Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iY1W1SwoNxQHfo7kACm1X_jsmmc.roa
File:                     iY1W1SwoNxQHfo7kACm1X_jsmmc.roa (raw, json)
Hash identifier:          PifN2+8P+ikMg8Thhsh24Uc/YyYeLzLB/NmrrJpyqcc=
Subject key identifier:   89:8D:56:D5:2C:28:37:14:07:7E:8E:E4:00:29:B5:5F:F8:EC:9A:67
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01970761BB6C08D7664C8C7496A638D3E846
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iY1W1SwoNxQHfo7kACm1X_jsmmc.roa
Signing time:             Sun 25 May 2025 12:18:54 +0000
ROA not before:           Sun 25 May 2025 12:18:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215590
IP address blocks:        5.231.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:61:bb:6c:08:d7:66:4c:8c:74:96:a6:38:d3:e8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 25 12:18:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=898d56d52c283714077e8ee40029b55ff8ec9a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:44:a6:cb:8b:13:03:68:05:a5:1b:4d:88:1a:
                    81:5b:c5:9e:2c:d0:06:85:7c:60:dc:d1:83:c8:2e:
                    33:df:3e:8d:72:69:9a:99:57:4c:1a:35:49:bb:4f:
                    49:1f:f5:95:e2:1e:5f:25:aa:3f:fa:57:c9:2f:3f:
                    af:d0:55:85:5f:6d:7c:10:a2:4a:cb:d0:9b:1b:1a:
                    3d:58:72:5f:cc:5b:da:c1:80:1d:22:82:2d:c9:7d:
                    b7:77:55:2c:84:35:c6:ca:c8:f7:49:26:16:1e:3b:
                    17:eb:83:17:70:5e:58:dc:3f:64:6d:fa:cd:27:db:
                    be:14:aa:19:00:74:79:f4:c7:62:5c:c1:b3:b7:8f:
                    39:a5:47:ad:ea:c3:b7:31:17:7b:6f:b7:15:7d:7e:
                    d8:1c:a2:d8:a6:23:c4:47:12:57:8a:07:98:cb:31:
                    6d:31:fc:95:88:62:32:b6:e4:c2:90:12:68:26:ea:
                    92:d9:25:6b:0a:3a:87:06:ac:be:f2:02:9d:0a:49:
                    d0:24:12:18:64:46:a0:fd:29:25:02:68:70:dd:81:
                    fc:38:fe:ac:fd:54:24:ce:bb:67:f9:18:de:6a:1a:
                    22:9b:bc:71:ee:02:a9:e3:51:bb:2e:29:5a:a6:d3:
                    0e:a5:cd:2d:ee:bf:7f:aa:a4:7e:e5:1f:92:cb:c7:
                    40:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8D:56:D5:2C:28:37:14:07:7E:8E:E4:00:29:B5:5F:F8:EC:9A:67
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iY1W1SwoNxQHfo7kACm1X_jsmmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:68:e2:74:4d:42:35:1b:ee:59:cf:45:de:85:c3:32:ea:a9:
         f4:e0:e9:c1:c3:73:cf:d3:e4:3f:3d:fe:e1:5c:e9:79:7b:f3:
         23:ab:e4:0d:a9:5f:eb:ec:76:47:89:b7:11:2e:01:30:55:4d:
         14:3d:24:a4:b2:b4:c1:71:b8:d5:95:2d:90:ec:4f:13:f6:24:
         7b:eb:aa:b9:b8:15:61:57:0e:a1:cc:ad:a4:a4:3d:e4:a3:1b:
         f4:a7:a5:d0:b6:4b:be:79:d2:f3:02:dc:3e:74:7d:bf:10:c1:
         65:26:56:cf:29:8d:0d:ae:17:12:76:e2:08:82:8e:bc:d1:35:
         10:a1:93:d0:a2:bc:36:03:0f:a8:89:9c:42:e6:ad:48:1e:24:
         38:3a:ed:67:f8:30:04:66:89:5c:21:d3:62:65:91:eb:d5:a6:
         60:2d:5e:08:c6:3b:96:8f:95:9c:16:ad:c7:a8:98:51:5e:07:
         25:e8:dd:8c:2a:ba:e8:55:79:b4:36:90:e0:f7:c1:09:73:f5:
         af:83:71:17:ac:b8:15:d3:bd:2c:45:be:dd:39:6a:12:bd:bd:
         5d:b8:c0:8f:a4:e8:53:f0:36:69:8c:b0:4e:99:9d:f8:0e:fd:
         c8:99:11:82:b4:97:8e:7d:28:a7:a9:02:6e:6b:7f:85:c5:62:
         da:9a:51:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcHYbtsCNdmTIx0lqY40+hGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTI1MTIxODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThkNTZkNTJjMjgzNzE0MDc3ZThlZTQwMDI5YjU1ZmY4ZWM5YTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUSmy4sTA2gFpRtNiBqBW8WeLNAG
hXxg3NGDyC4z3z6NcmmamVdMGjVJu09JH/WV4h5fJao/+lfJLz+v0FWFX218EKJK
y9CbGxo9WHJfzFvawYAdIoItyX23d1UshDXGysj3SSYWHjsX64MXcF5Y3D9kbfrN
J9u+FKoZAHR59MdiXMGzt485pUet6sO3MRd7b7cVfX7YHKLYpiPERxJXigeYyzFt
MfyViGIytuTCkBJoJuqS2SVrCjqHBqy+8gKdCknQJBIYZEag/SklAmhw3YH8OP6s
/VQkzrtn+Rjeahoim7xx7gKp41G7LilaptMOpc0t7r9/qqR+5R+Sy8dAKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImNVtUsKDcUB36O5AAptV/47JpnMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaVkxVzFTd29OeFFIZm83a0FDbTFYX2pzbW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABefmMA0G
CSqGSIb3DQEBCwUAA4IBAQCMaOJ0TUI1G+5Zz0XehcMy6qn04OnBw3PP0+Q/Pf7h
XOl5e/Mjq+QNqV/r7HZHibcRLgEwVU0UPSSksrTBcbjVlS2Q7E8T9iR766q5uBVh
Vw6hzK2kpD3koxv0p6XQtku+edLzAtw+dH2/EMFlJlbPKY0NrhcSduIIgo680TUQ
oZPQorw2Aw+oiZxC5q1IHiQ4Ou1n+DAEZolcIdNiZZHr1aZgLV4IxjuWj5WcFq3H
qJhRXgcl6N2MKrroVXm0NpDg98EJc/Wvg3EXrLgV070sRb7dOWoSvb1duMCPpOhT
8DZpjLBOmZ34Dv3ImRGCtJeOfSinqQJua3+FxWLamlEm
-----END CERTIFICATE-----