Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/JtkTsuHPsoBKn0hRChOrC4JXTN4.roa
File:                     JtkTsuHPsoBKn0hRChOrC4JXTN4.roa (raw, json)
Hash identifier:          M9uGhnRBSZAnmB8BCT/jdRx465I3Ctf37Vtgm+Jt4nc=
Subject key identifier:   26:D9:13:B2:E1:CF:B2:80:4A:9F:48:51:0A:13:AB:0B:82:57:4C:DE
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01965EF61FEE7FFA05E8518F9B964CE66615
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/JtkTsuHPsoBKn0hRChOrC4JXTN4.roa
Signing time:             Tue 22 Apr 2025 19:25:10 +0000
ROA not before:           Tue 22 Apr 2025 19:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215186
IP address blocks:        188.191.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5e:f6:1f:ee:7f:fa:05:e8:51:8f:9b:96:4c:e6:66:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Apr 22 19:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26d913b2e1cfb2804a9f48510a13ab0b82574cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fd:a9:f7:6d:ea:71:53:56:9a:73:b1:4f:96:
                    b5:54:3f:bb:e1:62:a5:de:8d:5e:64:ea:09:4b:82:
                    bf:91:89:c6:c5:57:81:60:a7:3a:c9:c2:a0:84:a6:
                    07:ca:96:16:82:35:ce:31:f0:6e:f8:e5:87:cd:86:
                    c5:df:16:6b:e8:d3:17:8a:e0:95:4b:5d:33:9b:32:
                    74:56:24:7f:65:c1:4b:a6:f9:42:43:c5:56:fa:6e:
                    24:c7:c4:b4:ff:b3:83:b3:0d:0e:d5:23:b5:b4:a8:
                    ec:dc:ba:b5:6d:9e:bc:c9:07:92:6c:e6:bc:6f:f9:
                    26:76:36:e7:5c:d6:af:60:c2:8d:52:1e:77:77:9c:
                    cf:a8:21:9d:92:da:d0:6d:57:e0:d5:4e:ad:08:dd:
                    b1:eb:03:9f:c0:38:ad:95:4f:2d:57:98:96:f2:e6:
                    36:e0:1e:95:74:5a:a1:f4:90:74:b8:a4:08:22:05:
                    a4:9e:ab:21:91:ea:da:e5:c4:9a:2d:f7:87:c7:f4:
                    11:e3:b0:26:13:d7:fa:9d:a9:12:5a:ed:cb:a5:f8:
                    89:a3:de:d2:fe:13:eb:9c:c4:e9:9d:21:6b:cc:df:
                    b8:a0:81:66:6d:e0:d8:09:53:aa:2f:1d:c6:f6:ce:
                    f3:35:80:01:12:d8:20:00:c5:e7:12:29:dd:5b:2d:
                    fa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D9:13:B2:E1:CF:B2:80:4A:9F:48:51:0A:13:AB:0B:82:57:4C:DE
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/JtkTsuHPsoBKn0hRChOrC4JXTN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:2e:a3:70:70:e4:ec:f7:bd:c0:7e:68:dd:81:99:c4:74:ba:
         b0:d4:1a:3b:c2:b4:b8:65:39:19:20:a6:42:e7:ba:05:e7:ae:
         b7:b4:cb:b9:b9:cb:f6:ea:fd:29:2c:37:b8:77:19:2f:c0:81:
         e2:6a:5d:cd:08:d4:21:36:41:06:bb:e5:d9:5b:4e:39:81:21:
         c6:25:36:57:84:c3:bb:58:2a:e8:e4:79:e4:95:c5:e7:26:b1:
         21:55:31:38:5b:d4:58:45:58:ea:9e:e9:18:e2:ab:43:4c:c5:
         94:53:7e:d7:a6:3e:c5:01:f3:35:1f:82:30:4f:84:d0:66:f0:
         a2:f3:27:ac:0b:0b:40:c0:93:f5:53:d7:11:76:be:55:f5:b7:
         7d:d2:c4:2d:b4:cb:75:98:8a:0b:f8:8f:2e:6a:e9:6a:05:89:
         e6:7b:15:d6:ee:63:fb:b1:80:f5:e5:c6:40:04:14:7a:d1:09:
         ae:8e:ca:36:84:dc:4b:52:1c:ff:1d:b6:ac:b0:d0:ab:df:54:
         2c:90:8f:39:b5:ec:71:f5:ed:ec:43:20:37:03:be:2d:76:40:
         ed:9e:eb:73:90:74:21:4b:e9:be:be:6a:15:b8:d4:92:03:a6:
         6f:d3:37:0f:11:27:cc:09:85:ec:04:ed:65:06:7f:56:27:85:
         dd:71:2e:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZe9h/uf/oF6FGPm5ZM5mYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwNDIyMTkyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQ5MTNiMmUxY2ZiMjgwNGE5ZjQ4NTEwYTEzYWIwYjgyNTc0Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/2p923qcVNWmnOxT5a1VD+74WKl
3o1eZOoJS4K/kYnGxVeBYKc6ycKghKYHypYWgjXOMfBu+OWHzYbF3xZr6NMXiuCV
S10zmzJ0ViR/ZcFLpvlCQ8VW+m4kx8S0/7ODsw0O1SO1tKjs3Lq1bZ68yQeSbOa8
b/kmdjbnXNavYMKNUh53d5zPqCGdktrQbVfg1U6tCN2x6wOfwDitlU8tV5iW8uY2
4B6VdFqh9JB0uKQIIgWknqshkera5cSaLfeHx/QR47AmE9f6nakSWu3LpfiJo97S
/hPrnMTpnSFrzN+4oIFmbeDYCVOqLx3G9s7zNYABEtggAMXnEindWy36wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbZE7Lhz7KASp9IUQoTqwuCV0zeMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvSnRrVHN1SFBzb0JLbjBoUkNoT3JDNEpYVE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9oMA0G
CSqGSIb3DQEBCwUAA4IBAQB7LqNwcOTs973AfmjdgZnEdLqw1Bo7wrS4ZTkZIKZC
57oF5663tMu5ucv26v0pLDe4dxkvwIHial3NCNQhNkEGu+XZW045gSHGJTZXhMO7
WCro5HnklcXnJrEhVTE4W9RYRVjqnukY4qtDTMWUU37Xpj7FAfM1H4IwT4TQZvCi
8yesCwtAwJP1U9cRdr5V9bd90sQttMt1mIoL+I8uaulqBYnmexXW7mP7sYD15cZA
BBR60Qmujso2hNxLUhz/HbassNCr31QskI85texx9e3sQyA3A74tdkDtnutzkHQh
S+m+vmoVuNSSA6Zv0zcPESfMCYXsBO1lBn9WJ4XdcS6c
-----END CERTIFICATE-----