Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/Jle1Wqwc9duNEaBgl4I6cNxXpdM.roa
File:                     Jle1Wqwc9duNEaBgl4I6cNxXpdM.roa (raw, json)
Hash identifier:          OBFM1Q4yqKAy/JhwM152fWLO9wCkZnqGzYRwcyY0AlU=
Subject key identifier:   26:57:B5:5A:AC:1C:F5:DB:8D:11:A0:60:97:82:3A:70:DC:57:A5:D3
Certificate issuer:       /CN=935b88febc8d127511a9cbf15b804998b1cd6686
Certificate serial:       019E4C10994CD565339C9060E648344D8214
Authority key identifier: 93:5B:88:FE:BC:8D:12:75:11:A9:CB:F1:5B:80:49:98:B1:CD:66:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1uI_ryNEnURqcvxW4BJmLHNZoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/Jle1Wqwc9duNEaBgl4I6cNxXpdM.roa
Signing time:             Thu 21 May 2026 19:43:36 +0000
ROA not before:           Thu 21 May 2026 19:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201818
IP address blocks:        176.121.254.0/24 maxlen: 24
                          2001:678:474::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/k1uI_ryNEnURqcvxW4BJmLHNZoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/k1uI_ryNEnURqcvxW4BJmLHNZoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1uI_ryNEnURqcvxW4BJmLHNZoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jun 2026 11:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4c:10:99:4c:d5:65:33:9c:90:60:e6:48:34:4d:82:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=935b88febc8d127511a9cbf15b804998b1cd6686
        Validity
            Not Before: May 21 19:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2657b55aac1cf5db8d11a06097823a70dc57a5d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:83:45:71:7e:d1:76:a6:6f:4d:3f:fd:01:ce:
                    ef:f6:9c:16:f7:21:f6:3b:02:51:92:6a:67:eb:90:
                    80:e7:68:83:5d:4b:06:1a:ed:60:c3:a0:5d:1e:4c:
                    7f:1d:41:b9:a9:9a:bc:fc:d1:8c:18:7e:f6:7a:d6:
                    1f:74:3e:7f:ad:23:b1:17:c9:dc:da:12:56:69:80:
                    72:27:7c:5c:82:d6:6d:4d:2c:41:4f:d4:5b:ac:42:
                    0d:19:ed:93:d1:0e:c9:a5:14:35:c5:36:19:26:a6:
                    4e:ee:88:e5:91:2f:02:8b:4d:61:42:45:ec:d9:87:
                    8c:37:df:dd:bd:e2:21:a1:a3:e4:29:29:ac:44:9a:
                    be:be:f0:b6:1e:44:e7:77:aa:ce:8c:81:74:58:b5:
                    93:cc:49:76:58:81:74:32:c6:ca:c2:90:d1:da:82:
                    a7:f2:d5:5e:48:29:78:d6:e5:01:b3:ff:18:cb:2e:
                    87:9b:a7:b1:ab:92:cb:c0:ed:7b:63:4b:1d:75:5e:
                    81:67:7c:b5:39:c9:04:ce:9d:45:4a:3b:5e:a0:a8:
                    a0:b9:c0:a8:d5:55:a2:d5:da:13:b5:1a:51:40:81:
                    93:88:90:ad:21:80:55:55:3c:f0:b3:63:0b:fc:cc:
                    80:92:51:50:c7:49:1a:06:21:a3:fa:b1:42:7e:97:
                    d0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:57:B5:5A:AC:1C:F5:DB:8D:11:A0:60:97:82:3A:70:DC:57:A5:D3
            X509v3 Authority Key Identifier:
                keyid:93:5B:88:FE:BC:8D:12:75:11:A9:CB:F1:5B:80:49:98:B1:CD:66:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1uI_ryNEnURqcvxW4BJmLHNZoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/Jle1Wqwc9duNEaBgl4I6cNxXpdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7857d0-b98f-4eb1-8281-97f650737347/1/k1uI_ryNEnURqcvxW4BJmLHNZoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.254.0/24
                IPv6:
                  2001:678:474::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:b8:37:85:b1:29:49:21:cb:24:48:b4:e9:28:89:42:5e:
         72:1c:91:a4:ef:a9:57:c5:c0:91:46:e3:a8:4c:f9:be:e5:08:
         55:62:cc:db:67:8e:82:c9:91:50:7e:ae:c0:2a:b0:cc:4a:ee:
         29:3c:77:d8:29:e3:ff:1b:de:9b:ea:c4:56:0a:9c:e8:4b:2d:
         2e:73:bd:b4:f2:14:85:9a:c7:a0:09:ab:83:33:be:c2:27:41:
         f1:40:bd:43:ec:6f:e9:5b:62:df:56:b5:0a:9a:80:0b:43:32:
         08:90:e6:32:8a:56:89:55:a3:c3:a9:45:bf:cf:84:0a:af:3f:
         d8:99:28:bf:aa:de:f3:07:54:89:e0:3d:15:3e:89:ec:20:b5:
         74:89:d1:2d:77:71:b3:ee:cd:a5:af:77:04:c5:39:b8:af:e1:
         a5:28:be:bd:47:d1:cd:f6:b6:cc:18:e5:5b:2e:fd:5e:5b:2c:
         10:a3:14:3a:1b:e7:b9:16:85:c0:fb:29:82:5e:d4:b7:8b:92:
         c7:ef:2b:da:d5:8f:33:c4:bc:e5:df:24:53:a2:ae:7e:c8:8b:
         f0:25:f2:1c:8a:5d:43:5b:b0:fc:e6:5c:17:a1:8c:16:e8:fd:
         96:a0:46:ca:78:a0:73:5b:ba:14:82:b6:5d:32:15:a4:55:d2:
         a5:72:99:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ5MEJlM1WUznJBg5kg0TYIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNWI4OGZlYmM4ZDEyNzUxMWE5Y2JmMTViODA0OTk4YjFj
ZDY2ODYwHhcNMjYwNTIxMTk0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjU3YjU1YWFjMWNmNWRiOGQxMWEwNjA5NzgyM2E3MGRjNTdhNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4NFcX7RdqZvTT/9Ac7v9pwW9yH2
OwJRkmpn65CA52iDXUsGGu1gw6BdHkx/HUG5qZq8/NGMGH72etYfdD5/rSOxF8nc
2hJWaYByJ3xcgtZtTSxBT9RbrEINGe2T0Q7JpRQ1xTYZJqZO7ojlkS8Ci01hQkXs
2YeMN9/dveIhoaPkKSmsRJq+vvC2HkTnd6rOjIF0WLWTzEl2WIF0MsbKwpDR2oKn
8tVeSCl41uUBs/8Yyy6Hm6exq5LLwO17Y0sddV6BZ3y1OckEzp1FSjteoKigucCo
1VWi1doTtRpRQIGTiJCtIYBVVTzws2ML/MyAklFQx0kaBiGj+rFCfpfQCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCZXtVqsHPXbjRGgYJeCOnDcV6XTMB8GA1UdIwQY
MBaAFJNbiP68jRJ1EanL8VuASZixzWaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazF1SV9yeU5FblVScWN2eFc0QkptTEhOWm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83ODU3ZDAtYjk4Zi00ZWIxLTgyODEt
OTdmNjUwNzM3MzQ3LzEvSmxlMVdxd2M5ZHVORWFCZ2w0STZjTnhYcGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS83ODU3ZDAtYjk4Zi00ZWIxLTgyODEtOTdmNjUwNzM3MzQ3
LzEvazF1SV9yeU5FblVScWN2eFc0QkptTEhOWm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsHn+MA8E
AgACMAkDBwAgAQZ4BHQwDQYJKoZIhvcNAQELBQADggEBAB0OuDeFsSlJIcskSLTp
KIlCXnIckaTvqVfFwJFG46hM+b7lCFVizNtnjoLJkVB+rsAqsMxK7ik8d9gp4/8b
3pvqxFYKnOhLLS5zvbTyFIWax6AJq4MzvsInQfFAvUPsb+lbYt9WtQqagAtDMgiQ
5jKKVolVo8OpRb/PhAqvP9iZKL+q3vMHVIngPRU+iewgtXSJ0S13cbPuzaWvdwTF
Obiv4aUovr1H0c32tswY5Vsu/V5bLBCjFDob57kWhcD7KYJe1LeLksfvK9rVjzPE
vOXfJFOirn7Ii/Al8hyKXUNbsPzmXBehjBbo/ZagRsp4oHNbuhSCtl0yFaRV0qVy
mQ8=
-----END CERTIFICATE-----