Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/JXKXjs5freL2NCneq0B4F-Hx0ZA.roa
File:                     JXKXjs5freL2NCneq0B4F-Hx0ZA.roa (raw, json)
Hash identifier:          F90Lr/0BqQT8Q5zPPmgDaP06VkhdQUxQgdbC1ZCRnUM=
Subject key identifier:   25:72:97:8E:CE:5F:AD:E2:F6:34:29:DE:AB:40:78:17:E1:F1:D1:90
Certificate issuer:       /CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
Certificate serial:       0198BF8A3BEE7926817E83E2546369BB3437
Authority key identifier: 2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/JXKXjs5freL2NCneq0B4F-Hx0ZA.roa
Signing time:             Mon 18 Aug 2025 23:36:04 +0000
ROA not before:           Mon 18 Aug 2025 23:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        193.24.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:8a:3b:ee:79:26:81:7e:83:e2:54:63:69:bb:34:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
        Validity
            Not Before: Aug 18 23:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2572978ece5fade2f63429deab407817e1f1d190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:15:31:30:ae:07:24:11:aa:14:1d:df:ec:b2:
                    2d:e6:7f:d2:c7:e9:fc:a9:44:1f:48:30:d2:64:b6:
                    8d:f9:96:c3:87:2a:75:05:83:f6:16:47:14:cc:e1:
                    7a:82:be:6c:39:bc:a3:80:e7:74:e6:3c:7e:fd:87:
                    f8:ad:3e:02:34:2b:24:9b:0b:52:8f:d8:a7:4f:b1:
                    c8:89:ce:d3:a1:99:a7:6b:68:7d:ec:ea:1e:90:64:
                    db:e1:70:ff:78:f2:01:7a:78:27:84:5a:da:f6:89:
                    29:08:45:33:cb:eb:01:75:1e:b7:c1:17:0c:b7:f2:
                    88:23:44:31:83:15:ff:6d:14:1d:0b:1b:17:4b:97:
                    54:61:9b:e7:56:33:dd:c6:be:3b:8e:f2:5a:f1:97:
                    e5:e6:47:c1:1f:ab:d5:e6:f9:e7:8b:5e:4f:6d:35:
                    83:a7:c3:2d:54:7c:ed:b8:07:4a:e9:99:b5:22:21:
                    1b:e5:b5:ee:0c:28:77:b8:d0:eb:30:ab:0b:5c:35:
                    0f:76:dd:c2:d5:fa:c2:4e:07:7d:f6:8c:c3:a3:e1:
                    a7:ac:2a:99:7d:3a:6a:92:84:d8:06:cf:92:5b:d3:
                    66:bc:ac:3d:20:97:a0:f9:53:25:58:7f:69:34:a6:
                    02:ad:30:ca:e6:58:02:39:dc:65:a0:ce:08:30:25:
                    b9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:72:97:8E:CE:5F:AD:E2:F6:34:29:DE:AB:40:78:17:E1:F1:D1:90
            X509v3 Authority Key Identifier:
                keyid:2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/JXKXjs5freL2NCneq0B4F-Hx0ZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:69:a3:7a:a8:93:53:2c:9a:80:12:44:90:ca:6a:49:53:8f:
         3d:53:f5:b1:d4:a1:43:68:60:8b:8a:97:3f:78:45:6c:c8:38:
         35:a7:70:27:28:c7:4c:04:29:ff:a2:13:04:78:7f:98:b8:9e:
         54:60:0e:ed:61:3f:4c:51:6d:7e:5b:00:c7:d3:03:2b:c1:b1:
         59:49:38:de:00:57:70:2f:59:f2:9c:07:ba:d2:ef:d0:76:7b:
         f7:9b:f2:e2:93:3e:29:fe:a1:99:d7:4b:e2:1e:4c:e4:68:ae:
         dc:dc:97:c3:87:78:3a:ad:7f:3e:bd:fa:5b:03:e1:9d:cd:ad:
         66:a7:ca:d9:cd:a4:75:04:0b:9d:66:d0:b4:82:61:a9:49:34:
         9a:49:0f:9c:ce:36:97:33:79:92:d7:bc:98:1f:d1:27:a4:e1:
         66:05:52:e7:76:c1:bf:81:22:c5:1c:46:05:a1:80:33:82:9c:
         6a:f3:1a:08:a7:bf:4e:94:52:d0:f3:ef:0b:e2:f3:e5:b4:7e:
         7b:25:bb:91:3d:58:e8:5e:69:9c:23:72:4d:55:90:da:7d:15:
         27:01:83:4e:f9:7f:af:ec:aa:99:44:d6:04:35:47:cc:d3:a2:
         76:4b:20:14:6d:73:12:6c:66:8e:28:ba:d5:94:1e:7f:8b:4b:
         0e:76:47:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/ijvueSaBfoPiVGNpuzQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYjgyODBjNmNiN2RiM2UwNzM5NTBkNTM1ZDZkOGM3MDVk
OTBiODcwHhcNMjUwODE4MjMzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTcyOTc4ZWNlNWZhZGUyZjYzNDI5ZGVhYjQwNzgxN2UxZjFkMTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBUxMK4HJBGqFB3f7LIt5n/Sx+n8
qUQfSDDSZLaN+ZbDhyp1BYP2FkcUzOF6gr5sObyjgOd05jx+/Yf4rT4CNCskmwtS
j9inT7HIic7ToZmna2h97OoekGTb4XD/ePIBengnhFra9okpCEUzy+sBdR63wRcM
t/KII0QxgxX/bRQdCxsXS5dUYZvnVjPdxr47jvJa8Zfl5kfBH6vV5vnni15PbTWD
p8MtVHztuAdK6Zm1IiEb5bXuDCh3uNDrMKsLXDUPdt3C1frCTgd99ozDo+GnrCqZ
fTpqkoTYBs+SW9NmvKw9IJeg+VMlWH9pNKYCrTDK5lgCOdxloM4IMCW54QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVyl47OX63i9jQp3qtAeBfh8dGQMB8GA1UdIwQY
MBaAFC+4KAxst9s+BzlQ1TXW2McF2QuHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQt
OWZkYjVjNTVhZTUwLzEvSlhLWGpzNWZyZUwyTkNuZXEwQjRGLUh4MFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQtOWZkYjVjNTVhZTUw
LzEvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh5MA0G
CSqGSIb3DQEBCwUAA4IBAQDMaaN6qJNTLJqAEkSQympJU489U/Wx1KFDaGCLipc/
eEVsyDg1p3AnKMdMBCn/ohMEeH+YuJ5UYA7tYT9MUW1+WwDH0wMrwbFZSTjeAFdw
L1nynAe60u/Qdnv3m/Likz4p/qGZ10viHkzkaK7c3JfDh3g6rX8+vfpbA+Gdza1m
p8rZzaR1BAudZtC0gmGpSTSaSQ+czjaXM3mS17yYH9EnpOFmBVLndsG/gSLFHEYF
oYAzgpxq8xoIp79OlFLQ8+8L4vPltH57JbuRPVjoXmmcI3JNVZDafRUnAYNO+X+v
7KqZRNYENUfM06J2SyAUbXMSbGaOKLrVlB5/i0sOdkc2
-----END CERTIFICATE-----