Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/jHQC9ewMgHDq31w-y2B2QE0UeQ0.roa
File:                     jHQC9ewMgHDq31w-y2B2QE0UeQ0.roa (raw, json)
Hash identifier:          lbUdkuZKAp7sLgTfOG04La55MW6JLwB4IkggCwLUq1g=
Subject key identifier:   8C:74:02:F5:EC:0C:80:70:EA:DF:5C:3E:CB:60:76:40:4D:14:79:0D
Certificate issuer:       /CN=12b87c6caf81de3625fe1ce0559f39e30505a051
Certificate serial:       019D9BF7C951212C9B9B881320688FEF75E1
Authority key identifier: 12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/jHQC9ewMgHDq31w-y2B2QE0UeQ0.roa
Signing time:             Fri 17 Apr 2026 15:03:20 +0000
ROA not before:           Fri 17 Apr 2026 15:03:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60068
IP address blocks:        185.238.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:f7:c9:51:21:2c:9b:9b:88:13:20:68:8f:ef:75:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12b87c6caf81de3625fe1ce0559f39e30505a051
        Validity
            Not Before: Apr 17 15:03:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c7402f5ec0c8070eadf5c3ecb6076404d14790d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:59:6c:29:5c:88:75:e6:1a:23:4d:e0:e8:85:
                    b4:f2:1b:47:d2:1d:d4:43:b3:a3:a6:97:a5:d3:d8:
                    b5:4b:1f:d5:6d:dd:ee:1a:9b:b5:53:52:32:2e:72:
                    20:d1:90:f4:f3:01:6f:1f:c9:c5:6f:13:fe:92:f9:
                    29:dc:25:20:20:3f:e6:49:60:c2:77:ad:52:b7:00:
                    e0:95:ff:c3:37:bf:90:c3:de:4d:56:5d:13:fe:11:
                    56:ee:07:ed:42:5e:4b:4b:b4:91:05:7c:a3:a0:3c:
                    fa:81:f5:cf:85:9d:c8:d7:75:dc:79:b8:ad:d1:7d:
                    12:34:72:5f:8e:55:dd:0b:02:fb:62:f3:e8:8e:ec:
                    6e:26:73:a4:2e:11:e5:35:ed:ed:a4:00:bd:4c:01:
                    17:4d:73:61:6e:62:ea:72:1d:86:2e:29:87:73:a2:
                    32:fd:4f:83:e0:f7:a7:ac:d9:23:5c:4a:34:af:57:
                    13:2c:03:cd:0e:d6:09:65:d1:e1:ba:aa:32:52:25:
                    f0:cd:23:86:4f:0d:00:0c:44:68:41:2c:2a:59:54:
                    d3:84:9f:47:32:2d:9b:98:ed:a8:2b:15:87:1d:2b:
                    88:cc:39:48:b3:1f:b1:7c:11:f0:57:68:ba:b4:f0:
                    3f:e2:36:27:ee:71:61:61:7a:e2:94:df:02:be:23:
                    77:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:74:02:F5:EC:0C:80:70:EA:DF:5C:3E:CB:60:76:40:4D:14:79:0D
            X509v3 Authority Key Identifier:
                keyid:12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/jHQC9ewMgHDq31w-y2B2QE0UeQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:6f:67:cc:46:0e:cf:ce:fb:ba:0f:09:a2:a6:8e:5f:c0:fe:
         72:69:e2:b9:42:1a:18:d9:8d:7e:3f:79:35:02:e7:4a:73:da:
         45:42:dc:c3:30:a8:87:c9:f6:ed:0f:f6:18:ad:fd:93:3f:32:
         ba:4e:24:ce:eb:4b:a2:7b:61:07:3c:05:6a:9d:e6:8d:0a:4d:
         08:15:15:ae:fa:98:2c:2f:e2:18:d6:8e:65:ab:a8:c6:1d:0d:
         58:f0:14:34:90:2a:03:7c:f9:bc:26:da:34:69:f7:c9:25:77:
         d6:d1:ee:64:de:b7:35:02:62:47:f2:e5:d4:c8:c0:70:b2:93:
         9d:e8:83:9a:01:0e:15:15:f2:b6:c7:06:93:74:96:69:a5:24:
         01:30:28:b2:f8:5a:8e:58:ed:5b:8f:09:0e:c3:1d:61:bc:21:
         1d:ff:2b:0f:33:78:af:52:c6:2a:ad:f9:19:43:94:98:a9:8d:
         f5:5b:1e:4e:cd:e7:73:b7:25:de:72:e0:f6:a1:57:73:28:5c:
         99:c1:2d:e0:b7:2b:03:0b:34:4f:fd:9e:5b:9a:85:a6:8d:11:
         a5:52:3e:30:da:43:a0:c1:cd:80:02:ec:2c:2b:6f:1d:26:93:
         28:3c:c5:61:80:bd:6a:16:b2:14:63:9e:88:08:f5:d1:f6:ea:
         b5:8b:d2:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2b98lRISybm4gTIGiP73XhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYjg3YzZjYWY4MWRlMzYyNWZlMWNlMDU1OWYzOWUzMDUw
NWEwNTEwHhcNMjYwNDE3MTUwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzc0MDJmNWVjMGM4MDcwZWFkZjVjM2VjYjYwNzY0MDRkMTQ3OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkllsKVyIdeYaI03g6IW08htH0h3U
Q7Ojppel09i1Sx/Vbd3uGpu1U1IyLnIg0ZD08wFvH8nFbxP+kvkp3CUgID/mSWDC
d61StwDglf/DN7+Qw95NVl0T/hFW7gftQl5LS7SRBXyjoDz6gfXPhZ3I13Xcebit
0X0SNHJfjlXdCwL7YvPojuxuJnOkLhHlNe3tpAC9TAEXTXNhbmLqch2GLimHc6Iy
/U+D4PenrNkjXEo0r1cTLAPNDtYJZdHhuqoyUiXwzSOGTw0ADERoQSwqWVTThJ9H
Mi2bmO2oKxWHHSuIzDlIsx+xfBHwV2i6tPA/4jYn7nFhYXrilN8CviN39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIx0AvXsDIBw6t9cPstgdkBNFHkNMB8GA1UdIwQY
MBaAFBK4fGyvgd42Jf4c4FWfOeMFBaBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEt
NjI4MDhiYmJkZDIxLzEvakhRQzlld01nSERxMzF3LXkyQjJRRTBVZVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEtNjI4MDhiYmJkZDIx
LzEvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue7YMA0G
CSqGSIb3DQEBCwUAA4IBAQB3b2fMRg7Pzvu6Dwmipo5fwP5yaeK5QhoY2Y1+P3k1
AudKc9pFQtzDMKiHyfbtD/YYrf2TPzK6TiTO60uie2EHPAVqneaNCk0IFRWu+pgs
L+IY1o5lq6jGHQ1Y8BQ0kCoDfPm8Jto0affJJXfW0e5k3rc1AmJH8uXUyMBwspOd
6IOaAQ4VFfK2xwaTdJZppSQBMCiy+FqOWO1bjwkOwx1hvCEd/ysPM3ivUsYqrfkZ
Q5SYqY31Wx5OzedztyXecuD2oVdzKFyZwS3gtysDCzRP/Z5bmoWmjRGlUj4w2kOg
wc2AAuwsK28dJpMoPMVhgL1qFrIUY56ICPXR9uq1i9Lh
-----END CERTIFICATE-----