Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/JOrZbv5P8xa_uNN_bW2nd8t85fw.roa
File:                     JOrZbv5P8xa_uNN_bW2nd8t85fw.roa (raw, json)
Hash identifier:          +tU3FVRnRItU1Djfz+HewHPi/7UJ09UTc4dbTgRdd4Q=
Subject key identifier:   24:EA:D9:6E:FE:4F:F3:16:BF:B8:D3:7F:6D:6D:A7:77:CB:7C:E5:FC
Certificate issuer:       /CN=7c40d38c7e6bcd4b6aefa0bb4acd7b644ce71a47
Certificate serial:       019CE3DF09A65C1E52A8DDB44774C6F2E2B8
Authority key identifier: 7C:40:D3:8C:7E:6B:CD:4B:6A:EF:A0:BB:4A:CD:7B:64:4C:E7:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/JOrZbv5P8xa_uNN_bW2nd8t85fw.roa
Signing time:             Thu 12 Mar 2026 21:06:10 +0000
ROA not before:           Thu 12 Mar 2026 21:06:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395743
IP address blocks:        185.29.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 12:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:df:09:a6:5c:1e:52:a8:dd:b4:47:74:c6:f2:e2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c40d38c7e6bcd4b6aefa0bb4acd7b644ce71a47
        Validity
            Not Before: Mar 12 21:06:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24ead96efe4ff316bfb8d37f6d6da777cb7ce5fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7c:62:83:8a:e4:b0:b4:f1:85:71:10:b6:1c:
                    c0:0e:69:c3:a7:cf:5c:e6:6d:ee:9c:15:78:51:34:
                    4a:46:81:c4:6b:00:89:f5:2e:2a:60:9c:a8:50:03:
                    ff:c5:e0:04:f4:78:5c:ad:66:2b:32:f0:06:9d:72:
                    b0:a2:e1:91:36:29:7e:af:89:d7:8a:a8:71:75:6a:
                    0a:0a:97:a7:2d:77:c3:8c:c3:16:77:99:8b:b1:98:
                    af:1e:df:9b:70:45:42:ba:a8:e2:6d:bb:ae:73:c8:
                    4f:d7:2b:ef:7e:2b:c6:60:25:8d:e5:c7:3b:98:64:
                    9b:99:1c:1b:b0:71:5f:fc:06:02:91:aa:f2:c8:94:
                    29:3c:e0:24:8f:19:ca:24:65:9f:19:a7:47:44:c6:
                    4c:fa:ac:f7:f8:fe:5a:74:1b:f6:b6:ad:9c:38:82:
                    f5:81:2e:5f:d4:2a:be:3a:4f:e5:79:1e:ec:10:ef:
                    a0:f0:28:53:0a:47:9f:cd:18:0c:49:ed:ac:5d:76:
                    5f:c7:da:3c:58:9f:56:38:50:86:03:64:c1:7e:2d:
                    f5:8f:14:27:5e:bb:00:d7:0c:e6:ee:51:72:5f:fb:
                    f4:d7:33:cc:ed:63:20:52:f1:51:9b:a9:38:0e:21:
                    67:89:86:ed:63:f4:f6:ee:98:7f:d9:61:c6:94:ac:
                    32:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EA:D9:6E:FE:4F:F3:16:BF:B8:D3:7F:6D:6D:A7:77:CB:7C:E5:FC
            X509v3 Authority Key Identifier:
                keyid:7C:40:D3:8C:7E:6B:CD:4B:6A:EF:A0:BB:4A:CD:7B:64:4C:E7:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEDTjH5rzUtq76C7Ss17ZEznGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/JOrZbv5P8xa_uNN_bW2nd8t85fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/89f12f-caec-4e7a-8ac9-d6b51d37aff4/1/fEDTjH5rzUtq76C7Ss17ZEznGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:5e:20:1c:9e:e7:96:17:f8:20:6a:6c:b4:23:ad:13:20:1f:
         40:0e:fb:92:1b:6b:d5:d0:98:b7:a1:6e:2f:3a:8b:51:0c:d2:
         ff:d4:cd:42:d0:30:a5:44:d7:98:96:7c:e9:3f:9a:90:e3:67:
         ec:9d:a1:91:0b:a5:df:5d:af:09:5d:76:e7:7b:af:e0:db:16:
         98:6a:cf:63:86:36:71:45:4b:30:0b:2b:6e:de:55:66:8c:63:
         56:ac:97:61:79:fa:76:03:df:9c:5f:55:c2:5e:06:65:64:a6:
         98:91:32:27:da:e5:ea:b3:f9:74:37:1f:ec:27:27:68:65:56:
         61:b8:de:51:fd:63:98:b1:ee:e6:62:98:5f:22:70:f3:a6:45:
         2e:7e:9d:f1:ec:a7:9c:83:e3:fe:cc:04:90:af:64:73:f3:07:
         ef:b8:e8:ad:58:b2:6f:fd:e7:6d:e7:11:83:e4:97:c0:c6:d3:
         69:94:58:f7:dc:bd:8a:29:c5:f5:03:32:41:08:ff:df:61:9c:
         58:64:25:d1:c6:7e:42:84:54:6a:be:d5:57:7d:48:96:84:3d:
         68:9f:3a:31:f0:f2:37:c5:b0:7e:23:e8:25:d4:7b:58:51:2c:
         b4:8c:37:fb:ee:8f:c7:21:6b:04:bd:64:36:f6:85:6d:49:41:
         98:5c:11:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzj3wmmXB5SqN20R3TG8uK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNDBkMzhjN2U2YmNkNGI2YWVmYTBiYjRhY2Q3YjY0NGNl
NzFhNDcwHhcNMjYwMzEyMjEwNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVhZDk2ZWZlNGZmMzE2YmZiOGQzN2Y2ZDZkYTc3N2NiN2NlNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXxig4rksLTxhXEQthzADmnDp89c
5m3unBV4UTRKRoHEawCJ9S4qYJyoUAP/xeAE9HhcrWYrMvAGnXKwouGRNil+r4nX
iqhxdWoKCpenLXfDjMMWd5mLsZivHt+bcEVCuqjibbuuc8hP1yvvfivGYCWN5cc7
mGSbmRwbsHFf/AYCkaryyJQpPOAkjxnKJGWfGadHRMZM+qz3+P5adBv2tq2cOIL1
gS5f1Cq+Ok/leR7sEO+g8ChTCkefzRgMSe2sXXZfx9o8WJ9WOFCGA2TBfi31jxQn
XrsA1wzm7lFyX/v01zPM7WMgUvFRm6k4DiFniYbtY/T27ph/2WHGlKwy+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTq2W7+T/MWv7jTf21tp3fLfOX8MB8GA1UdIwQY
MBaAFHxA04x+a81Lau+gu0rNe2RM5xpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkVEVGpINXJ6VXRxNzZDN1NzMTdaRXpuR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84OWYxMmYtY2FlYy00ZTdhLThhYzkt
ZDZiNTFkMzdhZmY0LzEvSk9yWmJ2NVA4eGFfdU5OX2JXMm5kOHQ4NWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84OWYxMmYtY2FlYy00ZTdhLThhYzktZDZiNTFkMzdhZmY0
LzEvZkVEVGpINXJ6VXRxNzZDN1NzMTdaRXpuR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR3nMA0G
CSqGSIb3DQEBCwUAA4IBAQBgXiAcnueWF/ggamy0I60TIB9ADvuSG2vV0Ji3oW4v
OotRDNL/1M1C0DClRNeYlnzpP5qQ42fsnaGRC6XfXa8JXXbne6/g2xaYas9jhjZx
RUswCytu3lVmjGNWrJdhefp2A9+cX1XCXgZlZKaYkTIn2uXqs/l0Nx/sJydoZVZh
uN5R/WOYse7mYphfInDzpkUufp3x7Kecg+P+zASQr2Rz8wfvuOitWLJv/edt5xGD
5JfAxtNplFj33L2KKcX1AzJBCP/fYZxYZCXRxn5ChFRqvtVXfUiWhD1onzox8PI3
xbB+I+gl1HtYUSy0jDf77o/HIWsEvWQ29oVtSUGYXBFH
-----END CERTIFICATE-----