Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/Jyr3qQaLkuFGdzyQkxaiY8QG9Zk.roa
File:                     Jyr3qQaLkuFGdzyQkxaiY8QG9Zk.roa (raw, json)
Hash identifier:          +0lMWS/2H1/8Ey92DgxBFaeX3VGewzw1q8R4yOnjB60=
Subject key identifier:   27:2A:F7:A9:06:8B:92:E1:46:77:3C:90:93:16:A2:63:C4:06:F5:99
Certificate issuer:       /CN=b66779f2055b254f5d5b3292eeaf0dd5797737a6
Certificate serial:       019B7EA6EA1A2F78943DFE18211EB2D16080
Authority key identifier: B6:67:79:F2:05:5B:25:4F:5D:5B:32:92:EE:AF:0D:D5:79:77:37:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/Jyr3qQaLkuFGdzyQkxaiY8QG9Zk.roa
Signing time:             Fri 02 Jan 2026 12:20:26 +0000
ROA not before:           Fri 02 Jan 2026 12:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205303
IP address blocks:        147.185.237.0/24 maxlen: 24
                          167.94.110.0/24 maxlen: 24
                          167.94.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:ea:1a:2f:78:94:3d:fe:18:21:1e:b2:d1:60:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b66779f2055b254f5d5b3292eeaf0dd5797737a6
        Validity
            Not Before: Jan  2 12:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=272af7a9068b92e146773c909316a263c406f599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:af:b4:84:8b:ef:e7:bc:0a:1d:54:e6:10:
                    a3:bc:91:fc:34:8d:49:c7:bd:28:3c:13:fc:ff:dc:
                    f8:a6:4f:8b:fe:75:32:55:f6:0d:95:cc:75:37:8c:
                    5c:41:40:0a:36:af:8e:de:61:e2:13:05:7c:81:25:
                    24:27:80:7b:b7:74:91:13:c5:69:b4:24:14:98:09:
                    23:d1:9a:4a:d4:d7:3f:cf:37:21:7f:f5:a7:78:0b:
                    e5:f6:9d:fd:1a:e7:38:ff:52:36:ef:7a:03:83:a3:
                    fd:11:f5:9c:20:bd:11:ba:f5:e4:5d:ae:a7:4f:14:
                    fe:15:9a:c5:66:f9:89:11:f3:d0:fe:e9:6a:21:d2:
                    62:d5:1b:ae:80:b7:38:31:e0:d3:46:3b:b7:19:ac:
                    46:c7:b8:ea:7c:92:bc:da:f5:81:09:30:7a:c5:3c:
                    39:5d:a9:91:2a:be:4d:e3:3d:94:53:44:ed:23:37:
                    a1:07:16:13:c1:d5:a4:e0:81:04:2f:75:b1:36:8b:
                    a7:ce:05:f3:23:14:71:03:2b:2d:8f:71:8a:d3:49:
                    77:be:c1:3b:65:0a:d9:b0:7a:0b:d9:b3:f1:76:fa:
                    a9:67:71:16:e8:88:e4:b0:d2:03:0d:df:e3:e9:2e:
                    c1:82:cb:40:04:f3:ae:87:74:c5:b5:a2:c8:27:82:
                    23:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2A:F7:A9:06:8B:92:E1:46:77:3C:90:93:16:A2:63:C4:06:F5:99
            X509v3 Authority Key Identifier:
                keyid:B6:67:79:F2:05:5B:25:4F:5D:5B:32:92:EE:AF:0D:D5:79:77:37:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/Jyr3qQaLkuFGdzyQkxaiY8QG9Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1f82e5-3098-453a-af64-cab717a809e7/1/tmd58gVbJU9dWzKS7q8N1Xl3N6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.237.0/24
                  167.94.110.0/24
                  167.94.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:7c:41:2c:e1:ce:46:b3:9e:9d:70:65:57:6b:fe:12:a2:18:
         14:37:cf:e0:26:99:75:e3:c1:1a:e0:0f:12:1a:d8:82:30:44:
         50:26:d6:3e:a3:5b:d9:dc:b8:af:85:a7:5d:6e:83:eb:22:7e:
         c2:04:9b:f7:dc:93:dc:b0:71:f1:e7:23:57:4d:9b:18:09:37:
         92:d6:c9:2c:d7:d6:b7:5c:bb:0d:2f:85:ac:e6:0e:32:0a:8f:
         01:b3:f3:25:59:6d:bd:c0:70:ae:68:8f:37:6a:65:32:00:9f:
         29:3a:50:64:66:50:1f:7b:cf:ec:ba:00:63:0c:3b:88:5c:27:
         27:a7:7e:f2:eb:df:47:63:a5:52:63:3f:ac:48:84:d0:00:5d:
         09:22:73:52:56:d0:ab:ae:11:c6:85:fd:d6:d8:23:b2:13:67:
         6b:f2:e3:e5:0e:f2:20:3e:62:f9:fc:74:6f:e6:66:e2:2e:07:
         6f:52:0c:53:33:54:66:f5:d6:b6:17:cb:92:3c:68:ad:7e:03:
         63:52:b4:4f:0a:a8:05:8a:7b:21:6f:22:af:18:b8:88:e9:1a:
         f7:d8:da:f0:c9:ce:5f:04:9e:d1:ee:a2:88:31:d6:b4:b4:e4:
         62:0f:9c:cb:77:a2:6e:0c:ed:d1:37:41:e1:ae:ed:8e:4e:fa:
         9a:d9:37:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt+puoaL3iUPf4YIR6y0WCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2Njc3OWYyMDU1YjI1NGY1ZDViMzI5MmVlYWYwZGQ1Nzk3
NzM3YTYwHhcNMjYwMTAyMTIyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJhZjdhOTA2OGI5MmUxNDY3NzNjOTA5MzE2YTI2M2M0MDZmNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6uvtISL7+e8Ch1U5hCjvJH8NI1J
x70oPBP8/9z4pk+L/nUyVfYNlcx1N4xcQUAKNq+O3mHiEwV8gSUkJ4B7t3SRE8Vp
tCQUmAkj0ZpK1Nc/zzchf/WneAvl9p39Guc4/1I273oDg6P9EfWcIL0RuvXkXa6n
TxT+FZrFZvmJEfPQ/ulqIdJi1RuugLc4MeDTRju3GaxGx7jqfJK82vWBCTB6xTw5
XamRKr5N4z2UU0TtIzehBxYTwdWk4IEEL3WxNounzgXzIxRxAystj3GK00l3vsE7
ZQrZsHoL2bPxdvqpZ3EW6IjksNIDDd/j6S7BgstABPOuh3TFtaLIJ4IjuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCcq96kGi5LhRnc8kJMWomPEBvWZMB8GA1UdIwQY
MBaAFLZnefIFWyVPXVsyku6vDdV5dzemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG1kNThnVmJKVTlkV3pLUzdxOE4xWGwzTjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xZjgyZTUtMzA5OC00NTNhLWFmNjQt
Y2FiNzE3YTgwOWU3LzEvSnlyM3FRYUxrdUZHZHp5UWt4YWlZOFFHOVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xZjgyZTUtMzA5OC00NTNhLWFmNjQtY2FiNzE3YTgwOWU3
LzEvdG1kNThnVmJKVTlkV3pLUzdxOE4xWGwzTjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAk7ntAwQA
p15uAwQAp16uMA0GCSqGSIb3DQEBCwUAA4IBAQAjfEEs4c5Gs56dcGVXa/4SohgU
N8/gJpl148Ea4A8SGtiCMERQJtY+o1vZ3LivhaddboPrIn7CBJv33JPcsHHx5yNX
TZsYCTeS1sks19a3XLsNL4Ws5g4yCo8Bs/MlWW29wHCuaI83amUyAJ8pOlBkZlAf
e8/sugBjDDuIXCcnp37y699HY6VSYz+sSITQAF0JInNSVtCrrhHGhf3W2COyE2dr
8uPlDvIgPmL5/HRv5mbiLgdvUgxTM1Rm9da2F8uSPGitfgNjUrRPCqgFinshbyKv
GLiI6Rr32Nrwyc5fBJ7R7qKIMda0tORiD5zLd6JuDO3RN0Hhru2OTvqa2Te8
-----END CERTIFICATE-----