Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/JdJ2GrZP8BmPhtMDeVDtq1dzG9Y.roa
File:                     JdJ2GrZP8BmPhtMDeVDtq1dzG9Y.roa (raw, json)
Hash identifier:          g4bpfsa9ZYoM4FF2r533oXT4o3R2SptlsP+GrPqnzEU=
Subject key identifier:   25:D2:76:1A:B6:4F:F0:19:8F:86:D3:03:79:50:ED:AB:57:73:1B:D6
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D7243D2288B3A53570A20B5543CC2E1B4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/JdJ2GrZP8BmPhtMDeVDtq1dzG9Y.roa
Signing time:             Thu 09 Apr 2026 12:42:20 +0000
ROA not before:           Thu 09 Apr 2026 12:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199304
IP address blocks:        186.246.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 00:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:43:d2:28:8b:3a:53:57:0a:20:b5:54:3c:c2:e1:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 12:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25d2761ab64ff0198f86d3037950edab57731bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:18:8c:32:ab:53:d2:da:37:1f:67:86:8c:ed:
                    24:70:a0:c1:4b:65:78:31:e1:e8:44:0b:16:91:b2:
                    f6:1f:eb:b0:81:15:82:a0:6c:eb:18:63:e0:76:53:
                    7d:56:45:9b:39:08:28:71:43:f9:7d:f5:d4:31:3b:
                    f6:37:93:51:da:28:a7:e1:17:43:46:2e:19:aa:86:
                    70:23:8c:13:34:59:dd:32:8d:bc:27:21:bd:0d:93:
                    87:41:49:4a:3a:fa:e3:10:93:5d:97:24:33:cd:3d:
                    e4:fd:8f:e5:03:88:68:e4:66:27:ed:eb:e1:c7:65:
                    48:33:b3:fd:f2:b4:0c:66:22:b9:59:bb:58:3a:4c:
                    92:ff:a7:db:17:33:81:43:95:2b:4d:a9:29:ae:58:
                    c6:70:d0:91:c0:43:be:2b:9e:75:e4:4d:79:b5:75:
                    0d:26:0f:27:ce:cf:41:8f:12:b2:d0:90:6b:e8:78:
                    6f:c3:03:5b:14:1d:2e:f1:ac:e7:3f:65:26:02:04:
                    61:9a:22:f3:53:ec:e9:56:61:3e:ba:4a:19:a5:bb:
                    c5:f6:2f:b6:bb:e6:f8:bf:00:2b:6e:d4:bb:82:c3:
                    2a:bc:cd:d7:72:0a:f7:6b:6e:10:d4:7a:ee:a0:c8:
                    7d:b6:6d:1b:b0:81:c1:3a:55:ae:99:78:1f:72:0c:
                    7e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D2:76:1A:B6:4F:F0:19:8F:86:D3:03:79:50:ED:AB:57:73:1B:D6
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/JdJ2GrZP8BmPhtMDeVDtq1dzG9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.246.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6b:39:4a:2a:0d:39:8a:b6:23:63:46:e5:b6:a6:37:8b:0d:
         26:38:2b:0b:28:76:a5:6f:13:07:e9:bd:7a:9a:63:9c:71:b7:
         c5:20:b6:f0:91:1e:1a:5c:e5:f1:2b:da:f2:b0:5a:3d:e7:24:
         60:3f:cd:ef:15:92:3c:af:a9:39:97:8a:e5:02:0f:43:87:06:
         db:26:89:31:a3:ab:3b:b8:94:7f:f4:56:25:52:9c:b6:19:a0:
         d0:b9:b0:59:72:3e:8d:a6:4c:d2:e4:53:5c:f0:51:87:a7:9d:
         f0:7c:0f:75:2a:cd:51:7f:6d:32:14:a3:9a:12:25:2b:08:79:
         c4:1b:f4:1f:2b:39:8e:0c:bd:48:49:7f:fd:0a:c9:57:55:2c:
         11:c0:86:1c:6c:e2:f0:ec:29:70:1b:7c:f6:e8:3c:9e:7f:b4:
         36:d9:ab:99:2c:80:a1:a6:82:03:1c:61:22:42:96:22:72:45:
         8e:3c:4d:8d:34:75:c9:44:f6:f7:71:15:77:e9:fd:65:51:b6:
         36:01:78:12:57:d1:65:e7:24:4f:c7:d0:f9:55:d2:93:d1:6d:
         2d:88:be:28:12:4e:c6:3a:d4:b0:b5:26:67:91:76:37:d5:59:
         db:ae:a6:23:b8:02:6a:de:46:c8:ff:6a:93:91:00:0e:b5:00:
         91:d4:67:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yQ9IoizpTVwogtVQ8wuG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDA5MTI0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWQyNzYxYWI2NGZmMDE5OGY4NmQzMDM3OTUwZWRhYjU3NzMxYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBiMMqtT0to3H2eGjO0kcKDBS2V4
MeHoRAsWkbL2H+uwgRWCoGzrGGPgdlN9VkWbOQgocUP5ffXUMTv2N5NR2iin4RdD
Ri4ZqoZwI4wTNFndMo28JyG9DZOHQUlKOvrjEJNdlyQzzT3k/Y/lA4ho5GYn7evh
x2VIM7P98rQMZiK5WbtYOkyS/6fbFzOBQ5UrTakprljGcNCRwEO+K5515E15tXUN
Jg8nzs9BjxKy0JBr6HhvwwNbFB0u8aznP2UmAgRhmiLzU+zpVmE+ukoZpbvF9i+2
u+b4vwArbtS7gsMqvM3Xcgr3a24Q1HruoMh9tm0bsIHBOlWumXgfcgx+JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXSdhq2T/AZj4bTA3lQ7atXcxvWMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvSmRKMkdyWlA4Qm1QaHRNRGVWRHRxMWR6RzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuvYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAjazlKKg05irYjY0bltqY3iw0mOCsLKHalbxMH6b16
mmOccbfFILbwkR4aXOXxK9rysFo95yRgP83vFZI8r6k5l4rlAg9DhwbbJokxo6s7
uJR/9FYlUpy2GaDQubBZcj6NpkzS5FNc8FGHp53wfA91Ks1Rf20yFKOaEiUrCHnE
G/QfKzmODL1ISX/9CslXVSwRwIYcbOLw7ClwG3z26Dyef7Q22auZLIChpoIDHGEi
QpYickWOPE2NNHXJRPb3cRV36f1lUbY2AXgSV9Fl5yRPx9D5VdKT0W0tiL4oEk7G
OtSwtSZnkXY31VnbrqYjuAJq3kbI/2qTkQAOtQCR1Gfa
-----END CERTIFICATE-----