Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/JCGWxFZOAT1PTlX2DjX3MLahTGI.roa
File:                     JCGWxFZOAT1PTlX2DjX3MLahTGI.roa (raw, json)
Hash identifier:          reYZrRa8EPjXUGiI4oowhgBkUivqPdhb4h9UUwslPxE=
Subject key identifier:   24:21:96:C4:56:4E:01:3D:4F:4E:55:F6:0E:35:F7:30:B6:A1:4C:62
Certificate issuer:       /CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
Certificate serial:       0197825414A046B5F998911280FB3B853559
Authority key identifier: 69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/JCGWxFZOAT1PTlX2DjX3MLahTGI.roa
Signing time:             Wed 18 Jun 2025 09:17:17 +0000
ROA not before:           Wed 18 Jun 2025 09:17:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29311
IP address blocks:        159.46.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:54:14:a0:46:b5:f9:98:91:12:80:fb:3b:85:35:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
        Validity
            Not Before: Jun 18 09:17:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=242196c4564e013d4f4e55f60e35f730b6a14c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:20:24:39:50:e4:03:d0:60:20:61:c0:15:1f:
                    68:af:6b:0e:27:c3:f9:64:15:98:db:31:82:85:1a:
                    0c:ee:ab:00:a8:02:0d:9d:de:45:3e:db:1f:ed:f5:
                    60:c9:06:03:64:1b:28:c1:c3:03:61:52:99:6c:f4:
                    16:4f:23:b9:6e:b3:17:e6:c3:b7:3f:0d:29:1e:90:
                    17:5f:d1:44:77:8e:8a:8b:be:6a:9e:46:cb:d0:a1:
                    4f:9b:14:f9:77:18:59:09:09:c7:8b:ad:af:3b:19:
                    c4:95:24:1a:a3:0e:27:d5:5a:16:65:3c:ba:cc:b3:
                    91:44:bc:b5:59:a2:1c:53:49:12:1f:2d:fc:2a:86:
                    ef:3d:21:1e:9f:0e:04:1c:19:fb:26:21:57:84:82:
                    a5:74:6e:03:cf:c4:7a:30:9a:6c:be:b2:20:a4:7a:
                    32:0e:d2:cb:d3:99:4a:db:2b:03:81:6a:5c:7f:f1:
                    7d:f5:bb:56:58:02:46:a2:5b:0c:6d:18:f2:31:66:
                    8d:2b:32:0e:b1:95:be:97:a9:ee:84:e2:e1:f5:0d:
                    d3:0a:7c:0f:ea:9b:c2:cf:8c:04:43:f2:c9:f4:a0:
                    b7:33:1a:94:9d:a1:a0:ed:7e:95:36:9c:e2:bf:8a:
                    e3:2e:80:c6:fd:76:6f:17:9c:39:04:54:7e:c3:da:
                    f3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:21:96:C4:56:4E:01:3D:4F:4E:55:F6:0E:35:F7:30:B6:A1:4C:62
            X509v3 Authority Key Identifier:
                keyid:69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/JCGWxFZOAT1PTlX2DjX3MLahTGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.46.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5d:9c:b8:16:53:16:03:61:10:f9:e4:d0:46:47:19:b6:d6:ee:
         a1:43:a9:92:e8:a2:8d:00:3d:b9:b1:17:87:6f:15:9d:00:89:
         5d:7f:84:57:6c:22:3c:40:87:07:25:49:e7:77:64:5d:f8:77:
         b9:d4:1b:5a:b9:0c:7d:46:70:fb:9e:84:47:2e:6d:9d:b9:d8:
         03:a7:7a:fb:73:52:36:63:dd:b6:08:c2:4c:72:ab:e0:12:09:
         77:ce:6e:24:54:9f:93:c1:37:d8:28:db:88:ac:73:2d:2e:fd:
         ad:99:32:d2:9d:21:d8:25:bb:ab:14:07:e3:bf:f8:93:97:82:
         39:eb:84:4b:69:ae:a9:7e:78:a0:b8:4f:f4:1d:fd:b9:6c:c5:
         dd:f5:e5:5a:c0:7d:64:9f:68:d1:9f:a7:0e:0c:03:92:e8:47:
         60:69:9e:ed:ac:22:b6:3d:52:8f:a7:56:ae:10:ea:0c:2a:01:
         a8:f1:45:bd:32:68:1d:1e:a5:3c:66:b0:2f:38:a9:29:4b:46:
         53:a8:82:ff:39:44:36:8d:82:cb:cb:63:f9:fd:b2:2f:82:09:
         24:25:5b:52:5b:d1:80:31:c2:0e:9f:cb:85:71:91:3a:11:f9:
         37:01:cf:26:aa:f3:81:ec:f3:46:28:73:fc:1f:fd:c7:e9:76:
         02:7b:b6:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCVBSgRrX5mJESgPs7hTVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MmNmODU3MjM0NGMwYTY3NGE2N2QwZjRiNTFmMTg2ZThh
NzFjNGIwHhcNMjUwNjE4MDkxNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDIxOTZjNDU2NGUwMTNkNGY0ZTU1ZjYwZTM1ZjczMGI2YTE0YzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiAkOVDkA9BgIGHAFR9or2sOJ8P5
ZBWY2zGChRoM7qsAqAINnd5FPtsf7fVgyQYDZBsowcMDYVKZbPQWTyO5brMX5sO3
Pw0pHpAXX9FEd46Ki75qnkbL0KFPmxT5dxhZCQnHi62vOxnElSQaow4n1VoWZTy6
zLORRLy1WaIcU0kSHy38KobvPSEenw4EHBn7JiFXhIKldG4Dz8R6MJpsvrIgpHoy
DtLL05lK2ysDgWpcf/F99btWWAJGolsMbRjyMWaNKzIOsZW+l6nuhOLh9Q3TCnwP
6pvCz4wEQ/LJ9KC3MxqUnaGg7X6VNpziv4rjLoDG/XZvF5w5BFR+w9rzlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQhlsRWTgE9T05V9g419zC2oUxiMB8GA1UdIwQY
MBaAFGks+FcjRMCmdKZ9D0tR8YbopxxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgt
YWYzOWJiMDMwOTdmLzEvSkNHV3hGWk9BVDFQVGxYMkRqWDNNTGFoVEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgtYWYzOWJiMDMwOTdm
LzEvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGny7AMA0G
CSqGSIb3DQEBCwUAA4IBAQBdnLgWUxYDYRD55NBGRxm21u6hQ6mS6KKNAD25sReH
bxWdAIldf4RXbCI8QIcHJUnnd2Rd+He51BtauQx9RnD7noRHLm2dudgDp3r7c1I2
Y922CMJMcqvgEgl3zm4kVJ+TwTfYKNuIrHMtLv2tmTLSnSHYJburFAfjv/iTl4I5
64RLaa6pfniguE/0Hf25bMXd9eVawH1kn2jRn6cODAOS6EdgaZ7trCK2PVKPp1au
EOoMKgGo8UW9MmgdHqU8ZrAvOKkpS0ZTqIL/OUQ2jYLLy2P5/bIvggkkJVtSW9GA
McIOn8uFcZE6Efk3Ac8mqvOB7PNGKHP8H/3H6XYCe7YG
-----END CERTIFICATE-----