Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/JjJL9CLuJEBOIckms7eQRal0dlM.roa
File:                     JjJL9CLuJEBOIckms7eQRal0dlM.roa (raw, json)
Hash identifier:          8NACh9U+23n1UQ9SFNueqK87W0nyrWi7z0FA2prmkEE=
Subject key identifier:   26:32:4B:F4:22:EE:24:40:4E:21:C9:26:B3:B7:90:45:A9:74:76:53
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E83B2666FD539ACBE11AB4116A4BB782F
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/JjJL9CLuJEBOIckms7eQRal0dlM.roa
Signing time:             Mon 01 Jun 2026 14:59:27 +0000
ROA not before:           Mon 01 Jun 2026 14:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153057
IP address blocks:        216.236.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:b2:66:6f:d5:39:ac:be:11:ab:41:16:a4:bb:78:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Jun  1 14:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26324bf422ee24404e21c926b3b79045a9747653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:65:6c:4f:a3:bc:50:92:3d:37:11:08:43:61:
                    eb:43:57:1d:30:18:e7:6a:57:af:51:9a:bd:69:3a:
                    c2:2f:f3:39:a8:08:98:85:08:df:c7:a8:a5:c4:fa:
                    ac:97:b9:37:68:d9:6a:fe:40:3a:26:f3:37:31:bb:
                    cf:51:f0:aa:e6:c4:6d:04:35:bf:7f:82:1f:80:09:
                    64:57:58:5c:b6:54:64:9c:03:79:cd:0c:62:5c:2f:
                    e3:8d:3f:db:9d:9b:e6:82:1c:ce:cd:39:30:5d:2f:
                    30:2f:f6:30:52:e4:c3:31:ff:2e:5c:8c:ae:a3:e9:
                    5a:de:18:88:13:02:2a:24:11:4e:84:d6:ce:f7:a1:
                    81:2c:cf:21:58:73:79:fc:0c:d7:60:1c:84:ab:e4:
                    3e:8a:98:e4:bd:a8:71:41:dd:66:af:21:57:d7:4e:
                    36:dc:39:56:6e:c1:96:f7:58:71:a9:69:48:2c:c9:
                    cb:af:14:48:42:5d:2e:70:53:ac:52:5d:79:0e:62:
                    87:4f:ce:7e:06:05:df:d3:71:18:4a:17:b7:06:4b:
                    fe:c7:84:b5:ed:f0:5a:2d:f5:a3:1f:43:c0:35:c3:
                    f4:41:5f:fd:9d:07:7e:48:f5:3d:96:06:ca:61:3b:
                    50:6a:ea:11:2d:bd:66:e7:fb:b9:10:87:a4:b0:a8:
                    ec:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:32:4B:F4:22:EE:24:40:4E:21:C9:26:B3:B7:90:45:A9:74:76:53
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/JjJL9CLuJEBOIckms7eQRal0dlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:87:b0:15:93:33:20:f0:5f:44:1c:44:88:74:81:a2:4e:95:
         e9:6d:44:7c:e7:40:4a:d3:cf:fa:f5:74:3e:17:2e:75:f2:c1:
         02:a8:5b:b2:3e:20:ff:38:63:bb:ad:d8:b9:95:55:55:8d:a1:
         50:54:b2:03:4f:76:30:4f:6a:43:95:16:9e:6f:51:05:4e:21:
         bf:95:52:59:22:4a:43:c9:7a:da:1d:99:d6:f2:5b:4d:dc:df:
         01:93:34:8d:a9:7f:ca:43:b0:84:8d:9c:c6:71:bc:dd:28:07:
         9b:b0:d1:f8:d6:fb:0c:7e:78:b7:b7:1c:7a:2a:98:68:c9:5f:
         ee:c5:c1:1a:ec:8c:17:73:f4:bb:7e:d5:6d:7a:50:f3:af:b6:
         4d:54:35:ee:03:cb:0b:fb:2b:27:1d:0f:c8:5f:65:bc:5a:5d:
         18:53:cf:e9:0b:76:85:21:49:92:d4:19:0f:2f:1f:c8:4c:90:
         79:ae:0e:e2:68:40:fc:a5:14:bc:5e:c7:17:74:8b:c1:d2:34:
         5a:4a:02:30:6b:19:cf:90:ca:28:a4:57:25:3b:a8:d2:b7:80:
         5a:12:3d:ee:48:94:05:98:0d:49:40:a6:13:aa:75:02:4b:36:
         06:d3:07:4d:28:a8:d7:1d:0f:ca:b6:1c:5d:e4:7a:e8:4c:ef:
         5a:4a:0a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DsmZv1TmsvhGrQRaku3gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNjAxMTQ1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjMyNGJmNDIyZWUyNDQwNGUyMWM5MjZiM2I3OTA0NWE5NzQ3NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGVsT6O8UJI9NxEIQ2HrQ1cdMBjn
alevUZq9aTrCL/M5qAiYhQjfx6ilxPqsl7k3aNlq/kA6JvM3MbvPUfCq5sRtBDW/
f4IfgAlkV1hctlRknAN5zQxiXC/jjT/bnZvmghzOzTkwXS8wL/YwUuTDMf8uXIyu
o+la3hiIEwIqJBFOhNbO96GBLM8hWHN5/AzXYByEq+Q+ipjkvahxQd1mryFX1042
3DlWbsGW91hxqWlILMnLrxRIQl0ucFOsUl15DmKHT85+BgXf03EYShe3Bkv+x4S1
7fBaLfWjH0PANcP0QV/9nQd+SPU9lgbKYTtQauoRLb1m5/u5EIeksKjsmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYyS/Qi7iRATiHJJrO3kEWpdHZTMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvSmpKTDlDTHVKRUJPSWNrbXM3ZVFSYWwwZGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2OwxMA0G
CSqGSIb3DQEBCwUAA4IBAQCkh7AVkzMg8F9EHESIdIGiTpXpbUR850BK08/69XQ+
Fy518sECqFuyPiD/OGO7rdi5lVVVjaFQVLIDT3YwT2pDlRaeb1EFTiG/lVJZIkpD
yXraHZnW8ltN3N8BkzSNqX/KQ7CEjZzGcbzdKAebsNH41vsMfni3txx6KphoyV/u
xcEa7IwXc/S7ftVtelDzr7ZNVDXuA8sL+ysnHQ/IX2W8Wl0YU8/pC3aFIUmS1BkP
Lx/ITJB5rg7iaED8pRS8XscXdIvB0jRaSgIwaxnPkMoopFclO6jSt4BaEj3uSJQF
mA1JQKYTqnUCSzYG0wdNKKjXHQ/Kthxd5HroTO9aSgr5
-----END CERTIFICATE-----