Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/CJMQtEYFaJCIAob5YTIM33reer0.roa
File:                     CJMQtEYFaJCIAob5YTIM33reer0.roa (raw, json)
Hash identifier:          2fmW/5EjPlZQDHVPyDvXpi5tn/bBcbJ02R3RN2NWWE8=
Subject key identifier:   08:93:10:B4:46:05:68:90:88:02:86:F9:61:32:0C:DF:7A:DE:7A:BD
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       019D3151CCCCE5F3FBD629A9E1E0D29738B1
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/CJMQtEYFaJCIAob5YTIM33reer0.roa
Signing time:             Fri 27 Mar 2026 22:02:17 +0000
ROA not before:           Fri 27 Mar 2026 22:02:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62013
IP address blocks:        80.245.87.0/24 maxlen: 24
                          149.3.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:31:51:cc:cc:e5:f3:fb:d6:29:a9:e1:e0:d2:97:38:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Mar 27 22:02:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=089310b446056890880286f961320cdf7ade7abd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:58:e9:32:b0:f3:ce:96:e6:c7:c8:11:92:24:
                    f4:f6:33:4d:69:01:6b:5a:fe:9e:2e:64:aa:77:43:
                    36:ef:2f:98:b8:76:e2:c9:56:2b:49:2d:b1:a8:ae:
                    7b:53:fb:eb:bb:80:d9:08:93:af:1e:64:a1:59:c1:
                    2b:8e:ae:d5:01:7b:96:66:8d:bb:f7:51:00:d8:62:
                    49:67:f9:c7:59:a3:8d:8d:1d:85:99:3a:b8:6b:8f:
                    0f:b4:bb:5d:c1:78:78:da:44:7c:46:9f:0f:e4:52:
                    d4:bf:41:d2:33:9a:a9:ff:60:d0:e8:0c:b9:fc:02:
                    fb:1a:fc:9a:60:aa:a8:9e:86:3b:3b:20:64:65:b8:
                    39:57:e2:2a:0a:d9:e1:2d:df:b5:a2:d3:ae:72:44:
                    93:cb:a4:60:b8:d2:c3:f1:d5:7a:c9:ad:c5:9b:d8:
                    66:de:ce:4b:03:3e:27:fc:b5:f7:e9:0c:66:fe:91:
                    f7:7d:8b:22:b3:ab:54:49:ad:96:66:f1:44:4b:f2:
                    81:1e:82:82:7f:7d:44:75:5f:60:47:b9:18:f2:fe:
                    f7:4f:b9:95:3d:ec:55:c4:6a:c4:67:1a:12:b2:0c:
                    55:d7:33:84:a7:fb:d6:79:46:ec:c1:7a:b8:90:6b:
                    7a:18:b9:a9:1f:f7:ae:2b:5f:4b:bd:80:39:6a:b6:
                    b7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:93:10:B4:46:05:68:90:88:02:86:F9:61:32:0C:DF:7A:DE:7A:BD
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/CJMQtEYFaJCIAob5YTIM33reer0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.87.0/24
                  149.3.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:47:cc:af:70:27:ea:7e:da:b1:86:ae:91:6f:b6:8a:62:55:
         e9:b6:d3:84:a6:ab:8e:ad:ba:ea:3b:43:7f:e5:2a:d9:31:ac:
         e4:22:9b:a9:00:df:a2:70:2f:f7:55:89:28:09:7b:2d:64:6a:
         19:d9:1e:9b:1e:e9:e4:13:e1:6f:11:a9:9f:3f:ec:5a:a9:62:
         5c:3b:ad:0e:36:03:b6:96:70:52:55:26:33:3e:56:8f:25:17:
         4b:fc:cb:7a:45:f4:47:ae:1b:2e:9d:1d:f9:39:b5:23:04:24:
         44:5a:9b:0c:8b:e7:c2:ea:17:09:60:cf:82:28:5a:a6:02:bc:
         dd:a6:91:d7:e2:72:eb:31:e4:47:30:b1:ae:b0:b6:63:7c:e7:
         6b:26:c2:37:03:07:8b:4b:2a:70:79:4c:c7:8f:28:b7:27:d6:
         69:5f:94:43:c5:66:a9:39:a3:2c:5a:10:d2:28:75:eb:33:8e:
         6f:9a:27:69:03:03:eb:21:c3:a2:d2:6d:2a:bd:52:29:69:4f:
         97:4d:2c:ac:de:d5:c0:8e:74:98:1b:25:34:4f:fa:95:f6:28:
         08:1f:05:01:56:28:e1:52:64:08:6c:30:97:9f:0e:a9:04:86:
         87:a5:07:08:ca:31:2a:eb:b7:09:97:1c:3a:86:5c:29:9e:58:
         db:9c:9f:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0xUczM5fP71imp4eDSlzixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjYwMzI3MjIwMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODkzMTBiNDQ2MDU2ODkwODgwMjg2Zjk2MTMyMGNkZjdhZGU3YWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1jpMrDzzpbmx8gRkiT09jNNaQFr
Wv6eLmSqd0M27y+YuHbiyVYrSS2xqK57U/vru4DZCJOvHmShWcErjq7VAXuWZo27
91EA2GJJZ/nHWaONjR2FmTq4a48PtLtdwXh42kR8Rp8P5FLUv0HSM5qp/2DQ6Ay5
/AL7GvyaYKqonoY7OyBkZbg5V+IqCtnhLd+1otOuckSTy6RguNLD8dV6ya3Fm9hm
3s5LAz4n/LX36Qxm/pH3fYsis6tUSa2WZvFES/KBHoKCf31EdV9gR7kY8v73T7mV
PexVxGrEZxoSsgxV1zOEp/vWeUbswXq4kGt6GLmpH/euK19LvYA5ara3awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAiTELRGBWiQiAKG+WEyDN963nq9MB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEvQ0pNUXRFWUZhSkNJQW9iNVlUSU0zM3JlZXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPVXAwQA
lQO4MA0GCSqGSIb3DQEBCwUAA4IBAQBwR8yvcCfqftqxhq6Rb7aKYlXpttOEpquO
rbrqO0N/5SrZMazkIpupAN+icC/3VYkoCXstZGoZ2R6bHunkE+FvEamfP+xaqWJc
O60ONgO2lnBSVSYzPlaPJRdL/Mt6RfRHrhsunR35ObUjBCREWpsMi+fC6hcJYM+C
KFqmArzdppHX4nLrMeRHMLGusLZjfOdrJsI3AweLSypweUzHjyi3J9ZpX5RDxWap
OaMsWhDSKHXrM45vmidpAwPrIcOi0m0qvVIpaU+XTSys3tXAjnSYGyU0T/qV9igI
HwUBVijhUmQIbDCXnw6pBIaHpQcIyjEq67cJlxw6hlwpnljbnJ+h
-----END CERTIFICATE-----