Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/jytXleuPSXKJn3uQWWaoGaj4Xmc.roa
File:                     jytXleuPSXKJn3uQWWaoGaj4Xmc.roa (raw, json)
Hash identifier:          cKu9EW77Y32V8IP1VFJqq3q2CTjtGGwu/+qIVswSU0A=
Subject key identifier:   8F:2B:57:95:EB:8F:49:72:89:9F:7B:90:59:66:A8:19:A8:F8:5E:67
Certificate issuer:       /CN=bcc860d954974dca91d5b347b63b22653667da6d
Certificate serial:       01989EA585F8EC5673A07C8A0A9FF9FCAF9F
Authority key identifier: BC:C8:60:D9:54:97:4D:CA:91:D5:B3:47:B6:3B:22:65:36:67:DA:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMhg2VSXTcqR1bNHtjsiZTZn2m0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/jytXleuPSXKJn3uQWWaoGaj4Xmc.roa
Signing time:             Tue 12 Aug 2025 14:18:24 +0000
ROA not before:           Tue 12 Aug 2025 14:18:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199509
IP address blocks:        217.171.232.0/21 maxlen: 21
                          217.171.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/vMhg2VSXTcqR1bNHtjsiZTZn2m0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/vMhg2VSXTcqR1bNHtjsiZTZn2m0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vMhg2VSXTcqR1bNHtjsiZTZn2m0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:a5:85:f8:ec:56:73:a0:7c:8a:0a:9f:f9:fc:af:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc860d954974dca91d5b347b63b22653667da6d
        Validity
            Not Before: Aug 12 14:18:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f2b5795eb8f4972899f7b905966a819a8f85e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a3:0d:57:9e:07:35:0c:5c:8c:9b:4b:31:32:
                    3a:73:74:ae:11:27:e0:88:bc:78:6f:13:be:56:ca:
                    f3:28:0c:59:fd:e7:9d:f6:fc:26:b7:0f:77:75:89:
                    3c:99:79:95:72:ba:b2:2d:b9:1f:9a:cb:cc:61:08:
                    f2:3c:4a:75:23:4c:2a:d3:20:5e:3a:c4:ba:2e:0f:
                    5e:83:1a:bd:d8:c8:d1:8f:7a:38:a6:d8:76:64:a6:
                    14:4d:55:ab:13:66:0f:9b:26:85:58:7c:6d:41:48:
                    03:ef:5d:b6:06:d1:a3:9b:e9:36:4c:ee:81:d6:1f:
                    26:0e:09:69:26:6e:b6:92:0e:aa:be:7d:ca:c7:9e:
                    09:6e:60:d1:c6:b1:98:ec:22:1b:9c:1f:2a:e0:93:
                    6f:5d:f3:ca:09:bf:4b:a1:1c:6e:83:0f:ed:1a:58:
                    67:76:11:ae:b8:f4:71:db:a3:95:76:24:4c:e0:48:
                    2e:d8:ee:7b:18:d0:0c:60:1a:bf:7c:fd:af:7b:3b:
                    62:56:c7:6d:f4:61:bb:8b:35:74:56:06:73:ce:5f:
                    51:c2:f9:a6:02:1f:0d:1c:ec:04:51:74:c2:85:b8:
                    7f:44:e6:d6:1e:0d:ed:f2:84:03:b0:9f:ee:7d:ac:
                    fb:a7:77:51:26:09:7d:39:9a:1d:aa:2c:83:0e:f1:
                    f1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2B:57:95:EB:8F:49:72:89:9F:7B:90:59:66:A8:19:A8:F8:5E:67
            X509v3 Authority Key Identifier:
                keyid:BC:C8:60:D9:54:97:4D:CA:91:D5:B3:47:B6:3B:22:65:36:67:DA:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMhg2VSXTcqR1bNHtjsiZTZn2m0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/jytXleuPSXKJn3uQWWaoGaj4Xmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/439878-4a95-4478-8163-f370f04265a5/1/vMhg2VSXTcqR1bNHtjsiZTZn2m0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.171.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:3a:4e:d1:01:2b:67:c8:12:86:7f:20:b0:6a:fe:bc:40:b2:
         92:96:0a:96:f4:38:35:ce:cd:bf:b5:e5:0f:46:d8:fd:03:59:
         0c:0f:51:33:6f:89:ea:43:ab:7d:2f:31:1d:85:ca:7a:86:91:
         b5:b7:46:56:d9:57:ee:8b:fb:61:a1:42:ab:f6:6e:47:79:d7:
         7d:93:48:24:a2:ff:88:2a:c6:90:ce:e7:d3:39:bd:2f:00:c5:
         69:5c:9b:01:db:94:7b:b3:0c:49:b9:f2:cf:8d:bf:4e:ab:e9:
         93:20:ad:a3:73:da:98:8c:20:71:95:84:46:e5:d1:7b:d2:ff:
         30:e9:e2:ed:0d:60:59:31:c6:57:cd:59:83:75:35:c5:25:4a:
         66:53:46:63:97:93:0e:fd:14:16:16:cc:83:bc:3a:7b:f0:53:
         1b:03:9d:b3:d0:9d:ee:ae:ce:29:57:99:7a:cd:24:0d:d0:4b:
         7d:cf:bc:ad:ea:c1:be:06:1c:43:14:be:31:40:f7:71:e7:e3:
         83:ab:a3:50:15:9a:61:44:14:d2:3f:83:01:d5:7c:50:c5:41:
         c6:83:91:78:09:bc:b9:12:5a:d5:e1:bf:33:bd:ec:a4:ff:3f:
         08:f7:42:db:06:6c:59:78:86:f0:c2:8c:6c:2b:8a:90:87:79:
         06:45:3f:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiepYX47FZzoHyKCp/5/K+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzg2MGQ5NTQ5NzRkY2E5MWQ1YjM0N2I2M2IyMjY1MzY2
N2RhNmQwHhcNMjUwODEyMTQxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJiNTc5NWViOGY0OTcyODk5ZjdiOTA1OTY2YTgxOWE4Zjg1ZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaMNV54HNQxcjJtLMTI6c3SuESfg
iLx4bxO+VsrzKAxZ/eed9vwmtw93dYk8mXmVcrqyLbkfmsvMYQjyPEp1I0wq0yBe
OsS6Lg9egxq92MjRj3o4pth2ZKYUTVWrE2YPmyaFWHxtQUgD7122BtGjm+k2TO6B
1h8mDglpJm62kg6qvn3Kx54JbmDRxrGY7CIbnB8q4JNvXfPKCb9LoRxugw/tGlhn
dhGuuPRx26OVdiRM4Egu2O57GNAMYBq/fP2veztiVsdt9GG7izV0VgZzzl9Rwvmm
Ah8NHOwEUXTChbh/RObWHg3t8oQDsJ/ufaz7p3dRJgl9OZodqiyDDvHxUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8rV5Xrj0lyiZ97kFlmqBmo+F5nMB8GA1UdIwQY
MBaAFLzIYNlUl03KkdWzR7Y7ImU2Z9ptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1oZzJWU1hUY3FSMWJOSHRqc2laVFpuMm0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80Mzk4NzgtNGE5NS00NDc4LTgxNjMt
ZjM3MGYwNDI2NWE1LzEvanl0WGxldVBTWEtKbjN1UVdXYW9HYWo0WG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80Mzk4NzgtNGE5NS00NDc4LTgxNjMtZjM3MGYwNDI2NWE1
LzEvdk1oZzJWU1hUY3FSMWJOSHRqc2laVFpuMm0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2avoMA0G
CSqGSIb3DQEBCwUAA4IBAQAFOk7RAStnyBKGfyCwav68QLKSlgqW9Dg1zs2/teUP
Rtj9A1kMD1Ezb4nqQ6t9LzEdhcp6hpG1t0ZW2Vfui/thoUKr9m5Hedd9k0gkov+I
KsaQzufTOb0vAMVpXJsB25R7swxJufLPjb9Oq+mTIK2jc9qYjCBxlYRG5dF70v8w
6eLtDWBZMcZXzVmDdTXFJUpmU0Zjl5MO/RQWFsyDvDp78FMbA52z0J3urs4pV5l6
zSQN0Et9z7yt6sG+BhxDFL4xQPdx5+ODq6NQFZphRBTSP4MB1XxQxUHGg5F4Cby5
ElrV4b8zveyk/z8I90LbBmxZeIbwwoxsK4qQh3kGRT+L
-----END CERTIFICATE-----