Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/JLl9ieAggP9WR-N8wVWrBA7z2QU.roa
File:                     JLl9ieAggP9WR-N8wVWrBA7z2QU.roa (raw, json)
Hash identifier:          /5ecZkNFv83mEzuS65WLl+FgZAKLhz3j2fY0mS2pA+k=
Subject key identifier:   24:B9:7D:89:E0:20:80:FF:56:47:E3:7C:C1:55:AB:04:0E:F3:D9:05
Certificate issuer:       /CN=c8ba1e181286ecdcf74dc94bc33f19949713b391
Certificate serial:       019DAEF9E79B919BD94D07AC94D70A70ABB8
Authority key identifier: C8:BA:1E:18:12:86:EC:DC:F7:4D:C9:4B:C3:3F:19:94:97:13:B3:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/JLl9ieAggP9WR-N8wVWrBA7z2QU.roa
Signing time:             Tue 21 Apr 2026 07:38:26 +0000
ROA not before:           Tue 21 Apr 2026 07:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48362
IP address blocks:        195.62.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:f9:e7:9b:91:9b:d9:4d:07:ac:94:d7:0a:70:ab:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8ba1e181286ecdcf74dc94bc33f19949713b391
        Validity
            Not Before: Apr 21 07:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24b97d89e02080ff5647e37cc155ab040ef3d905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ab:12:7e:af:47:c1:01:59:84:01:d3:5f:db:
                    7c:4c:5f:60:01:06:45:05:69:99:f9:ae:5b:18:a3:
                    28:a5:c8:ca:24:a2:70:07:0b:48:16:d2:38:f4:4e:
                    67:e9:34:45:e9:44:6b:00:b0:75:79:23:dc:34:b4:
                    3a:ac:2e:5a:c5:e5:9f:31:51:3b:17:9c:ba:c2:d5:
                    64:a7:86:4b:e9:b0:63:16:e6:76:61:71:9d:54:bc:
                    0d:f4:bf:56:c5:1d:9c:08:ef:dd:d0:c4:7d:21:4c:
                    a3:0a:25:32:51:0e:a0:35:8e:06:5d:d6:b8:ca:83:
                    63:5b:9b:a1:7a:96:ee:3e:2a:44:97:6d:dd:7d:a4:
                    b7:71:a8:8a:c6:cd:ae:b2:2e:3e:d9:40:74:34:74:
                    f0:81:b8:4a:b9:15:ce:e4:3a:06:ec:19:ad:d2:24:
                    aa:f9:17:07:e0:1b:9f:86:95:35:c3:66:6b:bf:fa:
                    74:b8:9b:d2:e7:da:dd:c0:60:f3:55:49:89:68:ca:
                    57:f1:49:a9:58:c5:cf:e7:12:41:37:a1:4a:a6:d0:
                    b0:c0:07:84:c1:e8:31:a1:d0:df:82:fa:41:71:91:
                    59:e8:f5:d8:c7:ba:80:f8:41:2d:64:73:b1:2b:9a:
                    d7:04:00:81:9f:91:5b:7f:88:d9:a7:0e:63:0a:91:
                    70:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:B9:7D:89:E0:20:80:FF:56:47:E3:7C:C1:55:AB:04:0E:F3:D9:05
            X509v3 Authority Key Identifier:
                keyid:C8:BA:1E:18:12:86:EC:DC:F7:4D:C9:4B:C3:3F:19:94:97:13:B3:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/JLl9ieAggP9WR-N8wVWrBA7z2QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ec1fdd-1080-4167-955b-205ffaf84c02/1/yLoeGBKG7Nz3TclLwz8ZlJcTs5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:6e:b2:c5:21:40:4e:4e:63:da:da:7c:88:9f:92:64:57:21:
         fa:8f:7e:5b:f5:85:cb:23:29:f1:47:ef:dc:54:3b:39:20:ef:
         42:2c:e3:34:5e:ef:53:80:0b:f3:3b:25:3f:ba:eb:b2:0c:78:
         5e:a2:69:f5:cd:4c:98:40:0e:5e:04:ad:eb:78:80:29:d5:7a:
         db:44:0b:e5:87:25:b2:35:12:8e:57:92:d1:e6:cf:fd:9d:2c:
         85:e3:0c:b8:a2:bf:91:f9:66:90:47:e1:cd:41:01:da:9f:e5:
         8e:0f:f1:c8:82:55:e7:c3:d0:61:21:72:d0:6b:1c:f7:56:e4:
         58:c5:aa:bd:43:bf:39:59:4b:03:59:1b:84:bf:66:ee:d4:79:
         56:48:97:e2:30:73:c6:a5:d5:65:2a:50:db:74:f6:82:6f:45:
         9c:67:4e:2a:00:18:05:97:9d:a5:be:85:6b:82:89:f9:25:d7:
         f3:5a:0a:d7:83:29:cc:2d:cc:84:f9:e7:b5:93:72:10:8d:d3:
         d6:b5:7f:d1:68:14:30:e4:91:1d:9d:5f:a9:a0:12:c8:ce:cf:
         d8:4e:77:3b:78:65:c6:f1:3c:26:1b:82:7c:38:d6:43:3f:3c:
         6e:45:de:2b:94:0c:3a:4f:ab:af:37:ca:6e:20:e1:2a:16:6d:
         bd:fc:c1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2u+eebkZvZTQeslNcKcKu4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YmExZTE4MTI4NmVjZGNmNzRkYzk0YmMzM2YxOTk0OTcx
M2IzOTEwHhcNMjYwNDIxMDczODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGI5N2Q4OWUwMjA4MGZmNTY0N2UzN2NjMTU1YWIwNDBlZjNkOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8asSfq9HwQFZhAHTX9t8TF9gAQZF
BWmZ+a5bGKMopcjKJKJwBwtIFtI49E5n6TRF6URrALB1eSPcNLQ6rC5axeWfMVE7
F5y6wtVkp4ZL6bBjFuZ2YXGdVLwN9L9WxR2cCO/d0MR9IUyjCiUyUQ6gNY4GXda4
yoNjW5uhepbuPipEl23dfaS3caiKxs2usi4+2UB0NHTwgbhKuRXO5DoG7Bmt0iSq
+RcH4BufhpU1w2Zrv/p0uJvS59rdwGDzVUmJaMpX8UmpWMXP5xJBN6FKptCwwAeE
wegxodDfgvpBcZFZ6PXYx7qA+EEtZHOxK5rXBACBn5Fbf4jZpw5jCpFwoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS5fYngIID/VkfjfMFVqwQO89kFMB8GA1UdIwQY
MBaAFMi6HhgShuzc903JS8M/GZSXE7ORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUxvZUdCS0c3TnozVGNsTHd6OFpsSmNUczVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lYzFmZGQtMTA4MC00MTY3LTk1NWIt
MjA1ZmZhZjg0YzAyLzEvSkxsOWllQWdnUDlXUi1OOHdWV3JCQTd6MlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lYzFmZGQtMTA4MC00MTY3LTk1NWItMjA1ZmZhZjg0YzAy
LzEveUxvZUdCS0c3TnozVGNsTHd6OFpsSmNUczVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4fMA0G
CSqGSIb3DQEBCwUAA4IBAQBrbrLFIUBOTmPa2nyIn5JkVyH6j35b9YXLIynxR+/c
VDs5IO9CLOM0Xu9TgAvzOyU/uuuyDHheomn1zUyYQA5eBK3reIAp1XrbRAvlhyWy
NRKOV5LR5s/9nSyF4wy4or+R+WaQR+HNQQHan+WOD/HIglXnw9BhIXLQaxz3VuRY
xaq9Q785WUsDWRuEv2bu1HlWSJfiMHPGpdVlKlDbdPaCb0WcZ04qABgFl52lvoVr
gon5JdfzWgrXgynMLcyE+ee1k3IQjdPWtX/RaBQw5JEdnV+poBLIzs/YTnc7eGXG
8TwmG4J8ONZDPzxuRd4rlAw6T6uvN8puIOEqFm29/MGU
-----END CERTIFICATE-----