Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/JPT84J8sgcKOXjYFNH6TAuUvNk4.roa
File:                     JPT84J8sgcKOXjYFNH6TAuUvNk4.roa (raw, json)
Hash identifier:          e3bD4e8Uvkqff5stQpbUdZdhMmIlcTkZivV1M7IJw9U=
Subject key identifier:   24:F4:FC:E0:9F:2C:81:C2:8E:5E:36:05:34:7E:93:02:E5:2F:36:4E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01977817D727F98DF06CC5B3B415533E58E5
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/JPT84J8sgcKOXjYFNH6TAuUvNk4.roa
Signing time:             Mon 16 Jun 2025 09:35:17 +0000
ROA not before:           Mon 16 Jun 2025 09:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        89.23.72.0/24 maxlen: 24
                          178.254.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:17:d7:27:f9:8d:f0:6c:c5:b3:b4:15:53:3e:58:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jun 16 09:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24f4fce09f2c81c28e5e3605347e9302e52f364e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cc:20:67:15:cf:51:6a:be:b4:e3:45:a9:0a:
                    c9:05:ea:57:a5:0a:d5:c9:28:15:17:fd:6f:37:f7:
                    29:e3:fa:7a:ba:98:0a:0a:94:77:de:d1:8e:a0:d2:
                    14:c1:09:69:fd:d5:60:5b:ab:0f:89:81:24:23:1d:
                    73:5f:be:d4:34:43:bd:da:94:73:e7:80:42:4f:75:
                    51:75:8a:f8:09:36:92:6a:69:42:ae:4b:bd:ff:4f:
                    43:b6:aa:5c:a7:1a:56:6a:a6:e8:47:f3:ef:76:5d:
                    7e:ed:05:9f:f4:f6:d0:2a:ce:ee:b9:98:e8:d9:f8:
                    f8:8f:94:53:de:ae:3a:ed:4c:e1:a1:c0:c7:cb:e8:
                    c8:81:67:d8:72:f4:a0:86:f9:28:b8:d7:84:1d:f5:
                    7e:62:44:f9:cb:7d:71:f6:8d:cb:cb:c3:ae:2e:c1:
                    a9:35:a5:0a:d6:70:2b:40:9d:2f:e3:5e:37:91:56:
                    8d:9d:26:2e:2d:43:44:d8:f5:f2:51:24:4c:83:b0:
                    21:95:ee:82:8f:60:2f:32:9b:3f:85:2c:46:c4:78:
                    ca:88:dc:03:4e:04:a2:fd:08:95:cb:e3:41:be:d6:
                    5a:ff:b3:52:7a:8b:14:21:5d:a6:12:b3:ce:ee:7a:
                    32:83:9b:1c:58:15:f0:c9:c0:af:ec:73:bc:85:47:
                    75:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F4:FC:E0:9F:2C:81:C2:8E:5E:36:05:34:7E:93:02:E5:2F:36:4E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/JPT84J8sgcKOXjYFNH6TAuUvNk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.72.0/24
                  178.254.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6a:ca:e5:38:a7:7d:de:74:4c:1f:7a:3e:ea:df:0b:56:84:
         a4:74:5d:49:25:98:c4:60:88:e6:6a:07:15:02:0a:ca:ae:3e:
         6e:5e:17:de:64:aa:ae:f3:6b:b8:6d:0b:ac:ad:af:d3:2f:8f:
         41:1b:e3:18:b5:84:90:be:92:37:43:d9:3b:11:9b:92:33:84:
         66:3e:59:93:03:ad:8f:f3:42:dc:a2:c5:4a:df:f3:41:43:b5:
         a4:98:6f:09:8d:d2:5a:f2:11:ef:5c:79:42:f4:0f:fd:15:43:
         8a:5b:09:0e:be:3a:22:d6:88:c6:a0:6a:3b:e2:71:41:ef:eb:
         0b:3b:b0:33:20:38:4c:b8:39:59:eb:a4:13:cb:21:a4:41:d3:
         30:04:1b:ed:0d:51:f9:e0:72:49:8a:5d:51:b6:65:ba:20:c0:
         40:ae:57:3f:06:55:59:4d:80:e0:ae:00:39:a9:56:3f:cf:98:
         8c:b2:20:0d:28:68:7e:9f:69:17:85:10:13:eb:63:d0:1a:ed:
         21:ee:9c:09:de:a4:37:2c:49:ff:e3:df:41:95:12:a2:b5:e4:
         62:d3:3b:41:71:b8:17:92:6f:90:2f:22:20:31:56:0e:01:88:
         df:f6:ec:bc:44:ef:18:41:0b:16:cb:3b:23:f6:45:c2:92:39:
         d6:8b:92:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd4F9cn+Y3wbMWztBVTPljlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNjE2MDkzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY0ZmNlMDlmMmM4MWMyOGU1ZTM2MDUzNDdlOTMwMmU1MmYzNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuswgZxXPUWq+tONFqQrJBepXpQrV
ySgVF/1vN/cp4/p6upgKCpR33tGOoNIUwQlp/dVgW6sPiYEkIx1zX77UNEO92pRz
54BCT3VRdYr4CTaSamlCrku9/09DtqpcpxpWaqboR/Pvdl1+7QWf9PbQKs7uuZjo
2fj4j5RT3q467UzhocDHy+jIgWfYcvSghvkouNeEHfV+YkT5y31x9o3Ly8OuLsGp
NaUK1nArQJ0v4143kVaNnSYuLUNE2PXyUSRMg7Ahle6Cj2AvMps/hSxGxHjKiNwD
TgSi/QiVy+NBvtZa/7NSeosUIV2mErPO7noyg5scWBXwycCv7HO8hUd1qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCT0/OCfLIHCjl42BTR+kwLlLzZOMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvSlBUODRKOHNnY0tPWGpZRk5INlRBdVV2Tms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRdIAwQA
sv6WMA0GCSqGSIb3DQEBCwUAA4IBAQA2asrlOKd93nRMH3o+6t8LVoSkdF1JJZjE
YIjmagcVAgrKrj5uXhfeZKqu82u4bQusra/TL49BG+MYtYSQvpI3Q9k7EZuSM4Rm
PlmTA62P80LcosVK3/NBQ7WkmG8JjdJa8hHvXHlC9A/9FUOKWwkOvjoi1ojGoGo7
4nFB7+sLO7AzIDhMuDlZ66QTyyGkQdMwBBvtDVH54HJJil1RtmW6IMBArlc/BlVZ
TYDgrgA5qVY/z5iMsiANKGh+n2kXhRAT62PQGu0h7pwJ3qQ3LEn/499BlRKiteRi
0ztBcbgXkm+QLyIgMVYOAYjf9uy8RO8YQQsWyzsj9kXCkjnWi5KF
-----END CERTIFICATE-----