Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/joTXqfiIXNRPQimqJ5_uxR1TTv0.roa
File:                     joTXqfiIXNRPQimqJ5_uxR1TTv0.roa (raw, json)
Hash identifier:          ODmYOFv4U1WDoPTI5y7Ym63XseSKoYZLHA7EPYNIdnM=
Subject key identifier:   8E:84:D7:A9:F8:88:5C:D4:4F:42:29:AA:27:9F:EE:C5:1D:53:4E:FD
Certificate issuer:       /CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
Certificate serial:       019E364D9D67A242C0DAA1A1524B4499B7EF
Authority key identifier: 8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/joTXqfiIXNRPQimqJ5_uxR1TTv0.roa
Signing time:             Sun 17 May 2026 14:18:36 +0000
ROA not before:           Sun 17 May 2026 14:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.24.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:36:4d:9d:67:a2:42:c0:da:a1:a1:52:4b:44:99:b7:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
        Validity
            Not Before: May 17 14:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e84d7a9f8885cd44f4229aa279feec51d534efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:71:77:22:57:c1:9a:38:67:d4:e0:2f:81:23:
                    38:d2:77:3a:09:f4:9e:c9:f0:f0:87:19:7f:82:93:
                    d0:82:6a:94:b3:46:90:81:ba:2f:57:a5:d7:e9:a6:
                    29:2b:ee:9c:f0:a9:ac:1e:14:16:f5:cd:99:41:5e:
                    8d:10:9d:3b:29:98:b2:bb:53:15:fd:ed:36:5f:20:
                    b2:25:9e:34:a6:85:72:65:70:14:eb:f8:7e:76:56:
                    1a:2b:f8:df:29:9c:69:c5:07:1e:e3:cb:1b:57:1d:
                    95:81:c5:c4:70:3e:43:f1:8c:14:ec:71:cd:66:af:
                    6e:3a:83:a0:02:23:29:00:79:d3:4d:af:6c:b4:e4:
                    ee:3d:fd:49:51:7c:1f:83:59:22:ac:fe:86:8d:49:
                    96:aa:a9:6e:74:14:ed:47:b8:40:e4:24:63:98:7d:
                    0e:72:af:7f:ac:cb:6b:5f:54:3b:f9:89:e4:c7:63:
                    21:cd:00:84:cd:f2:19:3e:12:f0:64:a4:0c:f4:a9:
                    e8:b2:96:36:aa:03:dc:f5:96:af:ec:c1:26:ec:ec:
                    28:fc:19:28:02:b3:63:d8:a2:93:98:cc:c2:5f:6c:
                    f4:47:a6:01:26:6f:fa:5d:de:48:52:c7:25:84:14:
                    3c:18:75:a3:da:bb:e6:63:af:b1:85:01:4b:87:b9:
                    f4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:84:D7:A9:F8:88:5C:D4:4F:42:29:AA:27:9F:EE:C5:1D:53:4E:FD
            X509v3 Authority Key Identifier:
                keyid:8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/joTXqfiIXNRPQimqJ5_uxR1TTv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4a:63:29:f2:ec:4f:de:cf:1e:d8:5d:7b:03:36:01:1d:69:
         53:03:cc:a2:06:5e:20:11:f6:c5:79:0e:63:42:ed:b6:7e:03:
         7b:e3:ee:80:df:7c:5d:42:ff:0e:fe:cd:ca:27:f8:13:6b:6f:
         09:4d:39:6e:59:5f:cf:cb:7e:91:0d:03:e8:37:af:e2:aa:98:
         0a:eb:1b:30:29:1c:75:c6:4a:3f:02:05:78:2e:86:16:98:b0:
         b0:f7:1c:8b:46:9d:a7:2f:7b:44:2a:50:4e:9e:94:17:3e:99:
         32:22:6a:88:d9:80:52:d1:af:56:68:80:4a:95:46:57:6d:aa:
         cd:7f:6b:f6:d4:dc:d6:ac:04:0a:f6:cd:e1:b3:4d:06:fc:9a:
         b8:7c:7b:a1:56:83:d7:dd:10:6b:83:fc:bc:4c:fd:42:2c:33:
         29:5d:b2:11:4d:4b:87:a4:c8:af:29:44:a6:11:2f:b5:01:0d:
         19:88:44:6e:cf:68:c0:6d:12:43:9c:1f:99:41:87:a6:c3:c2:
         7b:08:d1:0b:7a:5e:82:b0:ec:a5:7e:54:6c:59:b5:3c:de:29:
         19:15:27:9e:f3:df:4f:1b:e9:91:bb:72:b3:ba:e3:d5:79:1f:
         fe:2a:f0:48:53:e3:cc:2f:e1:d6:49:e4:93:cb:c0:11:5b:f0:
         44:55:79:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ42TZ1nokLA2qGhUktEmbfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjdjMDljMWEzZjczZWJlNjE3NDBhYjY1ZTU4OWY5MTY1
NWJkZWQwHhcNMjYwNTE3MTQxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTg0ZDdhOWY4ODg1Y2Q0NGY0MjI5YWEyNzlmZWVjNTFkNTM0ZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnF3IlfBmjhn1OAvgSM40nc6CfSe
yfDwhxl/gpPQgmqUs0aQgbovV6XX6aYpK+6c8KmsHhQW9c2ZQV6NEJ07KZiyu1MV
/e02XyCyJZ40poVyZXAU6/h+dlYaK/jfKZxpxQce48sbVx2VgcXEcD5D8YwU7HHN
Zq9uOoOgAiMpAHnTTa9stOTuPf1JUXwfg1kirP6GjUmWqqludBTtR7hA5CRjmH0O
cq9/rMtrX1Q7+Ynkx2MhzQCEzfIZPhLwZKQM9KnospY2qgPc9Zav7MEm7Owo/Bko
ArNj2KKTmMzCX2z0R6YBJm/6Xd5IUsclhBQ8GHWj2rvmY6+xhQFLh7n0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6E16n4iFzUT0Ipqief7sUdU079MB8GA1UdIwQY
MBaAFI73wJwaP3Pr5hdAq2XlifkWVb3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDkt
ZjYyYmU5ZThhNjcxLzEvam9UWHFmaUlYTlJQUWltcUo1X3V4UjFUVHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDktZjYyYmU5ZThhNjcx
LzEvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjsMA0G
CSqGSIb3DQEBCwUAA4IBAQAuSmMp8uxP3s8e2F17AzYBHWlTA8yiBl4gEfbFeQ5j
Qu22fgN74+6A33xdQv8O/s3KJ/gTa28JTTluWV/Py36RDQPoN6/iqpgK6xswKRx1
xko/AgV4LoYWmLCw9xyLRp2nL3tEKlBOnpQXPpkyImqI2YBS0a9WaIBKlUZXbarN
f2v21NzWrAQK9s3hs00G/Jq4fHuhVoPX3RBrg/y8TP1CLDMpXbIRTUuHpMivKUSm
ES+1AQ0ZiERuz2jAbRJDnB+ZQYemw8J7CNELel6CsOylflRsWbU83ikZFSee899P
G+mRu3KzuuPVeR/+KvBIU+PML+HWSeSTy8ARW/BEVXnb
-----END CERTIFICATE-----