Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/JUD9yOHaQFQ0Q0_9TV9fL7uc8q4.roa
File:                     JUD9yOHaQFQ0Q0_9TV9fL7uc8q4.roa (raw, json)
Hash identifier:          Gc0jgQs3m11GfieY6mBra8XPOr5T01nB72wQzRqXOHY=
Subject key identifier:   25:40:FD:C8:E1:DA:40:54:34:43:4F:FD:4D:5F:5F:2F:BB:9C:F2:AE
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019EB7615DA6DCBCE15132A3DDFDCF6134F6
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/JUD9yOHaQFQ0Q0_9TV9fL7uc8q4.roa
Signing time:             Thu 11 Jun 2026 15:51:11 +0000
ROA not before:           Thu 11 Jun 2026 15:51:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219454
IP address blocks:        89.126.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b7:61:5d:a6:dc:bc:e1:51:32:a3:dd:fd:cf:61:34:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Jun 11 15:51:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2540fdc8e1da405434434ffd4d5f5f2fbb9cf2ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1d:46:cf:ad:7a:9f:89:13:6e:2c:9a:98:f2:
                    8a:22:58:2d:c8:5b:fa:04:f6:44:22:00:25:14:71:
                    c1:0e:ac:63:d5:17:15:e7:d4:15:13:e7:d2:0a:4b:
                    e5:3c:0b:4f:48:3f:de:92:8b:de:c7:a0:89:aa:4c:
                    65:ca:ad:fb:4a:3f:cc:41:d2:7c:13:ea:dd:6e:25:
                    b4:21:27:c2:6d:90:a7:19:20:8e:9b:f5:ad:d7:79:
                    5a:aa:4d:5c:c4:11:17:45:16:c6:78:17:cd:93:b6:
                    d4:89:4e:24:03:65:02:6f:bd:46:6d:0e:95:21:05:
                    75:11:ab:ad:f6:4d:9d:cc:aa:01:0f:d0:2c:63:2f:
                    5d:3a:ae:1a:eb:ea:19:0c:84:77:eb:59:62:18:26:
                    d1:a2:2a:f2:80:be:a0:05:c2:b0:dd:36:5e:5a:ad:
                    a0:1a:d7:df:ad:0e:e5:dd:d7:25:a4:ba:ed:ed:05:
                    bf:53:0d:83:80:f3:8e:4d:4e:3c:eb:30:a5:14:87:
                    88:04:c9:88:73:23:55:98:4a:61:06:6a:75:49:1f:
                    ec:b8:7a:54:ff:96:d7:f7:53:5e:72:79:08:36:16:
                    5d:6d:66:cd:0b:6e:dc:70:f4:63:29:82:d2:b7:d4:
                    53:dd:95:e1:49:b1:9b:a7:bd:3f:36:29:8d:f2:e7:
                    cd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:40:FD:C8:E1:DA:40:54:34:43:4F:FD:4D:5F:5F:2F:BB:9C:F2:AE
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/JUD9yOHaQFQ0Q0_9TV9fL7uc8q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:0d:20:29:ef:cf:63:99:98:dd:75:3a:47:55:41:5c:d7:cb:
         1b:3b:a7:88:3f:c0:3a:5e:86:c2:37:cd:88:8e:05:98:5e:b3:
         b3:f5:77:21:19:45:6b:d7:b5:23:35:28:30:1a:c0:5b:72:c2:
         72:c6:2f:68:0e:a8:c3:ae:47:4b:c7:5f:b5:93:eb:ba:a8:a6:
         22:e1:77:0d:b5:78:b3:a8:4f:27:ec:37:0b:c5:a0:88:e8:2e:
         9a:08:7b:97:eb:50:da:25:5d:4b:20:63:f3:5e:69:19:01:0f:
         99:65:51:09:4b:3f:05:0d:7a:9f:fb:23:0e:4d:7c:25:4c:c2:
         96:04:4c:2b:9a:49:9f:a2:9b:65:07:bc:11:ad:56:47:35:41:
         99:38:9f:7f:34:3e:80:83:69:78:9d:ac:2f:c1:ec:b0:62:a9:
         cb:ac:3c:9e:73:08:b0:a3:db:4c:55:01:f4:98:2f:ae:15:e9:
         6f:be:ef:b3:2a:71:60:96:f7:55:47:8b:d0:88:e6:9d:e7:7f:
         31:9d:2b:b0:b9:d9:01:bb:c0:be:3b:02:55:27:08:e0:43:cb:
         bd:14:d2:c3:bd:6b:32:01:0c:7c:fe:c6:04:42:0f:7c:07:61:
         c9:e4:c5:20:bd:0f:5b:0b:7a:04:78:da:7d:91:44:d7:55:66:
         a2:27:f5:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ63YV2m3LzhUTKj3f3PYTT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNjExMTU1MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTQwZmRjOGUxZGE0MDU0MzQ0MzRmZmQ0ZDVmNWYyZmJiOWNmMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApx1Gz616n4kTbiyamPKKIlgtyFv6
BPZEIgAlFHHBDqxj1RcV59QVE+fSCkvlPAtPSD/ekovex6CJqkxlyq37Sj/MQdJ8
E+rdbiW0ISfCbZCnGSCOm/Wt13laqk1cxBEXRRbGeBfNk7bUiU4kA2UCb71GbQ6V
IQV1Eaut9k2dzKoBD9AsYy9dOq4a6+oZDIR361liGCbRoirygL6gBcKw3TZeWq2g
GtffrQ7l3dclpLrt7QW/Uw2DgPOOTU486zClFIeIBMmIcyNVmEphBmp1SR/suHpU
/5bX91NecnkINhZdbWbNC27ccPRjKYLSt9RT3ZXhSbGbp70/NimN8ufN+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVA/cjh2kBUNENP/U1fXy+7nPKuMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvSlVEOXlPSGFRRlEwUTBfOVRWOWZMN3VjOHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7hMA0G
CSqGSIb3DQEBCwUAA4IBAQCeDSAp789jmZjddTpHVUFc18sbO6eIP8A6XobCN82I
jgWYXrOz9XchGUVr17UjNSgwGsBbcsJyxi9oDqjDrkdLx1+1k+u6qKYi4XcNtXiz
qE8n7DcLxaCI6C6aCHuX61DaJV1LIGPzXmkZAQ+ZZVEJSz8FDXqf+yMOTXwlTMKW
BEwrmkmfoptlB7wRrVZHNUGZOJ9/ND6Ag2l4nawvweywYqnLrDyecwiwo9tMVQH0
mC+uFelvvu+zKnFglvdVR4vQiOad538xnSuwudkBu8C+OwJVJwjgQ8u9FNLDvWsy
AQx8/sYEQg98B2HJ5MUgvQ9bC3oEeNp9kUTXVWaiJ/XL
-----END CERTIFICATE-----