Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/jPk_ETVXQYD8EgjMbvt6slsHwcU.roa
File:                     jPk_ETVXQYD8EgjMbvt6slsHwcU.roa (raw, json)
Hash identifier:          qCPgnU62uZHSoyHV8fMk0D6+40SXzkgBZK4EIkXKL38=
Subject key identifier:   8C:F9:3F:11:35:57:41:80:FC:12:08:CC:6E:FB:7A:B2:5B:07:C1:C5
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019E4EC86711F5145D1160B04E17BAD37408
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/jPk_ETVXQYD8EgjMbvt6slsHwcU.roa
Signing time:             Fri 22 May 2026 08:23:36 +0000
ROA not before:           Fri 22 May 2026 08:23:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402310
IP address blocks:        216.236.8.0/21 maxlen: 21
                          216.236.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:c8:67:11:f5:14:5d:11:60:b0:4e:17:ba:d3:74:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: May 22 08:23:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8cf93f1135574180fc1208cc6efb7ab25b07c1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6b:67:fa:c0:26:a5:ec:e2:ef:9a:f9:d8:8c:
                    55:42:19:3c:59:66:c9:01:77:0f:11:31:b4:ac:36:
                    2b:cf:13:93:f1:c8:b0:99:a2:d4:95:0b:ad:29:41:
                    79:3c:e2:af:8b:59:c2:f0:f6:16:d2:e5:8d:81:49:
                    6e:0c:a6:99:61:22:76:40:b4:7a:29:e5:27:35:74:
                    b5:cf:e8:25:8c:ee:f6:dd:0c:1c:27:1d:93:c5:f8:
                    96:34:19:07:cb:03:cb:ca:70:88:bf:57:ef:0f:73:
                    40:e8:42:3f:6d:c1:0b:54:ad:3f:c6:08:d7:38:59:
                    97:7a:4b:29:d1:a7:c7:0e:6b:a8:ef:c3:4b:e2:42:
                    37:f7:1d:7c:34:13:09:9c:36:82:a1:a9:74:ae:16:
                    1c:09:74:f0:cd:07:f5:0e:0e:cf:6f:bc:35:09:f6:
                    ab:be:c7:be:38:c1:94:8d:98:17:02:23:04:f5:64:
                    0b:cc:88:e5:6f:63:fb:fb:35:99:2b:43:84:1e:18:
                    38:36:3f:1b:80:79:be:75:c0:7d:df:8d:f2:37:c0:
                    97:7e:39:2d:22:05:c1:68:48:a4:c3:61:ac:ed:8e:
                    ba:cb:d4:31:f4:81:6d:cc:2d:e4:53:34:d8:a2:cb:
                    f1:fd:79:a8:87:63:4a:47:b7:a5:f8:96:20:c8:2f:
                    91:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:F9:3F:11:35:57:41:80:FC:12:08:CC:6E:FB:7A:B2:5B:07:C1:C5
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/jPk_ETVXQYD8EgjMbvt6slsHwcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.8.0-216.236.23.255

    Signature Algorithm: sha256WithRSAEncryption
         a9:f3:7f:0a:89:57:71:e2:96:57:52:63:b2:2f:dc:08:c2:de:
         f0:b9:63:69:d9:4a:78:2e:0d:0a:f3:82:8c:5e:c5:c4:18:ae:
         4f:ad:bc:72:6e:34:98:f6:69:e9:e2:e0:ce:c5:fb:cc:55:2d:
         16:a1:48:40:d6:b2:56:aa:c3:37:bf:6c:c7:c7:71:08:36:08:
         84:e6:b1:07:30:cf:a5:7b:d5:72:cc:c1:a9:6d:ef:b7:34:3c:
         95:8e:11:02:a6:c5:29:16:70:26:dd:78:95:af:1a:ae:51:b4:
         c4:df:40:33:8d:7f:a1:3f:6d:64:34:27:1f:31:2d:b2:cb:33:
         fd:26:56:d0:c8:b4:2c:a5:3f:bd:57:1c:29:c9:a4:0f:aa:5b:
         ef:bc:34:98:ca:d7:39:3d:0f:f4:55:16:50:0c:4a:16:18:d6:
         20:ed:cf:a3:7e:6c:42:28:99:8e:d8:63:2b:ff:af:71:d7:0a:
         61:6e:f5:76:5e:a0:b8:b6:59:1a:f2:1a:a2:55:06:af:22:ca:
         bd:6a:0b:01:36:84:b7:0e:08:0b:fd:50:ba:7f:34:94:d5:c9:
         5e:f9:ad:dd:66:89:bf:13:22:39:49:7d:ac:cb:36:47:ff:6b:
         ef:52:fb:fc:49:b3:01:42:86:fe:04:ec:87:60:53:43:69:15:
         95:c6:2f:49
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5OyGcR9RRdEWCwThe603QIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNTIyMDgyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Y5M2YxMTM1NTc0MTgwZmMxMjA4Y2M2ZWZiN2FiMjViMDdjMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGtn+sAmpezi75r52IxVQhk8WWbJ
AXcPETG0rDYrzxOT8ciwmaLUlQutKUF5POKvi1nC8PYW0uWNgUluDKaZYSJ2QLR6
KeUnNXS1z+gljO723QwcJx2TxfiWNBkHywPLynCIv1fvD3NA6EI/bcELVK0/xgjX
OFmXeksp0afHDmuo78NL4kI39x18NBMJnDaCoal0rhYcCXTwzQf1Dg7Pb7w1Cfar
vse+OMGUjZgXAiME9WQLzIjlb2P7+zWZK0OEHhg4Nj8bgHm+dcB9343yN8CXfjkt
IgXBaEikw2Gs7Y66y9Qx9IFtzC3kUzTYosvx/Xmoh2NKR7el+JYgyC+RRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIz5PxE1V0GA/BIIzG77erJbB8HFMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvalBrX0VUVlhRWUQ4RWdqTWJ2dDZzbHNId2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPY7AgD
BAPY7BAwDQYJKoZIhvcNAQELBQADggEBAKnzfwqJV3HilldSY7Iv3AjC3vC5Y2nZ
SnguDQrzgoxexcQYrk+tvHJuNJj2aeni4M7F+8xVLRahSEDWslaqwze/bMfHcQg2
CITmsQcwz6V71XLMwalt77c0PJWOEQKmxSkWcCbdeJWvGq5RtMTfQDONf6E/bWQ0
Jx8xLbLLM/0mVtDItCylP71XHCnJpA+qW++8NJjK1zk9D/RVFlAMShYY1iDtz6N+
bEIomY7YYyv/r3HXCmFu9XZeoLi2WRryGqJVBq8iyr1qCwE2hLcOCAv9ULp/NJTV
yV75rd1mib8TIjlJfazLNkf/a+9S+/xJswFChv4E7IdgU0NpFZXGL0k=
-----END CERTIFICATE-----