Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J8B9b5nFvg0BXqbPVc8DoON7oaI.roa
File:                     J8B9b5nFvg0BXqbPVc8DoON7oaI.roa (raw, json)
Hash identifier:          ZBKlCuKxq+Fhxp6ngyIeTvrnOGmVjLjKODM2yKkJTGk=
Subject key identifier:   27:C0:7D:6F:99:C5:BE:0D:01:5E:A6:CF:55:CF:03:A0:E3:7B:A1:A2
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01979C4F64F8F663856D67B4247A3D54B472
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J8B9b5nFvg0BXqbPVc8DoON7oaI.roa
Signing time:             Mon 23 Jun 2025 10:22:18 +0000
ROA not before:           Mon 23 Jun 2025 10:22:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        176.57.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 01:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:4f:64:f8:f6:63:85:6d:67:b4:24:7a:3d:54:b4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 23 10:22:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27c07d6f99c5be0d015ea6cf55cf03a0e37ba1a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:15:c9:16:9c:d3:b0:22:ed:e2:2a:f3:4f:45:
                    bd:d5:a0:da:f7:b0:f1:b6:c6:07:43:7d:85:06:90:
                    3a:17:9f:9f:aa:78:2a:77:cc:01:e3:c0:19:31:ca:
                    6c:d2:e9:7d:c9:f1:0a:f4:55:63:8b:45:a0:47:56:
                    3d:0f:5f:39:47:4e:ef:cb:49:56:bb:51:b3:9f:64:
                    9f:2f:23:cd:dd:83:8e:b5:b4:2e:da:77:33:77:48:
                    ec:a5:79:3d:42:ac:eb:b5:4e:4e:76:af:80:de:68:
                    31:fa:69:8a:c3:b6:15:12:42:9a:ef:9e:c1:4d:66:
                    ea:70:64:d6:ec:33:30:43:34:4e:1c:80:b5:4e:79:
                    fa:77:8b:8f:40:6b:6d:ab:fe:dd:78:a3:8f:2b:17:
                    21:4f:24:65:f7:8d:05:83:e5:d2:a6:fc:21:31:14:
                    d9:2f:be:8d:15:68:a1:26:b0:07:a5:29:df:6e:74:
                    79:f6:a6:a1:0f:6e:dc:8a:b1:ed:7d:59:fe:bc:aa:
                    f4:40:80:73:d5:31:b0:30:45:6b:2c:08:01:f7:03:
                    c6:a5:83:a2:2d:e9:4c:01:27:2e:ce:4c:48:0a:68:
                    89:af:9d:57:05:2b:f8:f3:08:f2:80:2e:9e:7b:c3:
                    93:37:2b:40:e0:a2:6a:47:8f:3f:4c:12:5f:47:c5:
                    cc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C0:7D:6F:99:C5:BE:0D:01:5E:A6:CF:55:CF:03:A0:E3:7B:A1:A2
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/J8B9b5nFvg0BXqbPVc8DoON7oaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:09:36:52:2f:60:fe:6f:0e:f1:23:47:47:1f:aa:4a:e3:9a:
         48:cb:e5:f5:3a:9f:eb:86:6d:1d:f6:82:4f:8f:f0:c4:e0:55:
         f2:9c:ec:00:30:50:2d:50:bc:ca:d3:21:8a:cf:f9:ca:1e:f8:
         b3:88:73:d3:01:7d:94:0f:30:00:49:50:4d:6e:a8:b5:ca:47:
         af:54:ef:d5:01:7c:09:87:88:a4:a9:7d:64:bb:ba:99:63:d4:
         09:f2:a6:41:da:e5:8f:4c:6f:64:85:fc:2d:96:6f:94:eb:f9:
         f1:a9:4a:ef:15:52:60:ea:4e:c3:c7:6e:a6:86:7b:11:36:34:
         0c:f8:46:24:50:7b:50:c2:01:8a:0a:5d:bd:57:c7:31:09:ce:
         bb:ad:44:25:5d:22:87:7a:53:39:51:7d:d5:c8:7c:55:ad:fc:
         2a:2e:5a:46:86:64:76:31:0e:6b:b4:e1:9e:29:8d:f8:37:51:
         5a:d1:f9:93:57:c2:ad:5b:77:d3:a7:41:10:e5:dd:c1:04:06:
         42:5e:31:47:12:6f:f8:60:b2:70:a9:05:1a:01:2a:a2:ed:34:
         55:d0:e1:5b:21:0c:db:d1:46:00:d9:39:39:3a:c9:17:58:5b:
         80:f3:26:91:51:5b:96:53:39:84:21:83:d3:a9:f6:d3:fe:88:
         4b:0a:41:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZecT2T49mOFbWe0JHo9VLRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNjIzMTAyMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2MwN2Q2Zjk5YzViZTBkMDE1ZWE2Y2Y1NWNmMDNhMGUzN2JhMWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxXJFpzTsCLt4irzT0W91aDa97Dx
tsYHQ32FBpA6F5+fqngqd8wB48AZMcps0ul9yfEK9FVji0WgR1Y9D185R07vy0lW
u1Gzn2SfLyPN3YOOtbQu2nczd0jspXk9QqzrtU5Odq+A3mgx+mmKw7YVEkKa757B
TWbqcGTW7DMwQzROHIC1Tnn6d4uPQGttq/7deKOPKxchTyRl940Fg+XSpvwhMRTZ
L76NFWihJrAHpSnfbnR59qahD27cirHtfVn+vKr0QIBz1TGwMEVrLAgB9wPGpYOi
LelMAScuzkxICmiJr51XBSv48wjygC6ee8OTNytA4KJqR48/TBJfR8XMkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfAfW+Zxb4NAV6mz1XPA6Dje6GiMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSjhCOWI1bkZ2ZzBCWHFiUFZjOERvT043b2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkyMA0G
CSqGSIb3DQEBCwUAA4IBAQAICTZSL2D+bw7xI0dHH6pK45pIy+X1Op/rhm0d9oJP
j/DE4FXynOwAMFAtULzK0yGKz/nKHviziHPTAX2UDzAASVBNbqi1ykevVO/VAXwJ
h4ikqX1ku7qZY9QJ8qZB2uWPTG9khfwtlm+U6/nxqUrvFVJg6k7Dx26mhnsRNjQM
+EYkUHtQwgGKCl29V8cxCc67rUQlXSKHelM5UX3VyHxVrfwqLlpGhmR2MQ5rtOGe
KY34N1Fa0fmTV8KtW3fTp0EQ5d3BBAZCXjFHEm/4YLJwqQUaASqi7TRV0OFbIQzb
0UYA2Tk5OskXWFuA8yaRUVuWUzmEIYPTqfbT/ohLCkHo
-----END CERTIFICATE-----