Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JaBSjKwV7UXPgQbMikBlTw6M4sA.roa
File:                     JaBSjKwV7UXPgQbMikBlTw6M4sA.roa (raw, json)
Hash identifier:          AE8MGP/Dwl4buukHungalBv2zPiBRvJweSuzxgQZuC8=
Subject key identifier:   25:A0:52:8C:AC:15:ED:45:CF:81:06:CC:8A:40:65:4F:0E:8C:E2:C0
Certificate issuer:       /CN=2601bb6918bdcc91a41428901eb98ced970f3eee
Certificate serial:       019EA763EC969C9F0276A0738551B8F6CC30
Authority key identifier: 26:01:BB:69:18:BD:CC:91:A4:14:28:90:1E:B9:8C:ED:97:0F:3E:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JaBSjKwV7UXPgQbMikBlTw6M4sA.roa
Signing time:             Mon 08 Jun 2026 13:20:04 +0000
ROA not before:           Mon 08 Jun 2026 13:20:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        5.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:63:ec:96:9c:9f:02:76:a0:73:85:51:b8:f6:cc:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2601bb6918bdcc91a41428901eb98ced970f3eee
        Validity
            Not Before: Jun  8 13:20:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25a0528cac15ed45cf8106cc8a40654f0e8ce2c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b1:70:9b:ab:49:7c:7a:61:b0:e3:6e:77:7d:
                    b4:6e:8b:a3:48:1a:64:52:cc:86:29:07:d0:55:a3:
                    d6:54:e8:3c:3b:e9:9b:af:23:bb:a8:79:93:6a:d9:
                    e0:3b:44:25:d4:9c:7c:8e:9a:b8:14:d2:7c:9e:57:
                    fe:a9:b7:58:ed:69:98:e9:85:45:fb:71:b3:de:7a:
                    f0:69:5c:70:c0:a7:07:8a:02:1f:16:c8:a0:90:29:
                    1f:db:de:f4:7e:b5:42:6b:76:fe:42:d1:ea:b9:d7:
                    12:04:ac:1f:e3:23:97:af:88:24:f6:2a:18:60:8c:
                    a5:dd:68:34:0b:34:01:72:d6:b4:a3:72:95:2a:ba:
                    95:49:93:51:ae:69:ff:00:59:6a:c1:0b:67:fd:24:
                    de:1d:bc:78:b5:06:53:e9:63:97:ac:7c:0e:21:9f:
                    9d:a2:d4:7c:7d:77:78:93:9b:28:95:4a:bb:d0:a9:
                    6f:cf:16:a8:d1:d3:06:26:0d:b8:9f:ca:a7:14:d9:
                    2f:aa:5c:cc:41:d0:d0:71:e2:4a:0b:81:19:4b:8b:
                    93:75:af:ec:d1:9f:eb:1d:a5:27:4b:62:16:1e:76:
                    98:e1:9c:f7:6c:51:b0:6e:d2:fa:1c:48:a2:08:6b:
                    2a:08:6d:70:c8:89:14:bf:e1:77:d0:d8:bb:ad:94:
                    e4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A0:52:8C:AC:15:ED:45:CF:81:06:CC:8A:40:65:4F:0E:8C:E2:C0
            X509v3 Authority Key Identifier:
                keyid:26:01:BB:69:18:BD:CC:91:A4:14:28:90:1E:B9:8C:ED:97:0F:3E:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JaBSjKwV7UXPgQbMikBlTw6M4sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48bc8f-106b-44a9-a558-dfa6710247aa/1/JgG7aRi9zJGkFCiQHrmM7ZcPPu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:63:77:44:d1:71:7d:13:c0:98:91:57:36:f2:63:75:2a:41:
         be:20:16:33:a0:af:8a:cd:a7:fa:d9:8a:66:11:1e:7c:9c:d9:
         1c:2a:2d:e0:e5:2c:4a:27:31:45:94:ce:0b:1a:43:bf:26:a3:
         8b:9c:d2:27:2c:a4:b0:33:bd:35:7e:84:a4:28:4c:ac:68:18:
         17:ed:e4:a7:36:c1:98:8b:50:f8:2f:16:a6:f2:e1:5e:f6:d0:
         55:84:ff:2c:ed:b2:f4:9f:ee:9b:50:46:3b:0b:85:eb:cb:15:
         20:5e:27:65:0c:5d:02:36:34:17:e8:cd:f2:95:43:f0:b9:d1:
         3d:71:38:49:91:02:20:ba:7d:60:2c:ff:ac:0c:21:ce:33:e8:
         65:87:a8:a9:fc:2f:e7:98:d1:dd:c2:c7:b5:2f:03:6c:5e:9e:
         0b:21:cb:62:0a:c0:7e:2a:40:c2:fc:55:49:eb:c8:82:6c:55:
         89:4a:d6:d0:fd:29:56:ea:72:fa:d4:db:1d:02:1f:23:5d:0d:
         03:3d:07:91:11:df:8f:db:ea:b6:21:fb:e4:c3:2c:ef:53:7d:
         07:76:62:0e:05:a5:47:d8:28:cf:3d:ef:80:e7:71:95:b3:69:
         e0:bb:71:ce:d9:ab:cb:ac:c1:0a:a6:16:d6:fd:dd:42:dc:24:
         1f:98:93:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6nY+yWnJ8CdqBzhVG49swwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MDFiYjY5MThiZGNjOTFhNDE0Mjg5MDFlYjk4Y2VkOTcw
ZjNlZWUwHhcNMjYwNjA4MTMyMDA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWEwNTI4Y2FjMTVlZDQ1Y2Y4MTA2Y2M4YTQwNjU0ZjBlOGNlMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7Fwm6tJfHphsONud320boujSBpk
UsyGKQfQVaPWVOg8O+mbryO7qHmTatngO0Ql1Jx8jpq4FNJ8nlf+qbdY7WmY6YVF
+3Gz3nrwaVxwwKcHigIfFsigkCkf2970frVCa3b+QtHqudcSBKwf4yOXr4gk9ioY
YIyl3Wg0CzQBcta0o3KVKrqVSZNRrmn/AFlqwQtn/STeHbx4tQZT6WOXrHwOIZ+d
otR8fXd4k5solUq70Klvzxao0dMGJg24n8qnFNkvqlzMQdDQceJKC4EZS4uTda/s
0Z/rHaUnS2IWHnaY4Zz3bFGwbtL6HEiiCGsqCG1wyIkUv+F30Ni7rZTk4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWgUoysFe1Fz4EGzIpAZU8OjOLAMB8GA1UdIwQY
MBaAFCYBu2kYvcyRpBQokB65jO2XDz7uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdHN2FSaTl6SkdrRkNpUUhybU03WmNQUHU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80OGJjOGYtMTA2Yi00NGE5LWE1NTgt
ZGZhNjcxMDI0N2FhLzEvSmFCU2pLd1Y3VVhQZ1FiTWlrQmxUdzZNNHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80OGJjOGYtMTA2Yi00NGE5LWE1NTgtZGZhNjcxMDI0N2Fh
LzEvSmdHN2FSaTl6SkdrRkNpUUhybU03WmNQUHU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQCPY3dE0XF9E8CYkVc28mN1KkG+IBYzoK+Kzaf62Ypm
ER58nNkcKi3g5SxKJzFFlM4LGkO/JqOLnNInLKSwM701foSkKEysaBgX7eSnNsGY
i1D4Lxam8uFe9tBVhP8s7bL0n+6bUEY7C4XryxUgXidlDF0CNjQX6M3ylUPwudE9
cThJkQIgun1gLP+sDCHOM+hlh6ip/C/nmNHdwse1LwNsXp4LIctiCsB+KkDC/FVJ
68iCbFWJStbQ/SlW6nL61NsdAh8jXQ0DPQeREd+P2+q2IfvkwyzvU30HdmIOBaVH
2CjPPe+A53GVs2ngu3HO2avLrMEKphbW/d1C3CQfmJMs
-----END CERTIFICATE-----