Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/Jl_sYXdLZY6LvwTOjI4Ivkon2zc.roa
File:                     Jl_sYXdLZY6LvwTOjI4Ivkon2zc.roa (raw, json)
Hash identifier:          UfbfdfYRRXhEErXk2SVvIxQQ/2IYnFtsKwlFklKvl10=
Subject key identifier:   26:5F:EC:61:77:4B:65:8E:8B:BF:04:CE:8C:8E:08:BE:4A:27:DB:37
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       019EA8017BD8C514AD9CD56253F1FAA34599
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/Jl_sYXdLZY6LvwTOjI4Ivkon2zc.roa
Signing time:             Mon 08 Jun 2026 16:12:09 +0000
ROA not before:           Mon 08 Jun 2026 16:12:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199550
IP address blocks:        46.29.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:01:7b:d8:c5:14:ad:9c:d5:62:53:f1:fa:a3:45:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Jun  8 16:12:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=265fec61774b658e8bbf04ce8c8e08be4a27db37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:17:7b:6e:c5:93:09:0f:b9:e6:cf:c8:7e:03:
                    cb:59:5a:8c:9d:65:08:be:ac:4f:9c:e5:92:b7:48:
                    2c:79:02:db:9c:a1:db:56:7c:a9:e1:14:ff:2f:df:
                    99:a9:ab:d5:95:16:19:4e:15:27:ab:a4:d3:4f:37:
                    c4:73:42:e5:34:db:3d:cc:e0:7c:4e:9b:a6:e3:b7:
                    a2:27:e6:ab:26:15:0f:b1:9a:e1:fd:6b:26:60:ae:
                    5a:62:64:f8:6b:80:cc:92:1e:86:c3:9c:eb:40:9c:
                    38:ce:ca:45:b7:3c:17:49:3b:e8:60:33:f8:40:dc:
                    7e:11:00:a2:2f:1a:40:19:eb:38:b7:30:d0:8c:33:
                    32:7f:aa:39:b9:54:13:72:60:b7:c2:d2:af:63:65:
                    f4:2e:7c:35:40:c5:4b:e5:99:76:fc:0d:96:13:56:
                    37:97:d0:38:2a:59:16:14:74:65:c9:34:ec:10:8f:
                    bc:bd:e0:fb:28:08:83:88:cb:e1:d9:5f:bb:0a:8e:
                    88:d8:16:e1:cd:6b:bb:8b:33:62:a5:94:b0:80:cc:
                    94:8b:6d:84:11:2c:f2:90:9d:fd:8a:c0:70:39:86:
                    3d:e7:a1:58:f9:56:b9:74:b5:f1:f6:7e:16:fc:6c:
                    53:7f:ac:aa:ec:31:ec:e9:0d:5d:80:14:d5:58:00:
                    88:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:5F:EC:61:77:4B:65:8E:8B:BF:04:CE:8C:8E:08:BE:4A:27:DB:37
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/Jl_sYXdLZY6LvwTOjI4Ivkon2zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ad:d8:44:42:dc:72:ea:5e:18:0c:f3:31:32:ec:cf:0f:88:
         32:d7:47:2d:1a:02:a8:f1:3e:66:0e:13:24:22:07:2c:37:b7:
         20:b1:a7:bf:97:00:72:4b:18:17:2e:7d:0e:6d:ab:ce:c3:92:
         3d:88:c4:f9:06:d3:92:a6:d7:e7:5c:c2:fe:e6:d7:d1:5a:5b:
         f6:4f:8d:c8:b0:b7:a8:12:40:fe:40:99:f1:e1:45:42:b8:04:
         c2:1a:56:86:ea:e1:0f:51:99:0f:5c:ff:58:50:08:0e:97:db:
         42:cc:32:f5:4b:56:6d:37:48:be:1a:ab:76:e5:e6:4e:41:b9:
         2e:35:b8:57:fd:f1:61:af:5d:80:7d:08:90:e1:b3:5e:59:3a:
         bb:8d:7a:72:44:46:09:59:95:33:0e:c3:80:80:53:7a:27:1f:
         ca:31:78:17:db:e8:47:2f:cf:12:9e:25:3f:53:9f:3e:42:18:
         a4:ab:5b:8b:b3:44:00:0b:98:69:cd:64:1a:97:4e:50:f4:c2:
         df:a2:ff:ce:a6:72:27:44:2f:38:a1:0c:4c:6c:05:98:b2:18:
         bd:02:08:ea:6b:ee:80:a7:1c:f1:ca:c0:79:b3:33:13:5c:1e:
         8e:d1:e6:9c:1f:77:09:95:63:dc:a6:72:39:8c:f7:91:49:06:
         e2:a9:4e:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oAXvYxRStnNViU/H6o0WZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjYwNjA4MTYxMjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjVmZWM2MTc3NGI2NThlOGJiZjA0Y2U4YzhlMDhiZTRhMjdkYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hd7bsWTCQ+55s/IfgPLWVqMnWUI
vqxPnOWSt0gseQLbnKHbVnyp4RT/L9+ZqavVlRYZThUnq6TTTzfEc0LlNNs9zOB8
Tpum47eiJ+arJhUPsZrh/WsmYK5aYmT4a4DMkh6Gw5zrQJw4zspFtzwXSTvoYDP4
QNx+EQCiLxpAGes4tzDQjDMyf6o5uVQTcmC3wtKvY2X0Lnw1QMVL5Zl2/A2WE1Y3
l9A4KlkWFHRlyTTsEI+8veD7KAiDiMvh2V+7Co6I2BbhzWu7izNipZSwgMyUi22E
ESzykJ39isBwOYY956FY+Va5dLXx9n4W/GxTf6yq7DHs6Q1dgBTVWACIoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZf7GF3S2WOi78EzoyOCL5KJ9s3MB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvSmxfc1lYZExaWTZMdndUT2pJNEl2a29uMnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0kMA0G
CSqGSIb3DQEBCwUAA4IBAQBLrdhEQtxy6l4YDPMxMuzPD4gy10ctGgKo8T5mDhMk
IgcsN7cgsae/lwBySxgXLn0ObavOw5I9iMT5BtOSptfnXML+5tfRWlv2T43IsLeo
EkD+QJnx4UVCuATCGlaG6uEPUZkPXP9YUAgOl9tCzDL1S1ZtN0i+Gqt25eZOQbku
NbhX/fFhr12AfQiQ4bNeWTq7jXpyREYJWZUzDsOAgFN6Jx/KMXgX2+hHL88SniU/
U58+Qhikq1uLs0QAC5hpzWQal05Q9MLfov/OpnInRC84oQxMbAWYshi9Agjqa+6A
pxzxysB5szMTXB6O0eacH3cJlWPcpnI5jPeRSQbiqU7n
-----END CERTIFICATE-----