Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/JpuV5HcluBalVoMeoldTQN8DAn8.roa
File:                     JpuV5HcluBalVoMeoldTQN8DAn8.roa (raw, json)
Hash identifier:          0lAWMY1XRCrRPS6rRebMRa+pBrqjVQZeCT1ofxGRwac=
Subject key identifier:   26:9B:95:E4:77:25:B8:16:A5:56:83:1E:A2:57:53:40:DF:03:02:7F
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197A81CF848F4812F8A0A375A23BD59373B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/JpuV5HcluBalVoMeoldTQN8DAn8.roa
Signing time:             Wed 25 Jun 2025 17:22:40 +0000
ROA not before:           Wed 25 Jun 2025 17:22:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        45.94.213.0/24 maxlen: 24
                          188.212.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:1c:f8:48:f4:81:2f:8a:0a:37:5a:23:bd:59:37:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 25 17:22:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=269b95e47725b816a556831ea2575340df03027f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0e:4c:33:7e:7b:7c:d2:25:e9:62:6f:4b:b1:
                    96:43:a1:38:86:42:dd:0f:33:6a:95:9f:58:6f:65:
                    d6:47:fd:39:80:eb:2c:e5:c9:bc:7a:f3:ce:4c:10:
                    6f:b4:92:51:3d:db:35:26:9f:a0:73:03:49:99:00:
                    32:89:0c:57:90:06:02:47:30:45:96:b6:23:cf:00:
                    11:44:6f:aa:af:ac:ec:0d:05:6d:56:44:76:05:41:
                    c7:43:cb:c2:41:0b:49:e5:68:7a:8f:06:44:c8:e5:
                    ea:8c:4f:02:5c:2b:00:2b:04:7d:b0:8f:7c:8f:23:
                    ae:6d:6a:8a:fd:b7:9c:9e:ad:e7:70:77:73:8b:02:
                    35:7d:10:3f:a2:c5:cd:d0:08:b5:ec:14:f8:9c:a0:
                    ec:cc:5a:28:03:03:8b:04:36:98:a1:0b:a5:ef:1f:
                    35:6a:6b:88:3e:85:1f:60:89:43:6a:54:8e:8c:b9:
                    6e:90:3f:79:64:13:3e:89:66:f2:49:6a:bc:57:45:
                    39:90:d3:d7:88:7a:9d:1c:49:6b:8b:0c:6f:d9:0b:
                    59:26:79:f7:ad:e6:fa:99:9f:5a:e6:a5:27:27:bc:
                    25:b3:c2:38:ee:49:67:36:89:31:13:8a:f5:4e:dc:
                    37:cb:66:3c:c3:53:d1:37:ec:2d:c0:15:c1:59:41:
                    1c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9B:95:E4:77:25:B8:16:A5:56:83:1E:A2:57:53:40:DF:03:02:7F
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/JpuV5HcluBalVoMeoldTQN8DAn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.213.0/24
                  188.212.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:37:41:2d:93:ef:24:be:00:6a:20:0c:4c:48:0b:e8:c5:20:
         de:20:53:b4:ea:64:12:f1:4b:f1:99:63:77:2b:4f:4c:64:98:
         bb:19:40:dc:a8:66:44:3a:21:04:72:bc:20:d5:36:56:9f:01:
         0d:77:c6:ce:2f:8b:2a:4e:66:e5:e6:b0:3d:f3:12:01:b9:5c:
         ff:3a:64:90:97:18:ca:c7:f0:29:b6:98:91:ba:97:1d:ca:a2:
         c8:5a:6f:4c:7a:41:4a:61:81:df:af:7b:48:7d:57:eb:90:ba:
         c8:2d:12:ff:c6:92:77:34:22:99:a3:63:3a:b0:ba:93:c0:c1:
         57:c8:23:0b:0a:71:f1:9c:bc:d4:c9:19:32:25:a8:44:f6:07:
         01:7b:7e:f0:0f:77:66:68:79:e5:64:70:47:b6:66:62:2b:36:
         ec:10:a1:5b:19:f3:5a:49:6b:18:f8:91:23:c0:dc:30:92:90:
         0c:33:23:bb:dc:d3:2c:6e:62:41:64:cf:5e:30:06:0a:e9:9c:
         7b:e5:d8:4b:b8:c7:ba:d7:36:26:38:46:30:52:2c:d0:d7:99:
         66:b3:32:f1:33:1f:c6:87:39:74:fd:b1:3c:50:dc:86:ac:89:
         40:3c:cc:bb:7d:82:4a:35:d8:3a:ec:0f:7f:77:c8:45:a1:a2:
         fb:e8:e5:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeoHPhI9IEvigo3WiO9WTc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjI1MTcyMjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjliOTVlNDc3MjViODE2YTU1NjgzMWVhMjU3NTM0MGRmMDMwMjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7A5MM357fNIl6WJvS7GWQ6E4hkLd
DzNqlZ9Yb2XWR/05gOss5cm8evPOTBBvtJJRPds1Jp+gcwNJmQAyiQxXkAYCRzBF
lrYjzwARRG+qr6zsDQVtVkR2BUHHQ8vCQQtJ5Wh6jwZEyOXqjE8CXCsAKwR9sI98
jyOubWqK/becnq3ncHdziwI1fRA/osXN0Ai17BT4nKDszFooAwOLBDaYoQul7x81
amuIPoUfYIlDalSOjLlukD95ZBM+iWbySWq8V0U5kNPXiHqdHElriwxv2QtZJnn3
reb6mZ9a5qUnJ7wls8I47klnNokxE4r1Ttw3y2Y8w1PRN+wtwBXBWUEclwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCableR3JbgWpVaDHqJXU0DfAwJ/MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSnB1VjVIY2x1QmFsVm9NZW9sZFRRTjhEQW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV7VAwQA
vNRhMA0GCSqGSIb3DQEBCwUAA4IBAQAnN0Etk+8kvgBqIAxMSAvoxSDeIFO06mQS
8UvxmWN3K09MZJi7GUDcqGZEOiEEcrwg1TZWnwENd8bOL4sqTmbl5rA98xIBuVz/
OmSQlxjKx/AptpiRupcdyqLIWm9MekFKYYHfr3tIfVfrkLrILRL/xpJ3NCKZo2M6
sLqTwMFXyCMLCnHxnLzUyRkyJahE9gcBe37wD3dmaHnlZHBHtmZiKzbsEKFbGfNa
SWsY+JEjwNwwkpAMMyO73NMsbmJBZM9eMAYK6Zx75dhLuMe61zYmOEYwUizQ15lm
szLxMx/Ghzl0/bE8UNyGrIlAPMy7fYJKNdg67A9/d8hFoaL76OW5
-----END CERTIFICATE-----