Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jja1zFkHdn5ILzloltVpHT9yOdU.roa
File:                     jja1zFkHdn5ILzloltVpHT9yOdU.roa (raw, json)
Hash identifier:          pfN7gTWErdONABC3bD+TW41diSkQkASOh131rjEdPio=
Subject key identifier:   8E:36:B5:CC:59:07:76:7E:48:2F:39:68:96:D5:69:1D:3F:72:39:D5
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019C348E16550C5FD8E93C91903A42A5D3B3
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jja1zFkHdn5ILzloltVpHT9yOdU.roa
Signing time:             Fri 06 Feb 2026 20:04:12 +0000
ROA not before:           Fri 06 Feb 2026 20:04:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30838
IP address blocks:        45.12.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:34:8e:16:55:0c:5f:d8:e9:3c:91:90:3a:42:a5:d3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb  6 20:04:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e36b5cc5907767e482f396896d5691d3f7239d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:19:1a:98:2d:f3:13:b9:dc:de:73:3e:c0:34:
                    08:03:e2:14:6a:0f:ce:d3:54:c5:87:3d:b2:61:7a:
                    be:1d:b9:18:c0:64:26:a9:3a:e5:b6:5f:85:11:73:
                    07:33:62:34:11:bd:42:64:0c:54:3a:5e:da:f6:f7:
                    40:30:ee:e3:54:b1:a4:45:6b:43:3a:d3:71:19:44:
                    d8:96:40:2b:0e:9e:d0:a8:52:15:15:1f:cb:1c:72:
                    b7:68:cb:08:2b:d0:6e:8c:57:67:c3:1f:82:7f:b3:
                    95:f4:66:51:d3:7b:25:18:b2:9c:1b:05:96:bf:4f:
                    44:e6:8b:55:6d:cd:3f:26:0c:c7:ac:09:12:7e:ae:
                    85:b9:59:08:94:77:72:38:79:d1:d7:6c:fe:32:7d:
                    dc:ce:0f:bc:46:fc:37:8e:fd:00:94:c1:d9:f0:68:
                    6c:92:37:1b:ab:5c:e5:ba:82:2a:e1:17:e4:d7:2e:
                    6c:f8:1b:5f:38:63:aa:b4:9a:e0:e2:f9:71:55:01:
                    f9:6e:47:54:f4:ed:cd:d3:21:57:65:36:f5:c9:da:
                    ac:7e:29:af:07:94:2b:7a:1b:c9:fb:87:9f:70:e1:
                    21:f7:32:08:96:7b:82:64:3b:b0:68:22:fd:70:28:
                    f2:ad:da:3c:7c:4a:18:03:51:b6:e5:59:7f:39:d6:
                    5b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:36:B5:CC:59:07:76:7E:48:2F:39:68:96:D5:69:1D:3F:72:39:D5
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jja1zFkHdn5ILzloltVpHT9yOdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:19:78:b4:a7:64:cd:a5:d5:1c:6f:09:07:c7:b1:81:6d:9b:
         45:5b:0d:a7:9f:e9:af:2c:60:88:c9:0b:5d:fa:0d:5c:56:cc:
         cc:ac:d8:61:79:82:b3:0c:52:e6:1f:d1:a1:4e:55:b9:6d:74:
         d7:89:b2:82:cd:df:fb:99:61:83:97:3e:d1:58:40:4a:86:c8:
         94:f0:b7:88:ba:1a:45:7a:be:4b:8d:bb:2f:d1:2c:30:57:1e:
         77:b6:bd:06:a3:12:a2:49:6d:69:3b:47:77:52:e8:df:51:8a:
         f4:fe:d3:7c:be:8b:6e:9f:f4:77:68:14:39:24:8e:5a:e7:75:
         42:23:c1:cb:ce:f3:59:c5:33:95:c8:d0:d8:8e:7e:fc:4c:1d:
         37:c3:4a:e9:fd:c8:7b:32:f2:68:d0:09:74:6d:6c:23:d9:24:
         25:dd:09:88:6f:6d:91:af:e5:2b:2a:c3:d9:62:9f:da:af:90:
         d3:ca:df:3f:5b:a0:59:5e:44:01:f1:5f:33:37:a0:b9:48:c6:
         57:3a:37:84:54:43:eb:a1:0b:76:2e:3b:6e:e4:5a:14:fb:d2:
         ff:7a:06:67:f7:8a:cf:46:af:2c:00:c0:6d:9e:64:26:f0:36:
         b5:7f:e7:32:67:b6:eb:4f:12:34:9f:a5:11:e0:1f:f3:a2:2f:
         e3:ea:1e:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZw0jhZVDF/Y6TyRkDpCpdOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMjA2MjAwNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM2YjVjYzU5MDc3NjdlNDgyZjM5Njg5NmQ1NjkxZDNmNzIzOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BkamC3zE7nc3nM+wDQIA+IUag/O
01TFhz2yYXq+HbkYwGQmqTrltl+FEXMHM2I0Eb1CZAxUOl7a9vdAMO7jVLGkRWtD
OtNxGUTYlkArDp7QqFIVFR/LHHK3aMsIK9BujFdnwx+Cf7OV9GZR03slGLKcGwWW
v09E5otVbc0/JgzHrAkSfq6FuVkIlHdyOHnR12z+Mn3czg+8Rvw3jv0AlMHZ8Ghs
kjcbq1zluoIq4Rfk1y5s+BtfOGOqtJrg4vlxVQH5bkdU9O3N0yFXZTb1ydqsfimv
B5QrehvJ+4efcOEh9zIIlnuCZDuwaCL9cCjyrdo8fEoYA1G25Vl/OdZbEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI42tcxZB3Z+SC85aJbVaR0/cjnVMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvamphMXpGa0hkbjVJTHpsb2x0VnBIVDl5T2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzZMA0G
CSqGSIb3DQEBCwUAA4IBAQAKGXi0p2TNpdUcbwkHx7GBbZtFWw2nn+mvLGCIyQtd
+g1cVszMrNhheYKzDFLmH9GhTlW5bXTXibKCzd/7mWGDlz7RWEBKhsiU8LeIuhpF
er5Ljbsv0SwwVx53tr0GoxKiSW1pO0d3UujfUYr0/tN8votun/R3aBQ5JI5a53VC
I8HLzvNZxTOVyNDYjn78TB03w0rp/ch7MvJo0Al0bWwj2SQl3QmIb22Rr+UrKsPZ
Yp/ar5DTyt8/W6BZXkQB8V8zN6C5SMZXOjeEVEProQt2Ljtu5FoU+9L/egZn94rP
Rq8sAMBtnmQm8Da1f+cyZ7brTxI0n6UR4B/zoi/j6h7e
-----END CERTIFICATE-----