Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j9i-JooTkQ-DK74Jj97_S8SJuio.roa
File:                     j9i-JooTkQ-DK74Jj97_S8SJuio.roa (raw, json)
Hash identifier:          r/FCyCX1ispTfO7eBtscu+46YZ953eUL2V+0FfqLtes=
Subject key identifier:   8F:D8:BE:26:8A:13:91:0F:83:2B:BE:09:8F:DE:FF:4B:C4:89:BA:2A
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019E6A992614787BF4389312AB24E1EAAB26
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j9i-JooTkQ-DK74Jj97_S8SJuio.roa
Signing time:             Wed 27 May 2026 18:01:21 +0000
ROA not before:           Wed 27 May 2026 18:01:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        83.147.194.0/24 maxlen: 24
                          91.186.210.0/23 maxlen: 24
                          178.253.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:99:26:14:78:7b:f4:38:93:12:ab:24:e1:ea:ab:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: May 27 18:01:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fd8be268a13910f832bbe098fdeff4bc489ba2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:36:02:ae:e8:f0:e9:8b:2a:26:eb:97:55:01:
                    fa:46:17:da:10:aa:1f:35:b4:3a:b1:02:33:c5:3f:
                    08:f3:be:0a:bd:ef:b0:a0:bd:cf:e3:cf:73:64:f1:
                    20:0d:ea:8f:ea:21:1a:d9:fd:af:64:18:05:77:03:
                    da:35:77:ca:47:75:fd:68:4b:05:9d:54:c0:74:f5:
                    13:72:ce:c6:d4:d8:1f:e7:4b:a4:5b:35:f9:30:97:
                    8b:e4:c6:cc:34:4d:a3:4c:de:a4:98:89:9b:21:65:
                    88:0f:51:40:9d:b8:cf:40:2c:7b:0f:2d:da:89:a0:
                    9f:88:53:f3:d8:3d:0c:42:74:40:24:c3:9f:5e:be:
                    d1:63:1c:91:ca:72:0c:96:01:7f:11:bd:f0:f1:21:
                    12:05:46:cb:bc:58:5c:c5:3a:4e:ce:8f:be:d9:a5:
                    55:aa:6a:9e:da:e3:5b:51:7b:5c:e6:4c:8d:0f:e5:
                    df:bf:49:53:24:50:4a:fe:3a:f4:e4:5d:75:a5:31:
                    d3:2b:27:be:33:b2:1e:95:8c:81:3c:4b:fe:8c:ff:
                    f5:5f:ad:23:4e:d9:e3:d1:a6:b4:b6:77:de:62:9f:
                    93:48:d6:90:05:1f:6e:d0:33:1f:ad:a4:d6:5d:df:
                    ef:2a:e0:e5:20:96:11:95:a4:f8:3f:91:24:b5:93:
                    c9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D8:BE:26:8A:13:91:0F:83:2B:BE:09:8F:DE:FF:4B:C4:89:BA:2A
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j9i-JooTkQ-DK74Jj97_S8SJuio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.194.0/24
                  91.186.210.0/23
                  178.253.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:f7:5f:62:99:cb:94:23:c4:26:af:47:5e:12:de:db:83:a8:
         f6:c4:dd:61:eb:23:77:e9:3c:47:1d:2b:a2:24:87:86:2c:76:
         25:04:00:d7:91:72:4e:e7:de:5d:7a:3d:b3:c7:ad:a2:9e:a4:
         f3:ce:86:dd:64:b9:aa:f6:49:17:2e:6c:09:4a:c9:fc:3a:2b:
         1f:6b:8a:05:a6:99:62:22:5e:f6:ce:84:45:85:4d:89:44:e5:
         44:c3:c2:68:57:f6:2a:d2:47:04:5e:8d:9b:d6:0b:1a:37:99:
         5e:33:af:fc:fe:a9:37:58:ee:b5:92:ab:72:2c:de:47:54:f0:
         31:f2:cb:03:ca:b3:5b:e4:27:1e:12:c2:18:6c:26:e9:2b:c7:
         6d:eb:4f:19:52:e2:f9:45:96:22:8a:2a:27:55:9f:a0:e1:38:
         57:e1:c0:6a:6b:2f:6b:91:41:1b:36:ee:ee:62:a2:05:e0:75:
         6b:81:79:f1:b7:05:0c:98:65:7b:99:c2:d0:52:f1:59:8a:59:
         bf:bb:fe:e4:95:4c:9d:20:08:4c:97:0d:3e:b2:be:e0:96:7c:
         a5:30:e7:f2:21:4a:ac:ab:9e:38:8f:18:38:51:64:e1:7d:6e:
         fa:c9:c6:ae:0c:bd:f2:a0:04:59:10:f2:d0:5a:ea:70:29:03:
         e3:df:41:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5qmSYUeHv0OJMSqyTh6qsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNTI3MTgwMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ4YmUyNjhhMTM5MTBmODMyYmJlMDk4ZmRlZmY0YmM0ODliYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzYCrujw6YsqJuuXVQH6RhfaEKof
NbQ6sQIzxT8I874Kve+woL3P489zZPEgDeqP6iEa2f2vZBgFdwPaNXfKR3X9aEsF
nVTAdPUTcs7G1Ngf50ukWzX5MJeL5MbMNE2jTN6kmImbIWWID1FAnbjPQCx7Dy3a
iaCfiFPz2D0MQnRAJMOfXr7RYxyRynIMlgF/Eb3w8SESBUbLvFhcxTpOzo++2aVV
qmqe2uNbUXtc5kyND+Xfv0lTJFBK/jr05F11pTHTKye+M7IelYyBPEv+jP/1X60j
Ttnj0aa0tnfeYp+TSNaQBR9u0DMfraTWXd/vKuDlIJYRlaT4P5EktZPJbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI/YviaKE5EPgyu+CY/e/0vEiboqMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvajlpLUpvb1RrUS1ESzc0Smo5N19TOFNKdWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU5PCAwQB
W7rSAwQAsv0fMA0GCSqGSIb3DQEBCwUAA4IBAQCj919imcuUI8Qmr0deEt7bg6j2
xN1h6yN36TxHHSuiJIeGLHYlBADXkXJO595dej2zx62inqTzzobdZLmq9kkXLmwJ
Ssn8Oisfa4oFppliIl72zoRFhU2JROVEw8JoV/Yq0kcEXo2b1gsaN5leM6/8/qk3
WO61kqtyLN5HVPAx8ssDyrNb5CceEsIYbCbpK8dt608ZUuL5RZYiiionVZ+g4ThX
4cBqay9rkUEbNu7uYqIF4HVrgXnxtwUMmGV7mcLQUvFZilm/u/7klUydIAhMlw0+
sr7glnylMOfyIUqsq544jxg4UWThfW76ycauDL3yoARZEPLQWupwKQPj30EO
-----END CERTIFICATE-----