Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/JN9C0lCNENYeap20Rh2rmbTTK2I.roa
File:                     JN9C0lCNENYeap20Rh2rmbTTK2I.roa (raw, json)
Hash identifier:          JYxwyuD1IOAjEG0JPIbV5Puyq/yeqKzJl8UqOIBu2v0=
Subject key identifier:   24:DF:42:D2:50:8D:10:D6:1E:6A:9D:B4:46:1D:AB:99:B4:D3:2B:62
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       01974FE80F81EAF353EDEF1AA958BEBBC38A
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/JN9C0lCNENYeap20Rh2rmbTTK2I.roa
Signing time:             Sun 08 Jun 2025 14:18:17 +0000
ROA not before:           Sun 08 Jun 2025 14:18:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.143.16.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4f:e8:0f:81:ea:f3:53:ed:ef:1a:a9:58:be:bb:c3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: Jun  8 14:18:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24df42d2508d10d61e6a9db4461dab99b4d32b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b6:0d:3a:83:96:a3:3d:a9:b6:3d:61:0a:ce:
                    4b:bc:ef:3e:a3:4b:a1:47:77:ed:a1:56:ac:76:73:
                    69:5d:81:7e:46:48:ba:c9:24:cd:59:1a:4d:01:54:
                    da:fd:e4:b9:ad:96:aa:28:ef:2a:ef:ba:58:d2:8d:
                    92:79:94:62:7b:aa:18:a2:dd:e4:e6:7d:67:c3:9f:
                    62:87:6c:e8:7b:3a:7c:88:61:29:4b:c6:61:37:e4:
                    45:f5:5d:11:99:df:87:b9:78:9c:9a:52:a1:30:40:
                    31:0b:92:e9:70:5d:69:62:55:20:4c:04:71:44:79:
                    2d:ad:52:e0:91:ed:e0:2c:75:a1:61:a2:99:31:0a:
                    fa:1e:7f:34:78:af:18:61:3c:2f:57:60:99:95:86:
                    a7:d8:4c:c9:d4:cd:bf:a4:3a:3d:76:a3:08:57:e8:
                    0c:7b:b9:4a:3a:b1:ec:17:f7:38:1c:86:99:62:47:
                    0e:4b:19:ae:fe:5f:da:ec:f5:74:ac:6a:03:e8:05:
                    28:e6:eb:6e:b6:79:80:b6:3a:5f:37:43:4d:af:11:
                    05:cc:81:c3:66:b1:32:98:ab:82:19:64:7b:ac:b9:
                    42:e9:79:59:aa:e5:2d:ce:89:81:68:7e:e5:5a:24:
                    60:88:2b:18:2b:e3:50:11:ac:d8:7e:90:35:43:b3:
                    a0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DF:42:D2:50:8D:10:D6:1E:6A:9D:B4:46:1D:AB:99:B4:D3:2B:62
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/JN9C0lCNENYeap20Rh2rmbTTK2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:3e:29:d9:7f:03:9f:03:4d:e9:23:d9:1e:21:d1:1c:91:6e:
         7f:2b:aa:b6:f2:0a:af:58:9d:01:0d:9f:d8:8d:10:f0:f6:c2:
         7c:1c:49:b9:6a:53:3b:65:85:ce:b1:4b:52:5e:24:97:d1:83:
         c6:33:a8:ea:50:0a:3f:1f:d3:27:7f:93:03:9c:fe:3e:0a:b5:
         44:25:14:c6:42:26:6d:9b:07:61:4f:8e:db:75:60:5d:98:17:
         68:01:89:9d:0a:a4:fb:ed:91:44:8f:77:1c:e9:8d:55:5b:04:
         c1:8f:f7:08:b2:02:f2:e7:8e:06:4a:df:15:d3:b3:34:a5:53:
         53:7d:ff:57:84:01:58:b9:2a:55:ee:4f:be:dc:5a:aa:4f:48:
         2f:73:e0:24:cf:cf:7c:e3:df:7c:08:4b:c3:24:69:0d:3e:99:
         73:85:fa:33:4e:06:a3:0e:30:62:d3:03:c5:07:b4:50:5b:c2:
         b0:db:62:f3:f2:46:98:70:71:7a:77:59:20:30:1e:13:b0:ba:
         df:41:c7:f7:40:30:ff:c2:ac:98:35:bd:de:c2:12:f1:f4:0f:
         0a:f3:79:93:13:30:54:86:97:e4:f8:ac:1c:66:11:51:07:ce:
         5c:c8:5f:7a:6a:5f:2c:ed:8c:ea:da:b4:80:4f:29:58:e2:12:
         d4:cc:c6:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdP6A+B6vNT7e8aqVi+u8OKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjUwNjA4MTQxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRmNDJkMjUwOGQxMGQ2MWU2YTlkYjQ0NjFkYWI5OWI0ZDMyYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7YNOoOWoz2ptj1hCs5LvO8+o0uh
R3ftoVasdnNpXYF+Rki6ySTNWRpNAVTa/eS5rZaqKO8q77pY0o2SeZRie6oYot3k
5n1nw59ih2zoezp8iGEpS8ZhN+RF9V0Rmd+HuXicmlKhMEAxC5LpcF1pYlUgTARx
RHktrVLgke3gLHWhYaKZMQr6Hn80eK8YYTwvV2CZlYan2EzJ1M2/pDo9dqMIV+gM
e7lKOrHsF/c4HIaZYkcOSxmu/l/a7PV0rGoD6AUo5ututnmAtjpfN0NNrxEFzIHD
ZrEymKuCGWR7rLlC6XlZquUtzomBaH7lWiRgiCsYK+NQEazYfpA1Q7Og5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTfQtJQjRDWHmqdtEYdq5m00ytiMB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEvSk45QzBsQ05FTlllYXAyMFJoMnJtYlRUSzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwY8QMA0G
CSqGSIb3DQEBCwUAA4IBAQBqPinZfwOfA03pI9keIdEckW5/K6q28gqvWJ0BDZ/Y
jRDw9sJ8HEm5alM7ZYXOsUtSXiSX0YPGM6jqUAo/H9Mnf5MDnP4+CrVEJRTGQiZt
mwdhT47bdWBdmBdoAYmdCqT77ZFEj3cc6Y1VWwTBj/cIsgLy544GSt8V07M0pVNT
ff9XhAFYuSpV7k++3FqqT0gvc+Akz8984998CEvDJGkNPplzhfozTgajDjBi0wPF
B7RQW8Kw22Lz8kaYcHF6d1kgMB4TsLrfQcf3QDD/wqyYNb3ewhLx9A8K83mTEzBU
hpfk+KwcZhFRB85cyF96al8s7Yzq2rSATylY4hLUzMbY
-----END CERTIFICATE-----