Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/JCqujfTGMs0CXH7Tcl7wXUJG7rk.roa
File:                     JCqujfTGMs0CXH7Tcl7wXUJG7rk.roa (raw, json)
Hash identifier:          EOjAhyUB1/yJybUbQZT8krxAn/rD2CzV6whjFRdiiOs=
Subject key identifier:   24:2A:AE:8D:F4:C6:32:CD:02:5C:7E:D3:72:5E:F0:5D:42:46:EE:B9
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0198C8566E47441C30DBAA3CFE2AE6BA0DB6
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/JCqujfTGMs0CXH7Tcl7wXUJG7rk.roa
Signing time:             Wed 20 Aug 2025 16:36:04 +0000
ROA not before:           Wed 20 Aug 2025 16:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        159.197.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c8:56:6e:47:44:1c:30:db:aa:3c:fe:2a:e6:ba:0d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Aug 20 16:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=242aae8df4c632cd025c7ed3725ef05d4246eeb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5d:3a:39:51:3f:4a:82:40:e5:a3:6d:20:81:
                    21:60:04:db:ab:c3:5d:9d:ce:c0:92:51:56:7d:d9:
                    08:94:2e:01:55:6b:f6:df:fd:3d:0d:6f:9b:a8:6b:
                    51:54:16:ca:88:99:e0:91:aa:2d:98:c1:02:92:c0:
                    19:c3:4d:d7:d7:e2:cb:d8:f3:f0:5e:6e:a7:45:86:
                    f7:9a:19:3c:c2:5a:15:62:71:ec:53:03:6c:bd:cb:
                    5c:1a:da:8e:4a:a5:96:3c:04:20:c8:e8:4f:68:1c:
                    6c:86:be:43:5c:4f:71:4f:8c:d7:5b:65:ad:78:b7:
                    c2:25:89:63:a1:89:8a:6b:2b:e6:fc:f9:a3:b6:c3:
                    9b:12:d7:10:cb:20:f8:c6:11:24:d5:70:de:90:0d:
                    f5:d7:fe:f8:2a:47:0e:63:a7:97:b8:b8:be:af:a8:
                    b3:ca:fe:c8:f9:c9:eb:c8:f4:81:6f:0f:ba:52:c4:
                    d3:d1:a9:6d:e0:d5:72:7d:f8:8c:1a:5a:12:10:40:
                    b7:7e:eb:cb:63:1c:e8:52:af:cc:08:23:74:71:78:
                    6c:a8:0e:4c:18:20:70:43:19:59:96:16:3d:92:48:
                    c8:a0:b4:24:fb:07:a5:3c:77:7c:b5:66:29:cf:4c:
                    13:e2:9d:3b:d7:ff:4d:dc:e8:af:e5:9d:45:fc:b6:
                    73:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:2A:AE:8D:F4:C6:32:CD:02:5C:7E:D3:72:5E:F0:5D:42:46:EE:B9
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/JCqujfTGMs0CXH7Tcl7wXUJG7rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:f2:99:40:7f:8f:c5:1f:ad:40:63:71:b2:91:35:d1:9e:50:
         b5:f7:77:99:de:4f:db:e3:cb:72:4f:7f:cf:15:0b:3f:77:b8:
         df:f8:35:02:b0:00:18:24:b6:77:c4:53:e6:d0:db:da:37:e0:
         77:ab:c0:25:93:0a:d5:e9:3b:22:ac:0f:dd:8a:c4:0d:de:90:
         32:08:8c:77:01:8e:97:0d:2b:3b:fa:b1:93:91:67:10:e6:1e:
         bd:d4:8e:21:11:b8:46:ce:fb:5b:61:da:00:cb:46:15:6f:7a:
         c5:b0:2f:81:a4:37:a9:c4:6c:05:3c:af:85:ca:9d:c4:0c:4e:
         8f:3d:4b:e0:e0:ca:2d:c7:80:7f:fb:f7:8e:f8:1a:3b:15:44:
         54:66:29:5e:d2:c2:2f:58:2b:46:11:1c:c9:58:1c:0c:42:94:
         a1:2a:8a:d6:e5:f8:af:0f:d0:68:94:88:88:95:76:38:dc:ae:
         ea:28:45:22:66:93:c9:73:07:2e:cb:91:bd:9e:9d:48:93:12:
         ca:d9:c2:cd:b8:e9:f2:9f:9c:a2:71:c7:85:4f:33:e5:73:1a:
         bb:45:58:d3:15:bf:0b:95:36:4b:ab:be:24:72:6f:97:59:83:
         ef:3e:09:e5:21:29:8e:5e:ba:44:ef:29:88:61:58:27:01:c4:
         62:1e:40:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjIVm5HRBww26o8/irmug22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwODIwMTYzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDJhYWU4ZGY0YzYzMmNkMDI1YzdlZDM3MjVlZjA1ZDQyNDZlZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2V06OVE/SoJA5aNtIIEhYATbq8Nd
nc7AklFWfdkIlC4BVWv23/09DW+bqGtRVBbKiJngkaotmMECksAZw03X1+LL2PPw
Xm6nRYb3mhk8wloVYnHsUwNsvctcGtqOSqWWPAQgyOhPaBxshr5DXE9xT4zXW2Wt
eLfCJYljoYmKayvm/PmjtsObEtcQyyD4xhEk1XDekA311/74KkcOY6eXuLi+r6iz
yv7I+cnryPSBbw+6UsTT0alt4NVyffiMGloSEEC3fuvLYxzoUq/MCCN0cXhsqA5M
GCBwQxlZlhY9kkjIoLQk+welPHd8tWYpz0wT4p071/9N3Oiv5Z1F/LZzOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQqro30xjLNAlx+03Je8F1CRu65MB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvSkNxdWpmVEdNczBDWEg3VGNsN3dYVUpHN3JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFn8XAMA0G
CSqGSIb3DQEBCwUAA4IBAQBN8plAf4/FH61AY3GykTXRnlC193eZ3k/b48tyT3/P
FQs/d7jf+DUCsAAYJLZ3xFPm0NvaN+B3q8AlkwrV6TsirA/disQN3pAyCIx3AY6X
DSs7+rGTkWcQ5h691I4hEbhGzvtbYdoAy0YVb3rFsC+BpDepxGwFPK+Fyp3EDE6P
PUvg4Motx4B/+/eO+Bo7FURUZile0sIvWCtGERzJWBwMQpShKorW5fivD9BolIiI
lXY43K7qKEUiZpPJcwcuy5G9np1IkxLK2cLNuOnyn5yicceFTzPlcxq7RVjTFb8L
lTZLq74kcm+XWYPvPgnlISmOXrpE7ymIYVgnAcRiHkBV
-----END CERTIFICATE-----