Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/s_jNQyIiTuwbGKzqZChjnXQ8yXk.roa
File:                     s_jNQyIiTuwbGKzqZChjnXQ8yXk.roa (raw, json)
Hash identifier:          BigSrB3O/lITzhT7Tp1a0ccxKTegNHB+OKmJdIYz9ak=
Subject key identifier:   B3:F8:CD:43:22:22:4E:EC:1B:18:AC:EA:64:28:63:9D:74:3C:C9:79
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019D4DE825E1D6100DFBC11765D7C1CD7668
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/s_jNQyIiTuwbGKzqZChjnXQ8yXk.roa
Signing time:             Thu 02 Apr 2026 11:15:52 +0000
ROA not before:           Thu 02 Apr 2026 11:15:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22773
IP address blocks:        185.10.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Apr 2026 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:e8:25:e1:d6:10:0d:fb:c1:17:65:d7:c1:cd:76:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Apr  2 11:15:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3f8cd4322224eec1b18acea6428639d743cc979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:46:5b:ba:0c:d5:c1:63:6b:ea:0a:dc:4b:13:
                    d3:c4:fd:c7:40:c2:1b:44:ae:2e:dd:5c:82:1b:8f:
                    f9:f2:2b:d3:11:4f:28:be:d0:b9:3c:f4:64:2a:f5:
                    ce:4a:04:92:84:ed:a3:c3:32:a9:83:d5:c7:0a:4d:
                    41:56:0a:e9:cc:72:bf:b2:64:16:14:64:cd:97:16:
                    c5:f4:56:1e:08:48:c1:2f:49:ce:94:fb:98:e5:61:
                    02:ef:61:28:cb:db:ed:c1:e8:83:20:31:53:9e:2d:
                    d2:e4:39:52:d7:dd:74:38:98:bb:8a:5b:bc:d1:97:
                    08:33:87:ab:c8:48:ff:a1:99:32:1d:42:44:39:d6:
                    6a:8d:4f:b4:cf:22:d2:4a:a6:a6:68:81:2e:ed:24:
                    31:9e:e3:28:99:86:3d:21:c0:45:29:86:aa:86:fe:
                    7c:59:c9:f3:e0:c8:4a:b2:9a:3e:c3:bf:a3:2a:2c:
                    65:77:68:95:8e:3f:7b:6e:66:00:50:1e:a0:25:06:
                    79:10:f9:4b:df:79:a1:a7:4e:af:64:84:b4:35:75:
                    3b:d1:1e:6d:fe:e2:71:53:da:7c:35:38:63:c3:fe:
                    c4:6d:ff:06:92:05:29:49:4e:38:72:ed:20:02:1e:
                    91:31:0a:c8:63:6e:99:ee:0f:b4:f3:ed:53:93:fb:
                    a3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F8:CD:43:22:22:4E:EC:1B:18:AC:EA:64:28:63:9D:74:3C:C9:79
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/s_jNQyIiTuwbGKzqZChjnXQ8yXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:89:20:c5:bd:83:1a:80:15:a1:4a:4b:fb:53:cd:1f:be:19:
         2b:1c:0a:43:fa:c3:aa:89:ba:59:10:24:ca:76:6e:94:06:dd:
         6c:5d:27:c0:7e:84:fa:97:19:cc:e8:ef:51:a5:81:23:79:6d:
         0b:6e:ae:45:88:06:42:a0:22:5b:60:e8:46:70:d9:e0:ee:a0:
         71:15:91:a0:b7:87:9b:86:51:16:23:cb:e7:2b:0f:a9:ec:df:
         83:ae:01:17:9c:99:56:c7:8b:df:56:3c:38:a1:8d:bf:a4:54:
         5c:09:c8:6c:43:a6:a8:8e:c4:94:8e:57:7b:1e:43:73:f8:d3:
         04:2b:67:83:17:23:83:76:8a:ee:7c:40:c8:ec:f9:6d:f9:9e:
         08:aa:63:41:b7:ef:e2:b0:85:69:c9:64:13:65:f0:62:48:f1:
         eb:1d:41:5d:ec:97:ae:61:87:13:8d:8d:61:91:10:ec:d8:49:
         f0:07:fe:9c:d7:5f:c5:07:c5:97:95:d5:fb:c5:ec:8f:58:dc:
         0a:c5:16:42:d1:fe:ea:8e:1e:bd:7e:6e:e6:3a:93:b6:10:f2:
         78:9e:bd:9a:f3:8c:2d:e1:e8:1d:f4:6a:c6:6d:fd:a2:d3:c2:
         dd:7b:01:15:d7:44:78:61:1d:14:6d:f6:e5:09:13:73:ad:a4:
         40:f2:f1:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1N6CXh1hAN+8EXZdfBzXZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwNDAyMTExNTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Y4Y2Q0MzIyMjI0ZWVjMWIxOGFjZWE2NDI4NjM5ZDc0M2NjOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0ZbugzVwWNr6grcSxPTxP3HQMIb
RK4u3VyCG4/58ivTEU8ovtC5PPRkKvXOSgSShO2jwzKpg9XHCk1BVgrpzHK/smQW
FGTNlxbF9FYeCEjBL0nOlPuY5WEC72Eoy9vtweiDIDFTni3S5DlS1910OJi7ilu8
0ZcIM4eryEj/oZkyHUJEOdZqjU+0zyLSSqamaIEu7SQxnuMomYY9IcBFKYaqhv58
Wcnz4MhKspo+w7+jKixld2iVjj97bmYAUB6gJQZ5EPlL33mhp06vZIS0NXU70R5t
/uJxU9p8NThjw/7Ebf8GkgUpSU44cu0gAh6RMQrIY26Z7g+08+1Tk/ujEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLP4zUMiIk7sGxis6mQoY510PMl5MB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvc19qTlF5SWlUdXdiR0t6cVpDaGpuWFE4eVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQp6MA0G
CSqGSIb3DQEBCwUAA4IBAQAhiSDFvYMagBWhSkv7U80fvhkrHApD+sOqibpZECTK
dm6UBt1sXSfAfoT6lxnM6O9RpYEjeW0Lbq5FiAZCoCJbYOhGcNng7qBxFZGgt4eb
hlEWI8vnKw+p7N+DrgEXnJlWx4vfVjw4oY2/pFRcCchsQ6aojsSUjld7HkNz+NME
K2eDFyODdorufEDI7Plt+Z4IqmNBt+/isIVpyWQTZfBiSPHrHUFd7JeuYYcTjY1h
kRDs2EnwB/6c11/FB8WXldX7xeyPWNwKxRZC0f7qjh69fm7mOpO2EPJ4nr2a84wt
4egd9GrGbf2i08LdewEV10R4YR0UbfblCRNzraRA8vG1
-----END CERTIFICATE-----