Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/j2Q5a6Yaxmx8WlpJue865BIQCAg.roa
File:                     j2Q5a6Yaxmx8WlpJue865BIQCAg.roa (raw, json)
Hash identifier:          jxuNXet6AxffWOr/RquZ39eCDNhgTMlptWgUI3U3Ir4=
Subject key identifier:   8F:64:39:6B:A6:1A:C6:6C:7C:5A:5A:49:B9:EF:3A:E4:12:10:08:08
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019E364475692646E421ADC4DD6E286677CA
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/j2Q5a6Yaxmx8WlpJue865BIQCAg.roa
Signing time:             Sun 17 May 2026 14:08:36 +0000
ROA not before:           Sun 17 May 2026 14:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:36:44:75:69:26:46:e4:21:ad:c4:dd:6e:28:66:77:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: May 17 14:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f64396ba61ac66c7c5a5a49b9ef3ae412100808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:41:ae:5f:a0:8c:07:2e:02:3a:10:6e:0e:1f:
                    a7:6f:cb:38:c7:39:f2:54:50:d5:5a:c2:3b:fa:92:
                    26:82:ea:16:61:3e:27:de:ea:d6:2b:40:30:cf:61:
                    91:15:5d:28:65:5c:11:1c:d9:1e:94:5f:dd:2f:b8:
                    81:03:08:17:de:c4:f2:a2:bf:78:58:6d:25:93:0f:
                    5d:ac:39:55:ff:e6:3a:19:54:de:77:88:05:f5:33:
                    22:3f:d2:79:1b:3d:3a:de:3a:61:e6:c0:7c:3f:a4:
                    11:68:04:41:60:98:f5:61:d3:b6:ff:fa:71:4a:34:
                    51:41:96:18:46:88:60:ed:72:d9:47:8d:69:58:4e:
                    32:40:9e:f6:ea:66:7e:30:a3:79:14:f3:4d:8f:67:
                    42:96:c6:50:0a:a4:68:e9:87:3c:a5:23:e4:a3:d9:
                    ce:aa:3c:5c:c7:52:2f:55:1d:2c:f5:f2:b6:b8:d5:
                    58:82:0e:c8:9f:01:60:7f:3c:f9:b9:49:71:24:be:
                    d4:2d:5b:cf:f2:7f:4a:92:bb:6f:07:59:69:fc:70:
                    86:81:d8:21:87:06:64:e3:e3:fb:d9:c1:2b:ef:80:
                    68:0f:b7:b8:53:30:f7:41:05:a1:bd:19:7c:12:00:
                    e2:08:c1:db:93:71:6b:20:19:b9:49:42:51:5d:f8:
                    26:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:64:39:6B:A6:1A:C6:6C:7C:5A:5A:49:B9:EF:3A:E4:12:10:08:08
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/j2Q5a6Yaxmx8WlpJue865BIQCAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:7e:a1:1b:aa:06:a6:13:89:4c:78:10:13:a8:1e:f0:d7:6d:
         d9:0a:c6:c2:4d:7c:c1:1a:e4:9e:17:32:1f:35:37:65:6e:cf:
         86:7c:be:e3:a0:f4:57:c3:63:e8:c2:01:5d:8a:00:74:62:aa:
         0a:ac:33:9d:73:c7:73:c3:78:9c:e4:32:d5:7b:de:e4:88:58:
         1a:bd:48:7a:9e:ac:cb:c9:e9:8f:2f:81:7f:02:d6:35:10:65:
         9c:ce:bd:55:42:13:b8:fe:24:7f:98:10:1b:06:d9:42:2d:65:
         b1:5e:46:fe:ba:24:ab:54:21:18:8f:5e:f6:40:e5:e5:69:77:
         64:47:04:87:79:b2:68:2b:92:02:99:54:44:5a:aa:e4:84:90:
         60:f8:2e:12:27:b6:69:d0:b0:b6:9d:29:7c:75:64:73:6a:2f:
         e7:59:9f:a9:8a:db:b1:b9:7e:55:71:68:f9:cb:89:1a:1c:42:
         36:9d:09:d8:41:22:98:e0:57:89:5a:eb:7a:17:4d:99:48:5c:
         25:79:d0:ac:3b:77:96:c6:2a:02:a6:db:66:0c:30:e2:d1:a6:
         44:0b:15:da:63:a0:2d:4a:8f:04:80:7a:c6:4d:af:d6:4a:0e:
         8e:8f:81:2c:d3:1f:52:fe:89:1b:40:44:ab:51:30:99:37:3d:
         c4:1b:e0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ42RHVpJkbkIa3E3W4oZnfKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwNTE3MTQwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY0Mzk2YmE2MWFjNjZjN2M1YTVhNDliOWVmM2FlNDEyMTAwODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0GuX6CMBy4COhBuDh+nb8s4xzny
VFDVWsI7+pImguoWYT4n3urWK0Awz2GRFV0oZVwRHNkelF/dL7iBAwgX3sTyor94
WG0lkw9drDlV/+Y6GVTed4gF9TMiP9J5Gz063jph5sB8P6QRaARBYJj1YdO2//px
SjRRQZYYRohg7XLZR41pWE4yQJ726mZ+MKN5FPNNj2dClsZQCqRo6Yc8pSPko9nO
qjxcx1IvVR0s9fK2uNVYgg7InwFgfzz5uUlxJL7ULVvP8n9KkrtvB1lp/HCGgdgh
hwZk4+P72cEr74BoD7e4UzD3QQWhvRl8EgDiCMHbk3FrIBm5SUJRXfgmVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9kOWumGsZsfFpaSbnvOuQSEAgIMB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvajJRNWE2WWF4bXg4V2xwSnVlODY1QklRQ0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQAPfqEbqgamE4lMeBATqB7w123ZCsbCTXzBGuSeFzIf
NTdlbs+GfL7joPRXw2PowgFdigB0YqoKrDOdc8dzw3ic5DLVe97kiFgavUh6nqzL
yemPL4F/AtY1EGWczr1VQhO4/iR/mBAbBtlCLWWxXkb+uiSrVCEYj172QOXlaXdk
RwSHebJoK5ICmVREWqrkhJBg+C4SJ7Zp0LC2nSl8dWRzai/nWZ+pituxuX5VcWj5
y4kaHEI2nQnYQSKY4FeJWut6F02ZSFwledCsO3eWxioCpttmDDDi0aZECxXaY6At
So8EgHrGTa/WSg6Oj4Es0x9S/okbQESrUTCZNz3EG+CD
-----END CERTIFICATE-----