Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/jpsyNsf-hgaPqcLaZT9XeWQeekw.roa
File:                     jpsyNsf-hgaPqcLaZT9XeWQeekw.roa (raw, json)
Hash identifier:          oWBHc9xTSDGRYCLMLgaaAweH75hBkZYjrL/4obN+sio=
Subject key identifier:   8E:9B:32:36:C7:FE:86:06:8F:A9:C2:DA:65:3F:57:79:64:1E:7A:4C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019EDF094AE45F729938891AF1B2357B8C73
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/jpsyNsf-hgaPqcLaZT9XeWQeekw.roa
Signing time:             Fri 19 Jun 2026 08:39:48 +0000
ROA not before:           Fri 19 Jun 2026 08:39:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.253.0/24 maxlen: 24
                          85.208.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:df:09:4a:e4:5f:72:99:38:89:1a:f1:b2:35:7b:8c:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun 19 08:39:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e9b3236c7fe86068fa9c2da653f5779641e7a4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:18:db:49:fb:57:b0:f8:33:6e:88:3e:a2:b4:
                    42:5b:10:a9:10:cb:7e:3f:7d:2f:bb:54:79:bc:f5:
                    6e:92:a7:93:9b:65:04:34:5f:69:ab:d5:02:18:9b:
                    8a:95:7a:57:0b:75:9e:44:75:36:05:49:07:7b:0e:
                    3c:db:23:b2:2c:3d:8a:99:e0:a1:dc:c5:54:d3:35:
                    d1:be:94:31:49:f6:fb:52:51:b7:77:cb:ca:b0:dd:
                    fd:22:0c:ef:71:f8:e4:12:e3:b3:37:3b:df:f9:3b:
                    d3:8c:6f:df:93:f3:28:be:ab:7e:ad:60:71:fa:79:
                    ef:39:15:fc:33:7d:dd:f1:4a:fc:fd:50:2c:c3:1d:
                    6f:e2:64:3e:30:4b:19:c2:6e:8d:ea:5a:07:3a:2c:
                    2b:cf:b4:1e:51:69:10:35:ac:41:94:be:43:e5:1a:
                    84:c5:ee:50:32:ee:24:9b:fb:b1:0a:86:09:f9:ab:
                    ea:9c:15:e2:1c:9c:65:cb:04:ac:13:18:e0:03:6c:
                    2a:73:9a:cc:06:af:86:f4:54:dc:b9:59:95:f8:6c:
                    6f:98:26:06:62:75:8c:5e:24:f4:3f:7a:03:97:09:
                    23:c6:c6:69:c3:d7:b5:50:35:03:76:50:12:9d:dd:
                    f8:e9:52:a8:81:a2:d1:d9:b3:33:d9:66:4b:ff:f3:
                    d2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9B:32:36:C7:FE:86:06:8F:A9:C2:DA:65:3F:57:79:64:1E:7A:4C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/jpsyNsf-hgaPqcLaZT9XeWQeekw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.253.0/24
                  85.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9c:f4:b6:80:45:b4:58:f5:62:06:8a:d5:1d:e9:7d:f0:5d:
         cc:41:1e:77:71:07:4a:65:21:73:36:40:d1:22:c0:f5:9c:05:
         b1:35:24:e9:13:f9:92:46:ed:98:a2:b6:26:d9:85:a4:5b:98:
         61:df:62:f8:10:de:9a:d2:a0:46:ca:e2:27:bf:30:69:3f:86:
         a4:30:31:3d:e3:bb:89:d8:e3:e1:b0:c0:ad:c4:b8:38:29:24:
         60:d0:8a:06:6b:56:3e:aa:d9:10:fd:77:3a:86:af:ca:ae:e8:
         15:c0:c2:57:89:4b:58:50:3f:6f:34:be:ca:37:d5:ec:6a:52:
         e7:e0:6c:4b:ab:69:55:33:6b:2f:c2:ae:6d:6a:8b:cc:26:92:
         40:79:7a:73:ae:e9:b4:8a:12:ae:9c:d1:ff:17:8e:29:90:9a:
         08:d6:3c:f7:dd:ab:6c:17:3e:03:be:60:48:a9:95:51:a9:52:
         fc:77:7e:6a:6b:10:51:95:01:6e:5a:6a:37:03:c0:2f:67:9f:
         42:91:8d:55:48:37:c9:62:01:29:cf:19:a2:93:e6:7f:b7:d7:
         fc:a9:eb:8b:70:f5:ca:26:f2:50:8b:80:69:75:8b:28:11:54:
         8a:48:e6:13:3b:ad:9c:14:38:a3:e9:33:a6:b2:06:20:4c:c0:
         5e:6a:80:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7fCUrkX3KZOIka8bI1e4xzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNjE5MDgzOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTliMzIzNmM3ZmU4NjA2OGZhOWMyZGE2NTNmNTc3OTY0MWU3YTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RjbSftXsPgzbog+orRCWxCpEMt+
P30vu1R5vPVukqeTm2UENF9pq9UCGJuKlXpXC3WeRHU2BUkHew482yOyLD2KmeCh
3MVU0zXRvpQxSfb7UlG3d8vKsN39IgzvcfjkEuOzNzvf+TvTjG/fk/Movqt+rWBx
+nnvORX8M33d8Ur8/VAswx1v4mQ+MEsZwm6N6loHOiwrz7QeUWkQNaxBlL5D5RqE
xe5QMu4km/uxCoYJ+avqnBXiHJxlywSsExjgA2wqc5rMBq+G9FTcuVmV+GxvmCYG
YnWMXiT0P3oDlwkjxsZpw9e1UDUDdlASnd346VKogaLR2bMz2WZL//PS8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI6bMjbH/oYGj6nC2mU/V3lkHnpMMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvanBzeU5zZi1oZ2FQcWNMYVpUOVhlV1FlZWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQj9AwQA
VdBpMA0GCSqGSIb3DQEBCwUAA4IBAQConPS2gEW0WPViBorVHel98F3MQR53cQdK
ZSFzNkDRIsD1nAWxNSTpE/mSRu2YorYm2YWkW5hh32L4EN6a0qBGyuInvzBpP4ak
MDE947uJ2OPhsMCtxLg4KSRg0IoGa1Y+qtkQ/Xc6hq/KrugVwMJXiUtYUD9vNL7K
N9XsalLn4GxLq2lVM2svwq5taovMJpJAeXpzrum0ihKunNH/F44pkJoI1jz33ats
Fz4DvmBIqZVRqVL8d35qaxBRlQFuWmo3A8AvZ59CkY1VSDfJYgEpzxmik+Z/t9f8
qeuLcPXKJvJQi4BpdYsoEVSKSOYTO62cFDij6TOmsgYgTMBeaoDy
-----END CERTIFICATE-----