Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/J0qDch9bmc4-jj3KVwyawcZTcIY.roa
File:                     J0qDch9bmc4-jj3KVwyawcZTcIY.roa (raw, json)
Hash identifier:          KeLKPW6HSxmU9wWYYOZ9HD4+ay4hwZg0X6VOaaTKWQE=
Subject key identifier:   27:4A:83:72:1F:5B:99:CE:3E:8E:3D:CA:57:0C:9A:C1:C6:53:70:86
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019985C4FA05BDB1AD402828655BD7CDE4F8
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/J0qDch9bmc4-jj3KVwyawcZTcIY.roa
Signing time:             Fri 26 Sep 2025 11:25:02 +0000
ROA not before:           Fri 26 Sep 2025 11:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35645
IP address blocks:        193.232.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:c4:fa:05:bd:b1:ad:40:28:28:65:5b:d7:cd:e4:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Sep 26 11:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=274a83721f5b99ce3e8e3dca570c9ac1c6537086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:50:3d:17:8d:c5:61:38:0a:84:a3:d0:58:28:
                    d7:d3:d3:7c:e0:dc:43:1c:a2:c7:61:ca:31:42:55:
                    31:8e:f1:56:47:89:44:b3:41:f1:e8:a0:cd:c2:b7:
                    f6:75:93:b2:06:8a:cb:23:29:43:6e:1f:60:fe:31:
                    70:88:84:06:dd:c7:27:65:94:8e:6d:15:e8:f2:75:
                    c5:eb:a1:9b:fa:f1:6f:f2:13:00:e9:db:89:f4:82:
                    e7:0f:05:d9:35:65:76:35:04:6d:f2:76:b0:88:b2:
                    72:f8:cd:b0:19:70:fc:fd:e4:d5:22:58:3b:13:ba:
                    ee:f2:66:a4:ad:e2:d6:3e:81:f8:b4:f4:7b:0f:fb:
                    53:80:ce:4f:c4:6b:3f:0d:2d:35:31:2e:64:82:70:
                    5c:66:82:df:39:af:3d:35:3d:83:f3:b2:b5:7f:17:
                    8f:3a:1a:6a:fc:89:c2:f7:df:bd:79:70:20:61:eb:
                    c2:39:65:7d:5f:bf:4e:88:4a:ba:92:ad:bf:27:eb:
                    17:d7:5a:38:dd:46:82:41:af:93:07:4c:8f:7b:a1:
                    53:5d:60:70:f9:22:13:94:a8:e6:b4:49:8e:00:60:
                    dc:3c:aa:bd:39:c5:5b:27:37:68:fc:e7:fd:0d:7c:
                    db:b9:27:8e:f8:aa:bd:1c:45:46:59:7e:e0:b5:ac:
                    28:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4A:83:72:1F:5B:99:CE:3E:8E:3D:CA:57:0C:9A:C1:C6:53:70:86
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/J0qDch9bmc4-jj3KVwyawcZTcIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:c8:1c:a8:2a:9b:b8:ad:5f:e6:f2:b2:2d:ca:67:6e:46:79:
         82:42:1c:13:fa:84:9f:e1:c1:8c:42:f0:4e:ee:4d:22:39:0d:
         2a:15:38:2b:e6:d3:15:c5:9c:24:7a:b8:74:48:8b:2e:a3:e1:
         ec:47:39:c7:09:c1:bf:8f:a4:a1:cc:eb:4e:85:31:08:36:e7:
         60:48:6a:8a:0e:bb:32:70:dc:de:7f:aa:09:c7:77:2c:93:1e:
         2a:9b:1c:e1:a1:d0:a6:49:ff:3a:0f:f6:8d:7d:2f:47:6b:f5:
         b1:5b:d4:c6:45:00:49:33:98:d7:50:81:2d:f4:43:c1:69:89:
         62:35:ee:64:8e:8a:ca:0f:b0:6f:9b:61:9d:18:00:2a:8f:42:
         38:50:a0:07:12:e6:5f:3f:1f:88:0a:44:2b:09:41:46:32:19:
         6c:95:1a:ce:25:a9:ed:77:71:75:00:a7:1e:68:e6:0f:34:f8:
         02:79:4b:b4:58:56:55:b6:1f:6d:2b:59:9d:20:47:0e:f4:0d:
         00:e3:b6:ae:a4:92:fd:78:92:c7:2b:5a:d9:94:47:e1:a1:c2:
         0e:de:df:e3:47:1f:dd:88:b6:f1:09:d7:1a:d5:81:69:06:23:
         ff:16:d5:12:62:a6:1f:a3:e5:40:60:46:0c:3b:75:4b:24:2f:
         cb:ca:80:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmFxPoFvbGtQCgoZVvXzeT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwOTI2MTEyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRhODM3MjFmNWI5OWNlM2U4ZTNkY2E1NzBjOWFjMWM2NTM3MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFA9F43FYTgKhKPQWCjX09N84NxD
HKLHYcoxQlUxjvFWR4lEs0Hx6KDNwrf2dZOyBorLIylDbh9g/jFwiIQG3ccnZZSO
bRXo8nXF66Gb+vFv8hMA6duJ9ILnDwXZNWV2NQRt8nawiLJy+M2wGXD8/eTVIlg7
E7ru8makreLWPoH4tPR7D/tTgM5PxGs/DS01MS5kgnBcZoLfOa89NT2D87K1fxeP
Ohpq/InC99+9eXAgYevCOWV9X79OiEq6kq2/J+sX11o43UaCQa+TB0yPe6FTXWBw
+SITlKjmtEmOAGDcPKq9OcVbJzdo/Of9DXzbuSeO+Kq9HEVGWX7gtawoWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdKg3IfW5nOPo49ylcMmsHGU3CGMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvSjBxRGNoOWJtYzQtamozS1Z3eWF3Y1pUY0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwegIMA0G
CSqGSIb3DQEBCwUAA4IBAQAxyByoKpu4rV/m8rItymduRnmCQhwT+oSf4cGMQvBO
7k0iOQ0qFTgr5tMVxZwkerh0SIsuo+HsRznHCcG/j6ShzOtOhTEINudgSGqKDrsy
cNzef6oJx3cskx4qmxzhodCmSf86D/aNfS9Ha/WxW9TGRQBJM5jXUIEt9EPBaYli
Ne5kjorKD7Bvm2GdGAAqj0I4UKAHEuZfPx+ICkQrCUFGMhlslRrOJantd3F1AKce
aOYPNPgCeUu0WFZVth9tK1mdIEcO9A0A47aupJL9eJLHK1rZlEfhocIO3t/jRx/d
iLbxCdca1YFpBiP/FtUSYqYfo+VAYEYMO3VLJC/LyoDO
-----END CERTIFICATE-----