Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JUrr1OKNEmbRDtDTfwJ-ieygxFw.roa
File:                     JUrr1OKNEmbRDtDTfwJ-ieygxFw.roa (raw, json)
Hash identifier:          aGK0zCD4Tq2pNJ6YFSidTCuvYiKxhjYVhe82G/tDfYI=
Subject key identifier:   25:4A:EB:D4:E2:8D:12:66:D1:0E:D0:D3:7F:02:7E:89:EC:A0:C4:5C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019D0A857018D8C29BCA7E8CE69456D3EB94
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JUrr1OKNEmbRDtDTfwJ-ieygxFw.roa
Signing time:             Fri 20 Mar 2026 09:13:30 +0000
ROA not before:           Fri 20 Mar 2026 09:13:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209697
IP address blocks:        185.194.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 09:13:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:85:70:18:d8:c2:9b:ca:7e:8c:e6:94:56:d3:eb:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 20 09:13:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=254aebd4e28d1266d10ed0d37f027e89eca0c45c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cf:e6:fd:d1:64:51:03:63:a8:ca:f6:71:8d:
                    a7:d2:17:e3:b3:0c:ae:17:d5:f4:ea:68:5a:8c:d8:
                    36:49:d0:7e:e1:b1:9b:c5:3c:15:be:d3:71:00:62:
                    1f:8a:86:c8:b4:b0:70:a6:53:13:fd:39:80:e5:b1:
                    2a:d1:6f:e1:6c:da:51:61:2f:59:2f:58:d3:24:80:
                    98:d5:c8:5c:2a:73:ab:7e:8a:cf:38:3d:2c:3a:ca:
                    76:ce:96:f3:51:eb:be:7d:03:d6:2a:e9:4e:2d:c2:
                    69:2d:2e:bb:b2:ad:f9:a2:31:3f:d5:e6:e6:ae:22:
                    6e:ec:d3:f0:e3:45:42:21:9c:11:c9:3e:df:59:8a:
                    b4:c5:01:4b:35:30:d6:c5:0f:ef:ba:63:53:57:e6:
                    a9:d0:9c:aa:b5:81:f1:5a:ed:1b:11:ae:ba:c0:9e:
                    73:aa:2d:2e:9f:9b:89:85:f8:e3:4a:e6:3b:4f:eb:
                    32:72:88:50:c9:b5:ca:38:94:1d:67:0c:68:70:b3:
                    04:2d:c3:64:53:eb:5b:b6:d3:86:9e:61:c8:b0:87:
                    a8:61:17:26:f6:f0:26:5f:4c:95:17:26:90:b8:d0:
                    5c:8a:f9:4f:04:15:fc:be:7e:66:2c:c3:71:80:29:
                    81:07:e7:b8:38:59:93:d2:ce:86:a6:29:26:1c:d6:
                    2c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4A:EB:D4:E2:8D:12:66:D1:0E:D0:D3:7F:02:7E:89:EC:A0:C4:5C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JUrr1OKNEmbRDtDTfwJ-ieygxFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:81:8b:94:00:5c:a6:5b:7f:7a:4b:ed:7f:a4:a6:96:13:cf:
         f5:25:4c:88:b7:04:21:33:c2:d8:02:c1:97:9b:aa:f6:07:43:
         1b:2c:a6:aa:32:a9:99:27:77:e4:9a:b5:79:c3:e4:81:c9:ce:
         ff:83:6a:94:27:5c:c5:bf:18:f5:39:46:74:ac:5f:b3:65:b1:
         ef:ef:22:73:61:8d:2d:ef:a9:d3:69:5b:92:60:fb:93:a1:55:
         a3:4f:f7:43:cf:cd:10:c4:61:85:ea:0c:b2:49:b8:cb:3b:43:
         10:ea:55:e7:4f:f1:b6:e8:cd:4c:aa:11:da:dd:16:2f:f6:6d:
         03:2a:cb:6a:54:5e:04:89:38:ff:4c:bf:eb:aa:49:bc:82:3e:
         68:2d:e2:c1:42:2f:ae:f8:35:07:63:4f:09:ff:84:be:0d:17:
         4e:2c:b6:5f:c9:1d:e3:8f:91:c7:c6:2b:25:c5:e7:fc:7a:42:
         45:e1:43:6c:d1:47:da:aa:62:40:c3:67:d4:00:c9:0e:84:ba:
         f3:de:e9:9e:ef:d2:d3:9f:4b:fb:6c:f8:03:39:83:84:f0:d5:
         aa:27:82:81:26:73:82:f9:79:c1:b0:98:ce:30:53:c7:69:cd:
         8a:92:28:30:c6:5c:c7:50:a5:43:1f:8c:6e:72:02:61:7a:dc:
         e1:80:07:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0KhXAY2MKbyn6M5pRW0+uUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMzIwMDkxMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRhZWJkNGUyOGQxMjY2ZDEwZWQwZDM3ZjAyN2U4OWVjYTBjNDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8/m/dFkUQNjqMr2cY2n0hfjswyu
F9X06mhajNg2SdB+4bGbxTwVvtNxAGIfiobItLBwplMT/TmA5bEq0W/hbNpRYS9Z
L1jTJICY1chcKnOrforPOD0sOsp2zpbzUeu+fQPWKulOLcJpLS67sq35ojE/1ebm
riJu7NPw40VCIZwRyT7fWYq0xQFLNTDWxQ/vumNTV+ap0JyqtYHxWu0bEa66wJ5z
qi0un5uJhfjjSuY7T+sycohQybXKOJQdZwxocLMELcNkU+tbttOGnmHIsIeoYRcm
9vAmX0yVFyaQuNBcivlPBBX8vn5mLMNxgCmBB+e4OFmT0s6GpikmHNYsdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVK69TijRJm0Q7Q038CfonsoMRcMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSlVycjFPS05FbWJSRHREVGZ3Si1pZXlneEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIdMA0G
CSqGSIb3DQEBCwUAA4IBAQC2gYuUAFymW396S+1/pKaWE8/1JUyItwQhM8LYAsGX
m6r2B0MbLKaqMqmZJ3fkmrV5w+SByc7/g2qUJ1zFvxj1OUZ0rF+zZbHv7yJzYY0t
76nTaVuSYPuToVWjT/dDz80QxGGF6gyySbjLO0MQ6lXnT/G26M1MqhHa3RYv9m0D
KstqVF4EiTj/TL/rqkm8gj5oLeLBQi+u+DUHY08J/4S+DRdOLLZfyR3jj5HHxisl
xef8ekJF4UNs0UfaqmJAw2fUAMkOhLrz3ume79LTn0v7bPgDOYOE8NWqJ4KBJnOC
+XnBsJjOMFPHac2KkigwxlzHUKVDH4xucgJhetzhgAe0
-----END CERTIFICATE-----