Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/Jf0IiUw2yxEGHU21X5UBjTTFsPw.roa
File:                     Jf0IiUw2yxEGHU21X5UBjTTFsPw.roa (raw, json)
Hash identifier:          iznEwndgoL7LQZ3si+t9hPfxRdTHhoHEK3Tm2NJNWr8=
Subject key identifier:   25:FD:08:89:4C:36:CB:11:06:1D:4D:B5:5F:95:01:8D:34:C5:B0:FC
Certificate issuer:       /CN=88fb410a3bfc7340b667b4f221c7cb806267896e
Certificate serial:       019EB1652A827D71D99F6535E16E06DBF878
Authority key identifier: 88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/Jf0IiUw2yxEGHU21X5UBjTTFsPw.roa
Signing time:             Wed 10 Jun 2026 11:57:37 +0000
ROA not before:           Wed 10 Jun 2026 11:57:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219492
IP address blocks:        185.229.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:65:2a:82:7d:71:d9:9f:65:35:e1:6e:06:db:f8:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fb410a3bfc7340b667b4f221c7cb806267896e
        Validity
            Not Before: Jun 10 11:57:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25fd08894c36cb11061d4db55f95018d34c5b0fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5b:4f:1c:9c:c0:11:21:b1:3a:84:23:29:2f:
                    f2:d2:98:c5:fd:39:3d:96:af:05:89:67:d8:af:50:
                    88:8a:84:de:24:2a:e4:be:ca:ae:03:fc:19:be:35:
                    bf:87:b4:39:fa:46:35:0c:6c:41:d6:f7:81:f9:0c:
                    69:f9:50:35:d3:8a:5b:06:7c:87:8c:15:26:3b:02:
                    11:9f:67:55:a4:10:fd:b3:5d:ed:e9:42:47:a6:97:
                    00:7c:24:be:2a:34:45:67:3f:5f:d3:ff:76:d0:d3:
                    93:1e:9b:26:7c:3a:c4:42:1a:9a:e6:02:41:80:a1:
                    2f:5c:85:a7:71:85:93:1d:e7:79:36:f9:55:2b:48:
                    ae:55:73:4c:a4:a7:65:40:59:80:78:9a:2e:3b:1b:
                    80:e1:dc:9b:7a:fd:d6:c3:d8:90:71:75:59:b4:ce:
                    fa:01:ea:6b:d1:d8:da:a0:37:bd:21:be:0c:51:3e:
                    b4:e5:e5:88:6d:fb:76:bb:0d:b9:9b:d9:77:ec:c8:
                    6d:d7:d1:dc:31:40:be:dd:55:b0:1f:94:6a:ae:41:
                    6d:05:e2:5e:3e:f2:a9:11:5d:d7:d8:f3:26:79:79:
                    bc:f5:0f:07:9b:04:65:bc:de:16:85:77:14:31:45:
                    1e:37:54:1c:a7:c1:c3:21:b5:c6:4d:44:74:47:28:
                    68:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FD:08:89:4C:36:CB:11:06:1D:4D:B5:5F:95:01:8D:34:C5:B0:FC
            X509v3 Authority Key Identifier:
                keyid:88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/Jf0IiUw2yxEGHU21X5UBjTTFsPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6b:d6:45:b0:cc:07:0a:25:bb:12:30:01:e7:23:43:ec:02:
         79:90:01:7d:5f:e5:d2:c1:28:1a:02:3e:57:ce:ef:25:22:51:
         2c:79:f5:2c:ba:bd:7b:be:f7:30:78:29:cc:98:c4:93:0b:f5:
         03:17:28:80:b1:4c:be:0d:3a:d1:46:34:95:6e:c9:63:2e:84:
         8f:75:23:80:59:78:e7:c8:7b:e5:d9:61:31:79:14:01:60:34:
         3b:97:7e:48:73:b3:4b:41:6f:53:2b:c3:ec:57:25:9c:9b:20:
         b9:71:01:14:fb:cf:47:43:0a:1a:5a:95:b9:87:76:17:8e:17:
         be:a6:4b:65:d2:74:69:fe:8e:e5:b9:bc:3f:f5:06:9b:00:6f:
         44:8a:dc:a0:68:ec:7d:dd:09:5d:a5:67:7e:f7:cd:f7:cb:30:
         63:18:cd:1d:f4:ba:49:e4:11:ef:f6:b3:eb:fc:73:e7:1a:35:
         89:42:f7:58:37:ec:5b:7d:88:49:0d:11:68:80:77:a0:56:44:
         8d:8c:78:ab:05:8e:ce:8e:aa:cf:6a:f2:4f:6b:7a:4c:96:e0:
         2d:f0:7a:64:42:64:05:c1:b6:ca:3f:1a:b2:f0:09:f3:19:1b:
         06:ca:c2:0b:57:b5:11:85:60:18:3c:cd:9a:39:ca:58:a5:22:
         79:3e:42:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xZSqCfXHZn2U14W4G2/h4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmI0MTBhM2JmYzczNDBiNjY3YjRmMjIxYzdjYjgwNjI2
Nzg5NmUwHhcNMjYwNjEwMTE1NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWZkMDg4OTRjMzZjYjExMDYxZDRkYjU1Zjk1MDE4ZDM0YzViMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VtPHJzAESGxOoQjKS/y0pjF/Tk9
lq8FiWfYr1CIioTeJCrkvsquA/wZvjW/h7Q5+kY1DGxB1veB+Qxp+VA104pbBnyH
jBUmOwIRn2dVpBD9s13t6UJHppcAfCS+KjRFZz9f0/920NOTHpsmfDrEQhqa5gJB
gKEvXIWncYWTHed5NvlVK0iuVXNMpKdlQFmAeJouOxuA4dybev3Ww9iQcXVZtM76
Aepr0djaoDe9Ib4MUT605eWIbft2uw25m9l37Mht19HcMUC+3VWwH5RqrkFtBeJe
PvKpEV3X2PMmeXm89Q8HmwRlvN4WhXcUMUUeN1Qcp8HDIbXGTUR0Ryho6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX9CIlMNssRBh1NtV+VAY00xbD8MB8GA1UdIwQY
MBaAFIj7QQo7/HNAtme08iHHy4BiZ4luMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDIt
YjM4YzgwOTUxOTgxLzEvSmYwSWlVdzJ5eEVHSFUyMVg1VUJqVFRGc1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDItYjM4YzgwOTUxOTgx
LzEvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUNMA0G
CSqGSIb3DQEBCwUAA4IBAQB4a9ZFsMwHCiW7EjAB5yND7AJ5kAF9X+XSwSgaAj5X
zu8lIlEsefUsur17vvcweCnMmMSTC/UDFyiAsUy+DTrRRjSVbsljLoSPdSOAWXjn
yHvl2WExeRQBYDQ7l35Ic7NLQW9TK8PsVyWcmyC5cQEU+89HQwoaWpW5h3YXjhe+
pktl0nRp/o7lubw/9QabAG9EitygaOx93QldpWd+9833yzBjGM0d9LpJ5BHv9rPr
/HPnGjWJQvdYN+xbfYhJDRFogHegVkSNjHirBY7OjqrPavJPa3pMluAt8HpkQmQF
wbbKPxqy8AnzGRsGysILV7URhWAYPM2aOcpYpSJ5PkKM
-----END CERTIFICATE-----