Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/jKnv8Hl298ULyF7AoE6ZHcljJwE.roa
File:                     jKnv8Hl298ULyF7AoE6ZHcljJwE.roa (raw, json)
Hash identifier:          TA8MQ/eJxiYGg6c5Dgiv14NsF16+iZvCNQxTM8OPxss=
Subject key identifier:   8C:A9:EF:F0:79:76:F7:C5:0B:C8:5E:C0:A0:4E:99:1D:C9:63:27:01
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019CB649F89375C75C2FFC9AD86245C1746A
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/jKnv8Hl298ULyF7AoE6ZHcljJwE.roa
Signing time:             Wed 04 Mar 2026 00:40:26 +0000
ROA not before:           Wed 04 Mar 2026 00:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        91.239.62.0/24 maxlen: 24
                          185.138.234.0/24 maxlen: 24
                          185.138.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b6:49:f8:93:75:c7:5c:2f:fc:9a:d8:62:45:c1:74:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Mar  4 00:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ca9eff07976f7c50bc85ec0a04e991dc9632701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:10:79:18:50:ec:8a:9a:b8:52:db:13:43:6f:
                    00:f3:a5:2a:41:6f:3b:56:b4:e5:f3:2d:9a:f3:e9:
                    ef:ff:7d:fe:fc:59:a2:51:58:43:f1:88:cd:8a:e1:
                    59:1c:ec:38:3d:23:26:fe:b5:d6:98:57:5c:23:ca:
                    97:b9:ed:86:5a:94:ea:2c:9a:fb:73:df:7b:f6:0c:
                    06:5c:29:9b:f1:41:d6:87:02:4a:a7:c6:cc:61:ff:
                    0b:c3:4d:86:da:64:7a:a9:be:94:ce:fc:dc:8a:91:
                    84:ad:f8:c0:e1:e8:1a:8e:48:33:3a:1f:d0:0b:e9:
                    49:f1:e0:1b:b4:be:3b:dc:56:a4:e3:ba:b0:17:e2:
                    61:cf:97:80:a5:17:07:88:6f:b4:23:68:c7:bd:14:
                    61:3f:55:33:48:e4:d4:fc:e5:b1:9b:fc:ca:9e:0d:
                    d3:63:69:54:4e:d1:68:b1:2c:7e:9e:d7:6b:cb:5e:
                    d4:91:17:89:11:28:b6:52:75:00:6f:8f:00:d7:37:
                    33:c8:14:6c:9e:eb:5a:8c:fe:71:d2:ee:f1:56:99:
                    a4:56:f2:79:1d:9b:98:9e:fb:3d:7e:65:09:e1:b0:
                    42:f1:01:b8:49:19:bc:ce:1d:eb:82:9b:a0:fc:c5:
                    0d:7c:ed:a4:21:d5:3e:0b:61:5a:13:88:ae:45:8c:
                    65:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A9:EF:F0:79:76:F7:C5:0B:C8:5E:C0:A0:4E:99:1D:C9:63:27:01
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/jKnv8Hl298ULyF7AoE6ZHcljJwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.62.0/24
                  185.138.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:09:40:4b:fb:2a:53:d9:3f:85:11:51:15:25:3c:58:ba:f8:
         28:fb:e3:40:cb:ee:fe:d6:81:85:4c:61:e2:c5:8e:3f:fa:4b:
         3f:1e:17:68:2b:4b:dc:61:91:d5:81:47:9f:7c:b5:67:2f:f9:
         8a:9e:24:50:ec:53:98:21:a4:c4:6f:9a:ed:df:56:2b:69:11:
         b9:1d:09:0f:d7:28:ce:c3:14:fa:19:7e:41:23:0d:7f:8b:b1:
         ae:6f:2c:35:f0:6a:db:95:b6:cb:66:14:b8:c1:f4:bb:f6:4a:
         ed:00:f0:76:db:3b:dd:91:9d:4d:6f:c4:d3:78:50:33:56:fb:
         d8:b9:e8:5c:c7:d9:f4:e5:a6:98:5f:08:02:52:14:15:39:b1:
         88:c5:94:38:7f:43:4f:d6:d0:8b:be:4d:31:59:25:45:75:6d:
         0b:bf:f0:90:75:2e:18:b0:ab:ef:3b:45:c1:32:37:3e:00:0d:
         2f:a3:80:4c:7c:b3:a9:86:8f:13:39:a4:0a:d0:4a:3c:47:b1:
         af:42:89:84:c9:7c:e5:78:2c:34:d1:2c:5e:c2:f5:c9:f9:c4:
         3a:01:b5:84:f2:77:46:e3:40:f6:5d:19:74:a4:60:21:0f:60:
         fb:d6:f9:70:91:10:1f:fc:70:59:a7:98:c5:f4:61:e6:07:2b:
         83:61:d2:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy2SfiTdcdcL/ya2GJFwXRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwMzA0MDA0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2E5ZWZmMDc5NzZmN2M1MGJjODVlYzBhMDRlOTkxZGM5NjMyNzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RB5GFDsipq4UtsTQ28A86UqQW87
VrTl8y2a8+nv/33+/FmiUVhD8YjNiuFZHOw4PSMm/rXWmFdcI8qXue2GWpTqLJr7
c9979gwGXCmb8UHWhwJKp8bMYf8Lw02G2mR6qb6UzvzcipGErfjA4egajkgzOh/Q
C+lJ8eAbtL473Fak47qwF+Jhz5eApRcHiG+0I2jHvRRhP1UzSOTU/OWxm/zKng3T
Y2lUTtFosSx+ntdry17UkReJESi2UnUAb48A1zczyBRsnutajP5x0u7xVpmkVvJ5
HZuYnvs9fmUJ4bBC8QG4SRm8zh3rgpug/MUNfO2kIdU+C2FaE4iuRYxlHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIyp7/B5dvfFC8hewKBOmR3JYycBMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvaktudjhIbDI5OFVMeUY3QW9FNlpIY2xqSndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+8+AwQB
uYrqMA0GCSqGSIb3DQEBCwUAA4IBAQApCUBL+ypT2T+FEVEVJTxYuvgo++NAy+7+
1oGFTGHixY4/+ks/HhdoK0vcYZHVgUeffLVnL/mKniRQ7FOYIaTEb5rt31YraRG5
HQkP1yjOwxT6GX5BIw1/i7Gubyw18GrblbbLZhS4wfS79krtAPB22zvdkZ1Nb8TT
eFAzVvvYuehcx9n05aaYXwgCUhQVObGIxZQ4f0NP1tCLvk0xWSVFdW0Lv/CQdS4Y
sKvvO0XBMjc+AA0vo4BMfLOpho8TOaQK0Eo8R7GvQomEyXzleCw00SxewvXJ+cQ6
AbWE8ndG40D2XRl0pGAhD2D71vlwkRAf/HBZp5jF9GHmByuDYdK+
-----END CERTIFICATE-----