIxZTZl
MzM0NzQwHhcNMjUwNTEzMTAxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM5MTlkYjI2ZmU4Y2VmZGRjMGEyZGRjN2MxZjdkN2IyMTc0OWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQBflnj51ctGesxLQzsrgCYsj/hq
hKIqkd4SSAEzgOrU330hnDZ4o7T7Kh39gdrm68Ba7cfKgy8E78VESd7x2EG2HYHe
4tusjvRRL1JD+Fa2sb2houg28IyzAJ3qu4WRV2XjOsTrQLzLyztB9RxY9gVh9mXI
41gN7Po4y/q/H97dG9/8++cipgsxsPPTSz+fSSqQ+4v5yDl/tDVKcVR7jrCRwKoL
ycQyUYcSdW+1wll9I17fGLkG6TctpoZ2s6FU1ReP9C5GMALCDnO4kDtpltZ26S+V
zes4TlBmt8dDZwwgsPtnk2m4Rv5jiMOkPAMfKqQYKKCI9AJjtjaXqp8PvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI45Gdsm/ozv3cCi3cfB99eyF0nEMB8GA1UdIwQY
MBaAFGlzfG4GAr44BOJ3WAurfiHm4zR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVhOOGJnWUN2amdFNG5kWUM2dC1JZWJqTkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9iNmFmOWQtNDdiYS00YjkyLWI0MWEt
ODM4YTQ1MDU3MzVhLzEvamprWjJ5Yi1qT19kd0tMZHg4SDMxN0lYU2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9iNmFmOWQtNDdiYS00YjkyLWI0MWEtODM4YTQ1MDU3MzVh
LzEvYVhOOGJnWUN2amdFNG5kWUM2dC1JZWJqTkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHXMA0G
CSqGSIb3DQEBCwUAA4IBAQA5BZpkqIFYTvaispqyEZp5FC82fVh6if20fe5u2QQG
YVkwDnIY7nAZByMQgA7rW8hv88LBnb4ehvZFNv8bMuIebn+nbBYYIUKP2t3BgLR8
GWy5EUTYHxyYxRO2MtvZc7FnYJP50lKsENyE5gFGC+BS4hme0ELRKTe6A/lEggau
+i50Q8zAgB2l8WIknJ705KKwifqt8jgXS5N+ETdpgEIjw/vLHrBUyvqtLZV7ZPKs
MSnSwoXyCV8oH2IXsrUSCXF/OuWZQ9UVEeAOwa+WIkem++muqBOy53n8hIcoS4Zn
SWiT1WZomWDfW+pxnqLf7OUqTyKZcyATQJxyQEd4p9pR
-----END CERTIFICATE-----