Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/JDjCtgl_yA0UZLBUGqFM2XzemkQ.roa
File:                     JDjCtgl_yA0UZLBUGqFM2XzemkQ.roa (raw, json)
Hash identifier:          MLRYcqDm96U21117Fx9+Akvz2n92V9kmq6VzjFKF7tU=
Subject key identifier:   24:38:C2:B6:09:7F:C8:0D:14:64:B0:54:1A:A1:4C:D9:7C:DE:9A:44
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019E505322C973B8717C3D8362D1C900B4E2
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/JDjCtgl_yA0UZLBUGqFM2XzemkQ.roa
Signing time:             Fri 22 May 2026 15:34:46 +0000
ROA not before:           Fri 22 May 2026 15:34:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        87.232.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:53:22:c9:73:b8:71:7c:3d:83:62:d1:c9:00:b4:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May 22 15:34:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2438c2b6097fc80d1464b0541aa14cd97cde9a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bd:86:22:ca:e0:60:20:6b:e0:00:d5:10:3a:
                    b9:7d:d8:97:0f:cd:a1:a3:4f:2f:4a:0f:14:90:50:
                    0e:27:3c:61:f1:83:ca:03:83:a3:58:d0:d5:19:6a:
                    f5:41:0c:9b:26:2c:1e:d2:ca:7e:8a:60:f3:1d:55:
                    c6:50:e4:04:64:c1:af:6f:d8:ac:30:01:cc:57:a8:
                    9c:e5:64:1f:e1:15:78:22:50:cd:6d:67:dc:46:ba:
                    b1:19:2a:e9:4d:0d:65:4a:79:1e:f6:7b:c0:6d:60:
                    98:53:b4:5a:58:8d:93:a4:17:3c:31:59:51:85:3c:
                    d1:96:14:88:c6:5e:35:9f:96:18:90:62:32:76:c5:
                    89:8f:37:b6:3b:09:d4:d5:f5:eb:cf:69:a4:a5:e5:
                    e3:1c:76:45:2a:29:9a:f2:f1:ca:d0:33:4b:79:06:
                    4a:0e:b8:db:94:be:91:7a:71:c3:66:bf:37:5d:fd:
                    6a:e5:fd:62:78:49:aa:7d:b7:6b:97:80:6f:ea:d5:
                    4c:c7:3c:a3:42:47:87:ac:4b:4d:e6:37:43:b3:7a:
                    79:c1:02:73:57:8f:24:67:06:27:03:d2:73:38:95:
                    45:b8:ff:d6:3a:c9:a3:e6:b9:f8:71:bb:4f:36:b8:
                    2b:09:55:17:9d:3d:67:8f:e8:a5:2f:ac:29:32:1b:
                    b2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:38:C2:B6:09:7F:C8:0D:14:64:B0:54:1A:A1:4C:D9:7C:DE:9A:44
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/JDjCtgl_yA0UZLBUGqFM2XzemkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:5f:e8:21:ce:d2:e3:0f:b1:f7:df:d3:7e:21:82:5b:9a:84:
         5a:d4:6e:bf:e7:b0:ac:0b:d4:ee:4f:bb:e1:da:dc:c3:37:e0:
         16:c2:fa:1a:be:5a:3e:a0:d3:bb:2f:79:05:ca:c7:5a:68:fb:
         eb:54:72:41:8f:52:d4:df:cd:be:5e:5b:0a:6d:3a:d4:25:3d:
         52:9d:5c:68:ce:eb:5c:b0:69:e1:fc:11:00:09:eb:f9:90:f8:
         47:29:cb:0d:1e:cb:2a:0c:22:b8:1e:34:85:74:2c:4e:a8:06:
         b3:18:6c:f8:c6:18:2f:b7:96:88:f9:13:6f:93:1d:b8:0f:9b:
         c4:1e:6c:84:c8:e4:b3:33:c9:7f:3f:51:3e:8a:1a:7b:19:1b:
         51:f1:4e:3f:36:65:c1:c9:08:6b:74:c0:0f:9a:35:d3:26:55:
         b1:92:f8:67:3c:00:c6:ec:13:f3:bd:3f:8e:f0:59:21:fb:42:
         f9:a3:77:88:3c:b4:82:17:48:a8:70:8e:f6:6b:35:4f:3d:80:
         18:b0:66:1a:a5:1b:01:a6:1e:cb:61:b1:8c:52:f5:30:c8:75:
         4f:c7:d1:84:90:9f:da:ba:ce:1c:32:cd:08:80:fc:0b:85:29:
         8e:87:1f:90:a4:14:d2:89:5b:d0:c8:74:d4:a8:29:05:00:65:
         8f:f1:22:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5QUyLJc7hxfD2DYtHJALTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTIyMTUzNDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM4YzJiNjA5N2ZjODBkMTQ2NGIwNTQxYWExNGNkOTdjZGU5YTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA472GIsrgYCBr4ADVEDq5fdiXD82h
o08vSg8UkFAOJzxh8YPKA4OjWNDVGWr1QQybJiwe0sp+imDzHVXGUOQEZMGvb9is
MAHMV6ic5WQf4RV4IlDNbWfcRrqxGSrpTQ1lSnke9nvAbWCYU7RaWI2TpBc8MVlR
hTzRlhSIxl41n5YYkGIydsWJjze2OwnU1fXrz2mkpeXjHHZFKima8vHK0DNLeQZK
DrjblL6RenHDZr83Xf1q5f1ieEmqfbdrl4Bv6tVMxzyjQkeHrEtN5jdDs3p5wQJz
V48kZwYnA9JzOJVFuP/WOsmj5rn4cbtPNrgrCVUXnT1nj+ilL6wpMhuyuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ4wrYJf8gNFGSwVBqhTNl83ppEMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvSkRqQ3RnbF95QTBVWkxCVUdxRk0yWHplbWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hmMA0G
CSqGSIb3DQEBCwUAA4IBAQB7X+ghztLjD7H339N+IYJbmoRa1G6/57CsC9TuT7vh
2tzDN+AWwvoavlo+oNO7L3kFysdaaPvrVHJBj1LU382+XlsKbTrUJT1SnVxozutc
sGnh/BEACev5kPhHKcsNHssqDCK4HjSFdCxOqAazGGz4xhgvt5aI+RNvkx24D5vE
HmyEyOSzM8l/P1E+ihp7GRtR8U4/NmXByQhrdMAPmjXTJlWxkvhnPADG7BPzvT+O
8Fkh+0L5o3eIPLSCF0iocI72azVPPYAYsGYapRsBph7LYbGMUvUwyHVPx9GEkJ/a
us4cMs0IgPwLhSmOhx+QpBTSiVvQyHTUqCkFAGWP8SIo
-----END CERTIFICATE-----