Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cJkC2MTbQtMR_ubXmqtZ4goGoNw.roa
File:                     cJkC2MTbQtMR_ubXmqtZ4goGoNw.roa (raw, json)
Hash identifier:          He5XE5PiqRcTDyi15IGc5Vnwz9oN9rp22CGm21U6sRg=
Subject key identifier:   70:99:02:D8:C4:DB:42:D3:11:FE:E6:D7:9A:AB:59:E2:0A:06:A0:DC
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E7486BDC48DA0C8282DD5ACAE024274F5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cJkC2MTbQtMR_ubXmqtZ4goGoNw.roa
Signing time:             Fri 29 May 2026 16:17:27 +0000
ROA not before:           Fri 29 May 2026 16:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48014
IP address blocks:        89.144.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:86:bd:c4:8d:a0:c8:28:2d:d5:ac:ae:02:42:74:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 29 16:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=709902d8c4db42d311fee6d79aab59e20a06a0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:29:da:28:e7:cb:4f:a9:7a:9f:3b:76:f7:
                    11:f6:15:24:27:fe:35:2d:9f:d0:03:73:ab:2f:65:
                    14:16:00:f8:77:f1:82:78:c5:20:a7:4d:1d:fe:99:
                    40:ba:60:cd:3a:f2:82:a1:65:eb:d7:fd:a3:19:90:
                    b3:a9:ef:d8:6d:b5:45:0c:d4:32:6b:0f:98:b8:e9:
                    8c:18:50:c4:ea:a4:60:9c:2c:47:b1:99:61:8d:f8:
                    64:38:57:41:4a:9e:56:cc:97:ab:dc:a5:7a:b0:82:
                    08:a3:16:e4:e6:6a:11:54:73:0b:e9:9b:b9:65:79:
                    70:34:13:e3:65:49:09:24:a2:55:46:5f:32:7b:08:
                    16:d2:ba:ef:6f:fc:2b:4c:f7:e1:1c:cc:78:e6:e2:
                    bc:cf:ff:1c:23:d9:ee:9d:21:5e:77:d7:53:ff:e9:
                    b0:58:33:22:6c:7f:fb:a6:29:0d:07:7c:72:a6:34:
                    52:88:84:91:ae:6a:e7:f6:a0:17:37:34:45:85:d6:
                    2c:3d:68:60:83:a2:3b:25:c4:5f:0f:b2:9a:04:9f:
                    57:eb:fd:b3:14:23:42:7c:f6:8b:ad:d4:84:fe:16:
                    e9:bd:0c:3a:09:8a:da:87:c2:0a:5b:7c:cf:fc:70:
                    06:16:76:95:5e:8a:6a:00:e6:cd:35:a9:cb:2e:62:
                    8a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:99:02:D8:C4:DB:42:D3:11:FE:E6:D7:9A:AB:59:E2:0A:06:A0:DC
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cJkC2MTbQtMR_ubXmqtZ4goGoNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:1d:2c:d0:c6:da:6b:6b:9b:c7:ee:90:19:52:26:71:5f:ae:
         ca:e7:48:7a:bf:0c:e8:04:0f:c8:41:92:b9:00:b7:2e:47:e0:
         5b:71:4e:29:06:d5:b6:11:32:c2:68:1f:3e:0e:65:65:7b:c0:
         b9:23:d4:1f:77:08:63:f2:42:f5:77:62:3f:1b:b8:7a:6a:d0:
         2d:d0:3a:11:3b:36:ba:7b:a9:9f:07:3b:fc:f2:e0:cf:f9:a9:
         a4:b5:72:67:79:fa:bb:07:8f:21:6b:30:08:4a:51:b3:a1:d4:
         1b:51:10:26:95:92:14:0a:3f:08:12:a9:27:6b:7a:f2:e0:42:
         38:a8:f8:2f:f7:6e:a3:19:a8:58:35:b9:bb:76:fd:93:60:57:
         c5:5b:56:21:95:e6:68:12:3a:53:04:84:bf:24:0a:57:09:20:
         b6:b4:15:66:cc:0f:d2:af:02:0c:03:84:71:4e:30:3e:16:a3:
         d3:bb:9e:9f:67:9e:af:13:f8:1b:10:56:cd:8a:76:45:53:3c:
         37:e4:84:3c:e9:1b:c7:55:12:e6:78:30:94:fb:76:8a:ab:57:
         7f:c2:69:26:e9:f6:44:a6:89:80:a2:0e:e0:7e:3b:3d:a2:d2:
         fe:ca:40:11:4e:dd:78:04:8d:43:1b:09:8a:32:c9:4d:3d:7a:
         28:45:9d:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ50hr3EjaDIKC3VrK4CQnT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTI5MTYxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk5MDJkOGM0ZGI0MmQzMTFmZWU2ZDc5YWFiNTllMjBhMDZhMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdIp2ijny0+pep87dvcR9hUkJ/41
LZ/QA3OrL2UUFgD4d/GCeMUgp00d/plAumDNOvKCoWXr1/2jGZCzqe/YbbVFDNQy
aw+YuOmMGFDE6qRgnCxHsZlhjfhkOFdBSp5WzJer3KV6sIIIoxbk5moRVHML6Zu5
ZXlwNBPjZUkJJKJVRl8yewgW0rrvb/wrTPfhHMx45uK8z/8cI9nunSFed9dT/+mw
WDMibH/7pikNB3xypjRSiISRrmrn9qAXNzRFhdYsPWhgg6I7JcRfD7KaBJ9X6/2z
FCNCfPaLrdSE/hbpvQw6CYrah8IKW3zP/HAGFnaVXopqAObNNanLLmKK8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCZAtjE20LTEf7m15qrWeIKBqDcMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY0prQzJNVGJRdE1SX3ViWG1xdFo0Z29Hb053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZA8MA0G
CSqGSIb3DQEBCwUAA4IBAQBbHSzQxtpra5vH7pAZUiZxX67K50h6vwzoBA/IQZK5
ALcuR+BbcU4pBtW2ETLCaB8+DmVle8C5I9Qfdwhj8kL1d2I/G7h6atAt0DoROza6
e6mfBzv88uDP+amktXJnefq7B48hazAISlGzodQbURAmlZIUCj8IEqkna3ry4EI4
qPgv926jGahYNbm7dv2TYFfFW1YhleZoEjpTBIS/JApXCSC2tBVmzA/SrwIMA4Rx
TjA+FqPTu56fZ56vE/gbEFbNinZFUzw35IQ86RvHVRLmeDCU+3aKq1d/wmkm6fZE
pomAog7gfjs9otL+ykARTt14BI1DGwmKMslNPXooRZ3r
-----END CERTIFICATE-----