Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/cE1ZYF9CNoKRufIDTnsTQMnkDsE.roa
File:                     cE1ZYF9CNoKRufIDTnsTQMnkDsE.roa (raw, json)
Hash identifier:          zlvQVPFaV+iVd6JKfLfvowM6oA2oW/EsRrEhCPb+96A=
Subject key identifier:   70:4D:59:60:5F:42:36:82:91:B9:F2:03:4E:7B:13:40:C9:E4:0E:C1
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       019ED3F8770692D960F506F343CBC45A0E33
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/cE1ZYF9CNoKRufIDTnsTQMnkDsE.roa
Signing time:             Wed 17 Jun 2026 05:05:36 +0000
ROA not before:           Wed 17 Jun 2026 05:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d3:f8:77:06:92:d9:60:f5:06:f3:43:cb:c4:5a:0e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Jun 17 05:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=704d59605f42368291b9f2034e7b1340c9e40ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ea:f1:85:ef:4e:77:77:8d:cb:20:5a:f2:fa:
                    0f:46:35:fc:9a:16:e2:ff:32:43:1f:39:39:9e:f3:
                    79:73:ed:be:54:81:f2:11:fc:ce:b1:71:5f:4a:df:
                    dc:f6:03:f9:d8:9b:6a:f2:12:cc:01:82:aa:72:55:
                    18:16:79:77:27:ed:f5:7c:6f:ce:19:23:e6:ff:66:
                    2d:47:d3:e1:31:7a:6c:4d:d4:a4:f7:9c:03:10:43:
                    e8:d8:26:6e:6e:63:d6:2b:d6:3a:18:ae:b4:22:80:
                    d1:d8:d7:88:db:dd:92:e9:e3:40:40:aa:0c:43:cc:
                    22:49:2b:b9:69:b9:82:62:6c:4d:3f:22:67:b2:bb:
                    be:af:56:f5:71:0b:5d:4d:0a:dc:da:6a:6a:b4:95:
                    b9:14:24:35:c4:2a:25:68:48:44:b8:b4:a0:38:62:
                    d4:92:60:94:ed:bd:a7:ed:90:cf:17:29:60:b1:f7:
                    c2:36:69:46:6b:b7:1d:92:a9:91:f5:54:6c:98:45:
                    ba:3e:a9:f7:df:22:e9:99:c7:ee:b1:9d:08:0e:5f:
                    de:42:7c:3e:15:e0:c9:2e:dd:8f:8b:b4:79:e0:b0:
                    2a:f4:23:16:60:f5:bf:96:a2:e2:f2:a7:17:a4:6e:
                    20:3e:79:20:49:ac:c0:12:87:3d:2d:f5:a2:07:49:
                    3d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4D:59:60:5F:42:36:82:91:B9:F2:03:4E:7B:13:40:C9:E4:0E:C1
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/cE1ZYF9CNoKRufIDTnsTQMnkDsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:06:8d:d6:78:85:c2:f7:42:3f:cf:ac:8b:d8:ee:2f:af:84:
         e2:b0:8d:91:2b:9e:9e:4c:93:1b:da:30:1d:2e:37:29:7d:56:
         59:8f:6c:48:3c:f1:a3:45:60:c7:6d:20:65:9c:79:27:75:af:
         21:32:f4:9f:f7:32:64:6d:19:bd:1f:3e:08:9d:99:ce:1f:0b:
         0a:39:6a:d1:62:f6:07:8c:5e:98:17:9f:f2:5c:5a:a8:d4:2f:
         63:87:4a:16:19:9e:9b:e4:be:4c:41:9b:c1:ad:68:35:9b:92:
         dc:02:f0:9d:4f:32:95:eb:86:bf:6d:d4:39:8f:88:57:b7:1f:
         5e:03:0f:56:e3:ae:0b:de:63:0f:1b:f5:32:91:29:56:7a:cd:
         e6:df:31:05:94:ec:b8:9c:98:a2:5f:17:5e:a9:dd:4c:ba:6d:
         e4:1b:65:f9:d5:08:c9:18:dd:88:5e:df:d3:06:fa:d7:fe:88:
         54:dc:e3:fe:72:08:47:d4:73:cc:c2:f6:36:e0:8c:0f:18:c8:
         92:dd:2b:52:ac:7b:17:73:7e:3f:bb:82:3a:46:ef:a6:9b:53:
         ad:8f:d5:3c:fc:fc:77:fd:bb:be:89:c4:ab:de:31:26:b8:9f:
         31:07:85:64:44:32:d0:05:d5:8c:de:94:15:b2:df:8f:ae:6e:
         55:87:a1:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7T+HcGktlg9QbzQ8vEWg4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjYwNjE3MDUwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRkNTk2MDVmNDIzNjgyOTFiOWYyMDM0ZTdiMTM0MGM5ZTQwZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+rxhe9Od3eNyyBa8voPRjX8mhbi
/zJDHzk5nvN5c+2+VIHyEfzOsXFfSt/c9gP52Jtq8hLMAYKqclUYFnl3J+31fG/O
GSPm/2YtR9PhMXpsTdSk95wDEEPo2CZubmPWK9Y6GK60IoDR2NeI292S6eNAQKoM
Q8wiSSu5abmCYmxNPyJnsru+r1b1cQtdTQrc2mpqtJW5FCQ1xColaEhEuLSgOGLU
kmCU7b2n7ZDPFylgsffCNmlGa7cdkqmR9VRsmEW6Pqn33yLpmcfusZ0IDl/eQnw+
FeDJLt2Pi7R54LAq9CMWYPW/lqLi8qcXpG4gPnkgSazAEoc9LfWiB0k9LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBNWWBfQjaCkbnyA057E0DJ5A7BMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvY0UxWllGOUNOb0tSdWZJRFRuc1RRTW5rRHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmbMA0G
CSqGSIb3DQEBCwUAA4IBAQAzBo3WeIXC90I/z6yL2O4vr4TisI2RK56eTJMb2jAd
LjcpfVZZj2xIPPGjRWDHbSBlnHknda8hMvSf9zJkbRm9Hz4InZnOHwsKOWrRYvYH
jF6YF5/yXFqo1C9jh0oWGZ6b5L5MQZvBrWg1m5LcAvCdTzKV64a/bdQ5j4hXtx9e
Aw9W464L3mMPG/UykSlWes3m3zEFlOy4nJiiXxdeqd1Mum3kG2X51QjJGN2IXt/T
BvrX/ohU3OP+cghH1HPMwvY24IwPGMiS3StSrHsXc34/u4I6Ru+mm1Otj9U8/Px3
/bu+icSr3jEmuJ8xB4VkRDLQBdWM3pQVst+Prm5Vh6F5
-----END CERTIFICATE-----