Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jgxKGD4lSkRh1rjKkVC5AKmJ8LU.roa
File:                     jgxKGD4lSkRh1rjKkVC5AKmJ8LU.roa (raw, json)
Hash identifier:          y9frFoLONwNKtplDGt8qQinRG1p7NsmYPr7oKL1RbVw=
Subject key identifier:   8E:0C:4A:18:3E:25:4A:44:61:D6:B8:CA:91:50:B9:00:A9:89:F0:B5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019DB079E21BA307E9BB0F87312A0A2D0709
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jgxKGD4lSkRh1rjKkVC5AKmJ8LU.roa
Signing time:             Tue 21 Apr 2026 14:37:50 +0000
ROA not before:           Tue 21 Apr 2026 14:37:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201176
IP address blocks:        5.253.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 21:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:79:e2:1b:a3:07:e9:bb:0f:87:31:2a:0a:2d:07:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 21 14:37:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e0c4a183e254a4461d6b8ca9150b900a989f0b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ff:3b:7f:25:37:22:c9:a0:d9:4d:9e:a8:5a:
                    2c:ac:e8:37:7c:67:ae:8f:ab:a7:a0:99:25:f7:90:
                    a4:3b:77:a6:16:69:bd:4a:ec:73:eb:17:ff:64:ca:
                    6a:70:6f:7e:77:e2:e7:ac:86:2c:9f:c2:70:33:0b:
                    ef:de:2b:61:ea:cb:e1:b9:bb:4a:f3:45:c9:53:e1:
                    2d:34:db:8f:b2:15:ff:d4:29:ec:c0:09:59:4d:d2:
                    9d:e1:27:f9:0a:37:ce:9b:fb:64:44:e0:9c:66:f3:
                    86:b8:cb:84:d4:5b:41:e5:43:40:3a:83:8c:78:ad:
                    b9:fc:42:ba:2c:61:c2:7f:c8:c8:b7:41:19:e3:88:
                    f9:17:1b:50:90:cd:bd:07:c1:87:f2:30:8f:c7:03:
                    e6:e2:5e:b4:b1:9b:61:35:2b:f3:40:f7:22:ea:07:
                    30:1f:ab:a6:b9:28:db:ce:ea:d9:a4:65:a8:94:3a:
                    1c:75:b9:aa:70:d4:68:a6:77:df:6e:f3:7d:2d:a9:
                    a1:a0:44:d6:ee:19:d0:9c:84:5b:53:c5:80:2d:c7:
                    2e:68:7f:d4:7d:cf:98:16:c7:82:04:21:0f:0f:ce:
                    6f:92:04:91:bf:55:73:6e:8f:ef:69:b4:ed:d0:31:
                    b0:5b:37:9d:19:09:83:f4:6e:2e:8f:0c:2c:0e:6d:
                    07:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0C:4A:18:3E:25:4A:44:61:D6:B8:CA:91:50:B9:00:A9:89:F0:B5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jgxKGD4lSkRh1rjKkVC5AKmJ8LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:13:13:79:76:65:58:c7:ad:bd:3e:cd:0d:ae:00:8f:72:e4:
         d4:89:86:b1:71:cd:90:50:d1:00:37:37:c1:05:db:4a:e6:73:
         62:72:70:79:f0:01:8e:82:a1:6c:b5:b7:be:14:f3:6b:7a:98:
         7d:10:f7:12:4a:02:08:88:d9:22:f5:d0:a1:30:fa:cd:64:1c:
         54:02:46:dd:06:c4:05:b4:e3:f1:6d:7a:27:b0:2b:fa:1f:c7:
         70:f8:21:50:32:ca:dd:f3:93:82:6b:c8:d0:0f:9c:4d:0f:ac:
         f2:bf:c2:5c:c1:62:64:c0:6d:a9:6b:ff:8d:c6:47:eb:b5:2e:
         8b:4e:e3:79:5f:5e:77:2e:77:46:14:e8:07:65:54:b2:8c:78:
         43:2b:85:68:70:5e:f5:b9:2b:4b:74:4c:c1:7e:94:32:07:b8:
         57:ec:44:3a:6e:f9:a9:4e:fd:17:43:f3:eb:0b:e8:87:b6:37:
         e3:f9:d4:d2:91:19:7f:97:83:aa:b1:bb:e1:ac:27:dc:90:e6:
         27:4e:d3:2a:6f:48:5f:85:47:cf:9e:d2:10:2c:92:5c:b2:26:
         1d:fe:23:91:6b:e6:25:ce:3f:3e:36:25:e6:be:17:f7:6c:42:
         02:78:7b:3f:78:1e:90:29:b7:df:f5:2b:44:b7:69:d5:5d:5e:
         29:9f:45:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2weeIbowfpuw+HMSoKLQcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDIxMTQzNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBjNGExODNlMjU0YTQ0NjFkNmI4Y2E5MTUwYjkwMGE5ODlmMGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf87fyU3Ismg2U2eqFosrOg3fGeu
j6unoJkl95CkO3emFmm9Suxz6xf/ZMpqcG9+d+LnrIYsn8JwMwvv3ith6svhubtK
80XJU+EtNNuPshX/1CnswAlZTdKd4Sf5CjfOm/tkROCcZvOGuMuE1FtB5UNAOoOM
eK25/EK6LGHCf8jIt0EZ44j5FxtQkM29B8GH8jCPxwPm4l60sZthNSvzQPci6gcw
H6umuSjbzurZpGWolDocdbmqcNRopnffbvN9LamhoETW7hnQnIRbU8WALccuaH/U
fc+YFseCBCEPD85vkgSRv1Vzbo/vabTt0DGwWzedGQmD9G4ujwwsDm0HvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4MShg+JUpEYda4ypFQuQCpifC1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvamd4S0dENGxTa1JoMXJqS2tWQzVBS21KOExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf1CMA0G
CSqGSIb3DQEBCwUAA4IBAQCbExN5dmVYx629Ps0NrgCPcuTUiYaxcc2QUNEANzfB
BdtK5nNicnB58AGOgqFstbe+FPNreph9EPcSSgIIiNki9dChMPrNZBxUAkbdBsQF
tOPxbXonsCv6H8dw+CFQMsrd85OCa8jQD5xND6zyv8JcwWJkwG2pa/+NxkfrtS6L
TuN5X153LndGFOgHZVSyjHhDK4VocF71uStLdEzBfpQyB7hX7EQ6bvmpTv0XQ/Pr
C+iHtjfj+dTSkRl/l4OqsbvhrCfckOYnTtMqb0hfhUfPntIQLJJcsiYd/iORa+Yl
zj8+NiXmvhf3bEICeHs/eB6QKbff9StEt2nVXV4pn0XV
-----END CERTIFICATE-----