Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rjK7-TCvjlXGMxnZzRKoApgJRAw.roa
File:                     rjK7-TCvjlXGMxnZzRKoApgJRAw.roa (raw, json)
Hash identifier:          QLyuLWHcQhBMkgUXy4XtmxTD6dhef5FDheEprsDXzg8=
Subject key identifier:   AE:32:BB:F9:30:AF:8E:55:C6:33:19:D9:CD:12:A8:02:98:09:44:0C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019D2F2F3C4210B92D5155370601A6658106
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rjK7-TCvjlXGMxnZzRKoApgJRAw.roa
Signing time:             Fri 27 Mar 2026 12:05:17 +0000
ROA not before:           Fri 27 Mar 2026 12:05:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151704
IP address blocks:        212.192.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:2f:3c:42:10:b9:2d:51:55:37:06:01:a6:65:81:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 27 12:05:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae32bbf930af8e55c63319d9cd12a8029809440c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:98:77:3c:9a:3c:1a:ae:d2:e4:d6:fb:48:0a:
                    ca:f8:eb:7e:fd:96:45:e9:d0:69:23:c1:aa:cb:d0:
                    61:29:d6:7d:5d:be:83:6f:a1:7a:92:76:a9:50:12:
                    93:06:6b:fe:32:97:67:8c:3e:08:e7:ea:70:23:0d:
                    6e:0b:e2:33:88:d7:19:cb:a8:d4:fc:c0:ec:08:90:
                    74:b3:56:5b:a7:1a:dc:00:9d:7b:aa:73:0e:a4:ea:
                    7a:cf:bc:a6:a6:af:aa:8e:9d:ce:f0:a4:2f:cb:51:
                    32:c4:6f:e1:8e:a5:94:56:d4:ed:1f:8f:fa:e6:87:
                    85:82:e9:c2:9b:7e:12:34:21:20:98:03:ac:a4:78:
                    2b:6d:b5:44:9b:11:5f:b4:56:38:8b:e9:66:86:8c:
                    1f:c0:7a:45:35:27:79:71:ca:18:e4:96:eb:b5:12:
                    c9:10:2d:d0:a5:be:13:e3:c1:d9:c9:81:f1:3d:6d:
                    31:3f:a9:98:aa:00:15:98:a5:88:2d:f1:9b:18:97:
                    2c:31:28:54:ff:13:2e:06:c9:26:7e:8a:1b:01:d9:
                    53:7f:36:3b:89:45:64:1c:50:68:a2:9f:18:2c:31:
                    a6:cb:87:6c:f9:8e:f9:53:d2:05:11:ca:a1:3c:72:
                    d8:a2:88:45:82:1f:08:b1:66:37:a3:da:31:06:d9:
                    97:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:32:BB:F9:30:AF:8E:55:C6:33:19:D9:CD:12:A8:02:98:09:44:0C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rjK7-TCvjlXGMxnZzRKoApgJRAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:e8:9b:b1:c5:8a:c3:33:c7:73:aa:ee:d0:ba:39:b7:05:8f:
         6f:07:d8:f0:82:f3:63:2b:75:22:f3:3e:d0:8b:45:f3:ca:81:
         94:cc:55:4f:e9:f8:fb:6a:8d:e5:2c:28:2f:41:38:8c:cb:a9:
         8e:ef:af:db:4e:d3:0a:66:36:13:cb:c7:9b:ac:cc:65:be:81:
         40:4d:75:90:73:6b:2a:b2:0b:63:b6:26:cb:51:9f:2a:38:ea:
         28:0a:95:50:cd:e5:2f:ea:12:a2:8d:b6:cb:ca:e9:58:9f:f6:
         e3:49:ae:f4:af:a2:f1:57:40:73:12:da:39:ba:24:d8:d2:51:
         f1:2c:38:da:ac:ca:51:7a:b0:17:43:66:3f:f0:4d:a6:3e:ff:
         94:78:2a:fb:c9:59:a2:34:11:8d:44:39:a2:6d:b6:9e:8d:b2:
         4e:aa:18:13:f2:05:95:fe:a7:fc:23:fb:0a:54:82:99:b9:16:
         35:1a:79:5f:50:83:76:50:51:78:4f:6f:e6:08:be:bc:28:0c:
         5c:54:63:d0:64:fd:16:f3:74:8e:8f:92:3f:66:ac:83:94:51:
         55:ba:11:95:59:c8:b9:da:30:c2:a1:a3:aa:6e:27:fe:bc:5c:
         ae:10:a7:9e:f3:e9:ef:f7:3c:58:69:ab:02:3c:ce:2e:6d:31:
         e9:55:30:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0vLzxCELktUVU3BgGmZYEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMzI3MTIwNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTMyYmJmOTMwYWY4ZTU1YzYzMzE5ZDljZDEyYTgwMjk4MDk0NDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45h3PJo8Gq7S5Nb7SArK+Ot+/ZZF
6dBpI8Gqy9BhKdZ9Xb6Db6F6knapUBKTBmv+MpdnjD4I5+pwIw1uC+IziNcZy6jU
/MDsCJB0s1ZbpxrcAJ17qnMOpOp6z7ympq+qjp3O8KQvy1EyxG/hjqWUVtTtH4/6
5oeFgunCm34SNCEgmAOspHgrbbVEmxFftFY4i+lmhowfwHpFNSd5ccoY5JbrtRLJ
EC3Qpb4T48HZyYHxPW0xP6mYqgAVmKWILfGbGJcsMShU/xMuBskmfoobAdlTfzY7
iUVkHFBoop8YLDGmy4ds+Y75U9IFEcqhPHLYoohFgh8IsWY3o9oxBtmXBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4yu/kwr45VxjMZ2c0SqAKYCUQMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcmpLNy1UQ3ZqbFhHTXhuWnpSS29BcGdKUkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD5MA0G
CSqGSIb3DQEBCwUAA4IBAQBw6JuxxYrDM8dzqu7Qujm3BY9vB9jwgvNjK3Ui8z7Q
i0XzyoGUzFVP6fj7ao3lLCgvQTiMy6mO76/bTtMKZjYTy8ebrMxlvoFATXWQc2sq
sgtjtibLUZ8qOOooCpVQzeUv6hKijbbLyulYn/bjSa70r6LxV0BzEto5uiTY0lHx
LDjarMpRerAXQ2Y/8E2mPv+UeCr7yVmiNBGNRDmibbaejbJOqhgT8gWV/qf8I/sK
VIKZuRY1GnlfUIN2UFF4T2/mCL68KAxcVGPQZP0W83SOj5I/ZqyDlFFVuhGVWci5
2jDCoaOqbif+vFyuEKee8+nv9zxYaasCPM4ubTHpVTB+
-----END CERTIFICATE-----