Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/JZwHtSGrS9JbREYWvnRnqezu10E.roa
File:                     JZwHtSGrS9JbREYWvnRnqezu10E.roa (raw, json)
Hash identifier:          y3XKnfAUyOdGdMgz4OHkrkd5qhmzJMO/Ix4+VHJ4AjI=
Subject key identifier:   25:9C:07:B5:21:AB:4B:D2:5B:44:46:16:BE:74:67:A9:EC:EE:D7:41
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       019D86B14E13A1FA0D71F32E9E34AD77C7C4
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/JZwHtSGrS9JbREYWvnRnqezu10E.roa
Signing time:             Mon 13 Apr 2026 11:54:19 +0000
ROA not before:           Mon 13 Apr 2026 11:54:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        217.78.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:b1:4e:13:a1:fa:0d:71:f3:2e:9e:34:ad:77:c7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: Apr 13 11:54:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=259c07b521ab4bd25b444616be7467a9eceed741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4f:c8:72:b0:7e:13:17:62:2a:83:04:50:b1:
                    9c:3b:3b:d0:94:2c:17:e3:b6:2c:84:f0:06:e0:50:
                    7d:38:4a:cd:c3:f1:5a:c0:7a:a3:98:4f:83:b3:bd:
                    50:07:d6:e6:e9:25:37:65:ca:c0:dc:11:60:8d:ba:
                    8e:00:4a:d0:06:c0:ef:4e:dd:92:a1:d5:ab:75:fc:
                    2e:78:89:18:f1:44:b0:a7:ae:1c:56:2a:59:1d:e4:
                    1d:30:96:b3:08:d4:23:3c:1b:d6:e3:7c:b3:c9:05:
                    7a:7f:85:73:1a:5f:93:bf:28:9b:ad:77:ff:1d:cd:
                    9f:1f:59:4f:b9:9c:2c:a8:0e:83:95:a2:2d:21:52:
                    ff:af:0a:39:46:3f:90:1b:d4:2e:f9:4e:7b:bb:7d:
                    e7:d5:06:b9:68:da:23:30:ee:2b:71:86:df:d6:c3:
                    84:15:f5:60:6b:7c:aa:bf:bf:1b:1f:cf:1f:85:88:
                    6e:e7:32:d3:85:9c:7a:37:3b:65:5d:55:6b:42:18:
                    70:9a:79:cd:bc:a3:ae:23:f7:ad:ff:e7:21:0f:c6:
                    95:7d:cd:c4:a2:6d:3e:d6:94:a3:c4:4b:8f:27:d0:
                    59:5d:61:4b:d3:a7:03:ee:88:ec:3b:d0:50:13:48:
                    73:32:66:54:11:ee:f0:f0:6a:8c:85:59:f7:a2:4e:
                    26:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:9C:07:B5:21:AB:4B:D2:5B:44:46:16:BE:74:67:A9:EC:EE:D7:41
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/JZwHtSGrS9JbREYWvnRnqezu10E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0b:ed:3f:60:09:7f:c9:fc:cd:af:fa:92:20:ff:69:68:8c:8a:
         eb:2c:e5:33:d1:eb:95:ad:82:ba:b3:f8:ea:e0:e7:38:9f:ff:
         9a:a6:83:8a:57:26:2b:45:56:b3:8a:c0:aa:b7:50:56:83:43:
         b7:d9:fc:55:d7:ac:fa:c2:78:99:37:12:db:9b:a6:0a:8c:fd:
         dc:30:24:1e:82:68:c1:c5:0a:57:03:ea:2e:c5:cd:0b:59:1e:
         50:28:f0:e0:c0:ea:39:0f:6b:bf:13:0e:eb:bb:a2:1f:1d:2e:
         14:b9:8d:95:50:46:6b:8d:de:68:71:ee:e0:33:fd:e9:99:40:
         22:07:56:ac:37:0c:e1:89:a2:6b:55:95:34:29:de:a9:c0:82:
         06:cf:ed:93:2c:07:af:e4:a3:44:5a:1c:2a:6f:80:f1:68:0e:
         75:4b:74:a9:57:d9:24:8f:04:84:4b:0d:a6:d8:cb:93:b7:f7:
         27:27:04:c0:d3:fd:1a:1d:9a:b3:8d:7f:5b:34:e7:85:a4:68:
         f9:a7:72:71:88:2c:86:32:85:70:2c:93:8e:b6:1f:e9:3a:58:
         e3:68:11:c7:05:34:ec:35:9a:67:ce:a2:56:41:92:24:eb:5f:
         b5:a5:65:ca:85:56:93:77:78:b3:79:bf:61:00:38:ff:69:a6:
         9a:eb:ce:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GsU4TofoNcfMunjStd8fEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjYwNDEzMTE1NDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTljMDdiNTIxYWI0YmQyNWI0NDQ2MTZiZTc0NjdhOWVjZWVkNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0/IcrB+ExdiKoMEULGcOzvQlCwX
47YshPAG4FB9OErNw/FawHqjmE+Ds71QB9bm6SU3ZcrA3BFgjbqOAErQBsDvTt2S
odWrdfwueIkY8USwp64cVipZHeQdMJazCNQjPBvW43yzyQV6f4VzGl+TvyibrXf/
Hc2fH1lPuZwsqA6DlaItIVL/rwo5Rj+QG9Qu+U57u33n1Qa5aNojMO4rcYbf1sOE
FfVga3yqv78bH88fhYhu5zLThZx6NztlXVVrQhhwmnnNvKOuI/et/+chD8aVfc3E
om0+1pSjxEuPJ9BZXWFL06cD7ojsO9BQE0hzMmZUEe7w8GqMhVn3ok4mgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWcB7Uhq0vSW0RGFr50Z6ns7tdBMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvSlp3SHRTR3JTOUpiUkVZV3ZuUm5xZXp1MTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U4oMA0G
CSqGSIb3DQEBCwUAA4IBAQAL7T9gCX/J/M2v+pIg/2lojIrrLOUz0euVrYK6s/jq
4Oc4n/+apoOKVyYrRVazisCqt1BWg0O32fxV16z6wniZNxLbm6YKjP3cMCQegmjB
xQpXA+ouxc0LWR5QKPDgwOo5D2u/Ew7ru6IfHS4UuY2VUEZrjd5oce7gM/3pmUAi
B1asNwzhiaJrVZU0Kd6pwIIGz+2TLAev5KNEWhwqb4DxaA51S3SpV9kkjwSESw2m
2MuTt/cnJwTA0/0aHZqzjX9bNOeFpGj5p3JxiCyGMoVwLJOOth/pOljjaBHHBTTs
NZpnzqJWQZIk61+1pWXKhVaTd3izeb9hADj/aaaa686S
-----END CERTIFICATE-----