Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/WQUjTS9p84oOcXA50chvpNniznQ.roa
File:                     WQUjTS9p84oOcXA50chvpNniznQ.roa (raw, json)
Hash identifier:          b9u2bPYyFl9JVGS2r/Wv4Q0+aj8rFnnmE/wBKVY/4HE=
Subject key identifier:   59:05:23:4D:2F:69:F3:8A:0E:71:70:39:D1:C8:6F:A4:D9:E2:CE:74
Certificate issuer:       /CN=27fdce9db6af9b8133a32617eef4e046444efdd4
Certificate serial:       01974B8B1E497140CDEF07587B789ACC5D38
Authority key identifier: 27:FD:CE:9D:B6:AF:9B:81:33:A3:26:17:EE:F4:E0:46:44:4E:FD:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_3Onbavm4EzoyYX7vTgRkRO_dQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/WQUjTS9p84oOcXA50chvpNniznQ.roa
Signing time:             Sat 07 Jun 2025 17:58:17 +0000
ROA not before:           Sat 07 Jun 2025 17:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60274
IP address blocks:        207.244.220.0/24 maxlen: 24
                          2001:67c:ce0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/J_3Onbavm4EzoyYX7vTgRkRO_dQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/J_3Onbavm4EzoyYX7vTgRkRO_dQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_3Onbavm4EzoyYX7vTgRkRO_dQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 08:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4b:8b:1e:49:71:40:cd:ef:07:58:7b:78:9a:cc:5d:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27fdce9db6af9b8133a32617eef4e046444efdd4
        Validity
            Not Before: Jun  7 17:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5905234d2f69f38a0e717039d1c86fa4d9e2ce74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:36:2d:29:a6:90:fe:0f:c6:ac:31:16:cd:da:
                    e4:86:95:9c:f5:b5:b0:34:41:e7:55:19:d0:94:58:
                    f9:bb:a0:21:be:04:25:5d:6d:91:09:7b:bb:3a:55:
                    01:3d:00:a1:2e:79:04:3b:b3:d2:9a:98:4f:4f:f9:
                    fb:f1:3c:cf:06:46:5f:e7:cb:c2:f6:bc:d6:73:69:
                    70:74:ab:ed:9a:c4:bd:16:87:6b:5f:69:f9:0b:46:
                    87:7f:78:4e:95:6b:85:22:fe:23:02:9f:34:72:8e:
                    af:57:6d:ac:88:60:f4:18:97:e7:ca:61:5e:76:e6:
                    e5:11:ef:ce:98:01:e1:f5:23:ac:1a:f5:ce:4f:21:
                    a3:b6:5f:da:ef:6c:9b:7a:a1:46:6a:e3:94:22:3d:
                    e7:68:c2:f8:4c:3b:53:d9:f5:a4:69:2c:9f:4b:95:
                    bc:27:f3:bf:26:07:e7:ce:88:ce:eb:d4:f8:51:03:
                    c1:36:49:f9:69:29:88:54:af:4d:ec:cd:27:9e:85:
                    05:65:33:f6:47:36:6a:52:0a:f2:cf:37:05:f7:b7:
                    8c:00:f3:09:b9:be:82:69:33:6e:66:06:c5:4b:82:
                    77:6e:ae:a9:f6:54:bd:49:7c:a0:33:78:70:09:ef:
                    b2:18:15:ab:51:77:be:2d:c5:3a:e8:aa:b3:5f:fe:
                    fc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:05:23:4D:2F:69:F3:8A:0E:71:70:39:D1:C8:6F:A4:D9:E2:CE:74
            X509v3 Authority Key Identifier:
                keyid:27:FD:CE:9D:B6:AF:9B:81:33:A3:26:17:EE:F4:E0:46:44:4E:FD:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_3Onbavm4EzoyYX7vTgRkRO_dQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/WQUjTS9p84oOcXA50chvpNniznQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0433e3-bd61-4d13-847a-d90c6177e402/1/J_3Onbavm4EzoyYX7vTgRkRO_dQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.220.0/24
                IPv6:
                  2001:67c:ce0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:6c:f9:90:bd:17:cd:43:5b:65:55:53:32:3f:6e:6d:e6:71:
         09:16:f4:3e:31:a4:9a:47:f5:70:1e:b8:23:8a:db:6a:0b:6c:
         e6:49:65:c1:19:e3:7c:14:4f:eb:03:12:0f:6f:01:f9:35:e0:
         ef:68:2e:44:15:2f:90:cc:27:9c:01:75:73:b8:43:ab:10:d8:
         74:b8:42:78:cb:f0:f8:5b:18:71:3d:80:30:7b:02:24:e2:ca:
         77:99:a4:49:a0:b9:26:a7:05:4b:d9:26:7c:a0:81:dd:95:31:
         80:1b:5f:d1:3b:94:9e:ba:c8:c4:14:a9:08:16:a2:e8:fe:5b:
         fb:38:80:fe:2a:70:cc:af:14:fb:52:2b:d9:28:4b:51:86:23:
         52:7d:35:6d:74:b3:3d:ca:db:0d:eb:53:28:25:5c:e1:1f:a2:
         85:f5:fb:1a:1d:09:e1:86:5d:68:19:c0:95:b0:f2:28:c7:b6:
         a5:33:be:c7:be:23:cc:94:f2:96:4c:9d:54:9e:e6:84:60:7d:
         45:a0:66:1f:6b:66:70:1a:2b:4f:cf:d5:7f:16:c0:54:48:93:
         02:5b:65:5a:78:e9:70:b9:11:63:78:fe:cc:c7:27:89:05:08:
         95:3b:53:d6:2e:22:27:e8:a3:c9:e5:09:76:ae:40:25:51:8c:
         15:29:f1:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZdLix5JcUDN7wdYe3iazF04MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZmRjZTlkYjZhZjliODEzM2EzMjYxN2VlZjRlMDQ2NDQ0
ZWZkZDQwHhcNMjUwNjA3MTc1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA1MjM0ZDJmNjlmMzhhMGU3MTcwMzlkMWM4NmZhNGQ5ZTJjZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDYtKaaQ/g/GrDEWzdrkhpWc9bWw
NEHnVRnQlFj5u6AhvgQlXW2RCXu7OlUBPQChLnkEO7PSmphPT/n78TzPBkZf58vC
9rzWc2lwdKvtmsS9FodrX2n5C0aHf3hOlWuFIv4jAp80co6vV22siGD0GJfnymFe
dublEe/OmAHh9SOsGvXOTyGjtl/a72ybeqFGauOUIj3naML4TDtT2fWkaSyfS5W8
J/O/JgfnzojO69T4UQPBNkn5aSmIVK9N7M0nnoUFZTP2RzZqUgryzzcF97eMAPMJ
ub6CaTNuZgbFS4J3bq6p9lS9SXygM3hwCe+yGBWrUXe+LcU66KqzX/78CwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFkFI00vafOKDnFwOdHIb6TZ4s50MB8GA1UdIwQY
MBaAFCf9zp22r5uBM6MmF+704EZETv3UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl8zT25iYXZtNEV6b3lZWDd2VGdSa1JPX2RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wNDMzZTMtYmQ2MS00ZDEzLTg0N2Et
ZDkwYzYxNzdlNDAyLzEvV1FValRTOXA4NG9PY1hBNTBjaHZwTm5pem5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wNDMzZTMtYmQ2MS00ZDEzLTg0N2EtZDkwYzYxNzdlNDAy
LzEvSl8zT25iYXZtNEV6b3lZWDd2VGdSa1JPX2RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAz/TcMA8E
AgACMAkDBwAgAQZ8DOAwDQYJKoZIhvcNAQELBQADggEBAKRs+ZC9F81DW2VVUzI/
bm3mcQkW9D4xpJpH9XAeuCOK22oLbOZJZcEZ43wUT+sDEg9vAfk14O9oLkQVL5DM
J5wBdXO4Q6sQ2HS4QnjL8PhbGHE9gDB7AiTiyneZpEmguSanBUvZJnyggd2VMYAb
X9E7lJ66yMQUqQgWouj+W/s4gP4qcMyvFPtSK9koS1GGI1J9NW10sz3K2w3rUygl
XOEfooX1+xodCeGGXWgZwJWw8ijHtqUzvse+I8yU8pZMnVSe5oRgfUWgZh9rZnAa
K0/P1X8WwFRIkwJbZVp46XC5EWN4/szHJ4kFCJU7U9YuIifoo8nlCXauQCVRjBUp
8UU=
-----END CERTIFICATE-----