Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jY8ClOMWN1K3DOPcL3NqMSzWedo.roa
File:                     jY8ClOMWN1K3DOPcL3NqMSzWedo.roa (raw, json)
Hash identifier:          eqciut5rhD/IQveAgM22SZ1wqrOzDkA1z9IKLbqBU2Q=
Subject key identifier:   8D:8F:02:94:E3:16:37:52:B7:0C:E3:DC:2F:73:6A:31:2C:D6:79:DA
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E37C4FDC311F52B4096EBB0BF52BE99F1
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jY8ClOMWN1K3DOPcL3NqMSzWedo.roa
Signing time:             Sun 17 May 2026 21:08:37 +0000
ROA not before:           Sun 17 May 2026 21:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216006
IP address blocks:        89.251.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:37:c4:fd:c3:11:f5:2b:40:96:eb:b0:bf:52:be:99:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 17 21:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d8f0294e3163752b70ce3dc2f736a312cd679da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0b:94:58:6a:0a:a5:25:02:a5:fa:d4:b4:40:
                    20:88:a0:c3:86:f5:a1:e2:cb:8b:07:29:26:f5:d3:
                    71:c1:c4:57:c2:2f:d1:09:ef:87:85:d5:fb:ed:04:
                    bd:57:bf:d4:91:aa:49:5b:aa:ad:04:41:fc:f4:68:
                    ae:12:9a:29:2a:a4:fa:16:f6:26:de:cb:8c:75:b5:
                    ec:13:a5:c7:2b:30:a2:75:f3:e8:29:bc:68:b7:5a:
                    16:b2:dc:11:07:05:34:05:69:5c:44:4e:da:72:16:
                    23:15:5d:c7:0b:9e:8f:4b:0b:09:b1:87:f0:1c:c3:
                    17:83:3e:dd:05:c1:61:46:e2:84:be:7e:5e:6e:c1:
                    05:9f:5f:4f:82:bf:d9:48:2d:7a:bc:97:5f:d9:70:
                    03:a8:5c:2f:62:00:f7:65:5d:3a:0d:5e:71:a7:a8:
                    18:92:39:c9:55:b2:92:4e:76:0c:4b:1f:68:e0:d6:
                    e1:e0:45:4e:2a:ed:77:f9:31:6c:16:60:5d:a8:8b:
                    3d:6e:f1:75:c6:7e:ae:b4:01:c7:03:39:2f:d9:7e:
                    7f:81:53:d2:a8:07:40:14:ea:89:ae:09:59:33:c3:
                    5f:ad:11:2e:fc:7b:ae:1c:82:b3:16:05:ba:e5:0d:
                    ab:96:c2:0f:c2:10:d0:aa:8b:bb:bc:16:ea:4c:0e:
                    f9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8F:02:94:E3:16:37:52:B7:0C:E3:DC:2F:73:6A:31:2C:D6:79:DA
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jY8ClOMWN1K3DOPcL3NqMSzWedo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:00:e3:5d:df:c2:13:7d:76:11:7c:b5:81:b9:61:b9:ec:eb:
         cc:97:67:84:41:23:ec:74:20:49:ae:18:98:a5:3d:93:e8:64:
         1c:b7:a9:49:5c:d6:06:a9:ef:0a:0f:82:ca:01:4a:c8:ff:86:
         24:7b:a0:1b:a0:c0:63:b9:5d:82:6d:89:d8:0d:9c:bf:b2:d1:
         fe:04:82:ab:70:80:fb:28:1f:59:2e:c4:42:36:59:7b:09:99:
         97:47:ea:b2:01:cb:14:c6:c5:93:21:ba:79:fb:3b:da:76:53:
         94:57:a2:b8:42:61:4f:29:4f:99:4a:31:20:c1:6f:07:2c:1c:
         f5:4e:84:4f:dc:7b:50:9a:c2:c5:9c:3e:71:a1:02:d9:a3:cc:
         16:72:be:6e:c5:1a:05:b9:08:d1:4a:ca:94:e1:16:cb:72:19:
         b1:77:a8:47:31:7d:a4:d5:18:91:df:4f:13:52:a9:6c:50:9f:
         e5:66:d0:7c:c7:95:77:83:be:fb:21:71:56:6f:7d:03:98:67:
         d6:a4:35:ad:6c:b9:8a:b2:1a:76:b4:1a:cb:8e:8f:d0:d2:fd:
         46:4b:bd:0b:8d:0c:ae:a0:eb:5b:aa:45:98:65:61:13:ca:be:
         56:82:2d:f9:a1:e1:90:3b:ef:95:a0:74:4f:aa:6c:2e:6b:46:
         a5:d0:62:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ43xP3DEfUrQJbrsL9SvpnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTE3MjEwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDhmMDI5NGUzMTYzNzUyYjcwY2UzZGMyZjczNmEzMTJjZDY3OWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAuUWGoKpSUCpfrUtEAgiKDDhvWh
4suLBykm9dNxwcRXwi/RCe+HhdX77QS9V7/UkapJW6qtBEH89GiuEpopKqT6FvYm
3suMdbXsE6XHKzCidfPoKbxot1oWstwRBwU0BWlcRE7achYjFV3HC56PSwsJsYfw
HMMXgz7dBcFhRuKEvn5ebsEFn19Pgr/ZSC16vJdf2XADqFwvYgD3ZV06DV5xp6gY
kjnJVbKSTnYMSx9o4Nbh4EVOKu13+TFsFmBdqIs9bvF1xn6utAHHAzkv2X5/gVPS
qAdAFOqJrglZM8NfrREu/HuuHIKzFgW65Q2rlsIPwhDQqou7vBbqTA75cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2PApTjFjdStwzj3C9zajEs1nnaMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvalk4Q2xPTVdOMUszRE9QY0wzTnFNU3pXZWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfscMA0G
CSqGSIb3DQEBCwUAA4IBAQAbAONd38ITfXYRfLWBuWG57OvMl2eEQSPsdCBJrhiY
pT2T6GQct6lJXNYGqe8KD4LKAUrI/4Yke6AboMBjuV2CbYnYDZy/stH+BIKrcID7
KB9ZLsRCNll7CZmXR+qyAcsUxsWTIbp5+zvadlOUV6K4QmFPKU+ZSjEgwW8HLBz1
ToRP3HtQmsLFnD5xoQLZo8wWcr5uxRoFuQjRSsqU4RbLchmxd6hHMX2k1RiR308T
UqlsUJ/lZtB8x5V3g777IXFWb30DmGfWpDWtbLmKshp2tBrLjo/Q0v1GS70LjQyu
oOtbqkWYZWETyr5Wgi35oeGQO++VoHRPqmwua0al0GIZ
-----END CERTIFICATE-----