Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/RJKreN_FmvNV_RfwBcNAoL8JUJM.roa
File:                     RJKreN_FmvNV_RfwBcNAoL8JUJM.roa (raw, json)
Hash identifier:          0ypObee2SkzCQPtQl3WceDbglCKspRmn8GzCyM3NmHo=
Subject key identifier:   44:92:AB:78:DF:C5:9A:F3:55:FD:17:F0:05:C3:40:A0:BF:09:50:93
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E341C68DBA48459AF378AE2BE27A94E88
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/RJKreN_FmvNV_RfwBcNAoL8JUJM.roa
Signing time:             Sun 17 May 2026 04:05:37 +0000
ROA not before:           Sun 17 May 2026 04:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201687
IP address blocks:        89.144.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:34:1c:68:db:a4:84:59:af:37:8a:e2:be:27:a9:4e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 17 04:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4492ab78dfc59af355fd17f005c340a0bf095093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e6:f1:ad:15:66:94:6f:fc:85:dd:50:88:c6:
                    31:1b:33:d4:e8:40:0b:c4:d0:fa:f0:64:c1:01:b8:
                    63:46:18:65:d6:e0:e9:2c:b8:6c:7f:11:fa:40:da:
                    f4:57:82:9e:d4:37:f1:56:35:c4:6e:d8:fe:b0:97:
                    f8:e7:10:99:31:fa:61:71:6d:18:c9:50:45:78:75:
                    e8:89:2b:2f:55:0e:21:cb:d0:fc:59:2e:1a:48:8f:
                    32:f2:b3:bd:68:72:ad:8e:6f:d4:75:fb:7c:f4:b3:
                    ff:f8:04:55:66:2d:e4:71:ab:af:1d:f3:f4:33:08:
                    ea:e1:bb:51:ad:93:5c:2a:76:b4:a6:73:06:b0:59:
                    8c:8a:19:b5:5e:2c:89:68:a5:bd:cc:dc:4b:6f:33:
                    32:dc:b1:10:77:dc:46:0f:d3:34:db:b0:dc:df:58:
                    c3:56:1b:97:f2:47:9a:27:d0:ef:09:14:a0:b5:65:
                    88:d1:2a:e5:bf:59:95:96:b2:61:d1:8c:37:10:72:
                    30:a5:ed:a7:ab:82:d2:7d:43:53:c9:69:53:4b:ba:
                    e5:a5:3f:86:c7:db:04:f9:aa:62:58:30:13:55:93:
                    b9:e2:0d:c6:53:9c:06:8b:1f:f6:52:d8:56:b6:c2:
                    7f:8e:76:02:1c:b5:e9:b2:6a:90:ec:e4:d7:e7:62:
                    0f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:92:AB:78:DF:C5:9A:F3:55:FD:17:F0:05:C3:40:A0:BF:09:50:93
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/RJKreN_FmvNV_RfwBcNAoL8JUJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:2a:ef:0c:94:4f:03:8f:fa:b3:d1:c9:26:bc:fc:2a:36:ef:
         12:1d:16:c6:b5:cb:00:3f:c9:2c:05:49:35:ac:e9:32:08:c7:
         b2:04:ff:2f:11:5a:2c:b9:d9:d7:27:8a:15:6d:57:09:75:da:
         7d:7a:02:fb:a4:0a:8f:ad:15:aa:87:81:d0:a9:54:d7:0e:ff:
         e5:99:a6:8e:2a:aa:5b:d4:7d:32:64:dc:07:47:ed:db:a9:47:
         cb:7a:db:a2:96:6f:b4:1b:e3:75:6d:e7:07:5a:15:56:e2:9a:
         fa:36:43:b4:b6:d9:b0:80:94:e4:96:81:fd:56:4c:11:37:d8:
         d5:ab:0b:ed:ac:a0:19:48:5e:43:84:23:18:8c:65:54:78:68:
         0f:68:7a:ba:3d:8a:72:98:47:9c:f0:52:36:3d:f1:97:5e:69:
         20:25:75:07:9e:b3:7b:5f:ee:c9:fa:48:e2:cc:19:e6:76:e2:
         a3:09:2b:38:69:bc:c9:31:4b:50:83:39:37:fa:a8:1b:b3:46:
         f7:c8:f9:e1:4d:06:cc:9a:59:15:01:04:b3:49:7a:d6:c5:c5:
         b8:85:38:e7:50:94:2b:b5:ec:23:96:dd:0a:e6:23:8d:8d:c0:
         86:0d:cc:81:97:f7:68:7c:22:f7:5c:d3:2d:17:1f:0d:ae:1e:
         4a:91:80:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ40HGjbpIRZrzeK4r4nqU6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTE3MDQwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkyYWI3OGRmYzU5YWYzNTVmZDE3ZjAwNWMzNDBhMGJmMDk1MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+bxrRVmlG/8hd1QiMYxGzPU6EAL
xND68GTBAbhjRhhl1uDpLLhsfxH6QNr0V4Ke1DfxVjXEbtj+sJf45xCZMfphcW0Y
yVBFeHXoiSsvVQ4hy9D8WS4aSI8y8rO9aHKtjm/Udft89LP/+ARVZi3kcauvHfP0
Mwjq4btRrZNcKna0pnMGsFmMihm1XiyJaKW9zNxLbzMy3LEQd9xGD9M027Dc31jD
VhuX8keaJ9DvCRSgtWWI0Srlv1mVlrJh0Yw3EHIwpe2nq4LSfUNTyWlTS7rlpT+G
x9sE+apiWDATVZO54g3GU5wGix/2UthWtsJ/jnYCHLXpsmqQ7OTX52IPQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESSq3jfxZrzVf0X8AXDQKC/CVCTMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUkpLcmVOX0Ztdk5WX1Jmd0JjTkFvTDhKVUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAZMA0G
CSqGSIb3DQEBCwUAA4IBAQDjKu8MlE8Dj/qz0ckmvPwqNu8SHRbGtcsAP8ksBUk1
rOkyCMeyBP8vEVosudnXJ4oVbVcJddp9egL7pAqPrRWqh4HQqVTXDv/lmaaOKqpb
1H0yZNwHR+3bqUfLetuilm+0G+N1becHWhVW4pr6NkO0ttmwgJTkloH9VkwRN9jV
qwvtrKAZSF5DhCMYjGVUeGgPaHq6PYpymEec8FI2PfGXXmkgJXUHnrN7X+7J+kji
zBnmduKjCSs4abzJMUtQgzk3+qgbs0b3yPnhTQbMmlkVAQSzSXrWxcW4hTjnUJQr
tewjlt0K5iONjcCGDcyBl/dofCL3XNMtFx8Nrh5KkYA6
-----END CERTIFICATE-----