Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/jhn71fT48Jyij-saQSM1F3Yd5Xs.roa
File:                     jhn71fT48Jyij-saQSM1F3Yd5Xs.roa (raw, json)
Hash identifier:          iAtEuRJF49KwPMWpiNcuwDGbu8Bt3J7c84NmLhWiYE0=
Subject key identifier:   8E:19:FB:D5:F4:F8:F0:9C:A2:8F:EB:1A:41:23:35:17:76:1D:E5:7B
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019CC3673706F3158C6D12F0434CC6DD5BD6
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/jhn71fT48Jyij-saQSM1F3Yd5Xs.roa
Signing time:             Fri 06 Mar 2026 13:47:27 +0000
ROA not before:           Fri 06 Mar 2026 13:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201070
IP address blocks:        138.249.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:67:37:06:f3:15:8c:6d:12:f0:43:4c:c6:dd:5b:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar  6 13:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e19fbd5f4f8f09ca28feb1a41233517761de57b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9e:2c:aa:54:19:4d:06:12:f4:6f:14:6d:32:
                    a0:b1:d0:f2:16:0c:b0:d5:d9:de:c8:e5:68:8e:53:
                    75:09:d7:9b:5d:c0:bb:73:34:96:78:7c:2c:6e:fd:
                    57:af:b3:fb:9f:3a:48:ed:64:43:a7:ab:25:07:50:
                    2f:c9:28:4f:16:51:d9:8d:fb:32:6c:f8:9d:8e:cb:
                    30:23:b7:a0:c4:63:d4:48:e0:24:f9:21:88:67:5e:
                    87:59:01:98:9d:49:1c:00:70:0c:59:6a:25:89:9c:
                    b0:d7:ec:60:dc:9f:39:bf:7a:98:66:f7:35:04:9e:
                    ed:7c:77:52:03:23:ff:f5:6d:22:0b:fb:cf:60:64:
                    63:89:c1:9e:6c:d8:30:1c:28:de:2f:95:bf:65:70:
                    66:51:02:d9:22:bb:42:54:08:09:f7:7e:0f:ec:5b:
                    44:ec:54:76:21:8c:2b:3b:6b:43:4a:b1:33:93:5b:
                    52:e0:5f:e3:de:30:b4:3c:43:43:ca:2f:e5:b6:6e:
                    ee:38:4f:15:e6:8d:d2:15:75:35:75:5a:54:06:fe:
                    8c:f4:d6:6d:0e:79:4f:f5:33:b5:96:cd:1e:33:63:
                    1b:db:f2:8f:3c:35:7f:e6:e2:ee:04:37:f5:c5:1b:
                    a1:82:26:17:7b:50:dd:8c:cb:2f:ec:9b:5c:99:18:
                    6f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:19:FB:D5:F4:F8:F0:9C:A2:8F:EB:1A:41:23:35:17:76:1D:E5:7B
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/jhn71fT48Jyij-saQSM1F3Yd5Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:78:4e:96:4e:20:41:a1:f5:66:13:59:6e:e9:51:24:4b:99:
         ae:75:e6:74:f2:da:e7:e4:c4:9f:1c:54:dd:d6:4a:f5:cc:57:
         7d:e5:11:43:1b:21:4e:a8:25:3b:de:f1:6c:c4:c2:88:7d:1d:
         9b:e9:63:9f:5a:f7:75:01:8d:48:91:79:53:dc:ae:43:43:79:
         68:85:8b:cd:14:c9:f7:e2:96:7b:11:28:5a:21:f3:01:a0:5b:
         46:b9:8f:a4:55:62:9c:3c:d2:68:a1:b1:32:ea:7b:83:18:56:
         b2:c6:60:fb:d8:e5:70:22:6a:df:64:81:c6:9e:5d:e4:39:8f:
         f3:81:38:3b:6f:f6:4b:f3:c4:ab:4d:b8:2b:7d:af:fa:12:5e:
         1c:3a:ab:16:a5:be:af:ef:c1:c4:d1:fd:cd:ac:6a:5d:27:fd:
         3c:05:0a:9b:66:ee:5e:16:9a:b9:e0:d1:33:30:b3:89:cf:20:
         f8:53:45:39:a5:a3:ff:21:0f:6d:77:c1:3f:91:38:41:d5:7c:
         1d:90:8b:ee:df:1b:4d:ec:1d:08:15:83:d8:58:48:47:23:08:
         a3:9a:04:bc:ce:aa:53:29:ca:19:2e:82:c4:4a:07:6a:f9:3c:
         fc:46:85:89:ce:21:54:e0:d4:fd:db:79:70:f9:74:09:68:32:
         63:e3:be:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDZzcG8xWMbRLwQ0zG3VvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzA2MTM0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE5ZmJkNWY0ZjhmMDljYTI4ZmViMWE0MTIzMzUxNzc2MWRlNTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Z4sqlQZTQYS9G8UbTKgsdDyFgyw
1dneyOVojlN1CdebXcC7czSWeHwsbv1Xr7P7nzpI7WRDp6slB1AvyShPFlHZjfsy
bPidjsswI7egxGPUSOAk+SGIZ16HWQGYnUkcAHAMWWoliZyw1+xg3J85v3qYZvc1
BJ7tfHdSAyP/9W0iC/vPYGRjicGebNgwHCjeL5W/ZXBmUQLZIrtCVAgJ934P7FtE
7FR2IYwrO2tDSrEzk1tS4F/j3jC0PENDyi/ltm7uOE8V5o3SFXU1dVpUBv6M9NZt
DnlP9TO1ls0eM2Mb2/KPPDV/5uLuBDf1xRuhgiYXe1DdjMsv7JtcmRhvRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4Z+9X0+PCcoo/rGkEjNRd2HeV7MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvamhuNzFmVDQ4Snlpai1zYVFTTTFGM1lkNVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivnyMA0G
CSqGSIb3DQEBCwUAA4IBAQBAeE6WTiBBofVmE1lu6VEkS5mudeZ08trn5MSfHFTd
1kr1zFd95RFDGyFOqCU73vFsxMKIfR2b6WOfWvd1AY1IkXlT3K5DQ3lohYvNFMn3
4pZ7EShaIfMBoFtGuY+kVWKcPNJoobEy6nuDGFayxmD72OVwImrfZIHGnl3kOY/z
gTg7b/ZL88SrTbgrfa/6El4cOqsWpb6v78HE0f3NrGpdJ/08BQqbZu5eFpq54NEz
MLOJzyD4U0U5paP/IQ9td8E/kThB1XwdkIvu3xtN7B0IFYPYWEhHIwijmgS8zqpT
KcoZLoLESgdq+Tz8RoWJziFU4NT923lw+XQJaDJj474T
-----END CERTIFICATE-----