Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/JLo2q2iBmFKeMgKoTnjBpvjAjJY.roa
File:                     JLo2q2iBmFKeMgKoTnjBpvjAjJY.roa (raw, json)
Hash identifier:          qaCH/S3HYUp62JimShr7jtytmfdudoB+yYvxVEqY8JY=
Subject key identifier:   24:BA:36:AB:68:81:98:52:9E:32:02:A8:4E:78:C1:A6:F8:C0:8C:96
Certificate issuer:       /CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
Certificate serial:       019B78348570A2CA2A9D44F5FAFCD0D23B72
Authority key identifier: CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/JLo2q2iBmFKeMgKoTnjBpvjAjJY.roa
Signing time:             Thu 01 Jan 2026 06:17:46 +0000
ROA not before:           Thu 01 Jan 2026 06:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48271
IP address blocks:        212.2.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/zfUae0xbJFgCkrjEqmqpwyVmVIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/zfUae0xbJFgCkrjEqmqpwyVmVIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:85:70:a2:ca:2a:9d:44:f5:fa:fc:d0:d2:3b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
        Validity
            Not Before: Jan  1 06:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24ba36ab688198529e3202a84e78c1a6f8c08c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:a0:43:1d:cf:7c:8a:1f:15:6d:e3:8c:58:
                    fb:35:5e:66:cb:15:74:79:e8:5b:ef:4f:cc:c4:94:
                    84:45:94:b8:18:67:f2:91:05:57:50:63:79:f1:56:
                    79:6f:84:43:d0:e9:a5:a3:da:8c:ea:6c:44:e2:00:
                    da:c8:37:e8:81:02:32:cf:06:7b:a4:fe:9a:e4:65:
                    de:28:4b:87:75:63:a3:df:d2:6d:ec:4c:9f:22:cb:
                    f6:42:e6:9e:48:3f:f0:94:6e:f5:94:bf:db:9d:97:
                    47:43:ab:98:78:a3:0b:f2:d8:c2:95:0e:65:92:ae:
                    28:4c:e6:d2:09:05:95:31:56:c5:4a:65:3d:81:ce:
                    1e:09:63:29:43:2a:f9:23:73:1f:c4:c4:53:3e:55:
                    a1:77:34:ad:ee:04:4d:59:9f:02:5f:5c:1e:77:d9:
                    7f:39:b8:2a:17:54:db:ad:39:e2:d2:46:7a:16:c0:
                    a3:62:f7:06:52:e8:fe:71:62:b4:63:5c:87:df:3c:
                    d9:33:1e:54:6d:37:44:3f:f1:a4:a3:90:cc:70:18:
                    c5:ff:28:7d:2c:eb:27:33:db:be:ac:a4:00:d0:a1:
                    99:f0:a3:71:cc:5e:90:60:9f:6b:a1:cf:1a:0d:39:
                    8b:6c:eb:38:aa:78:e2:9d:1a:dc:1d:0b:7b:55:50:
                    7f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BA:36:AB:68:81:98:52:9E:32:02:A8:4E:78:C1:A6:F8:C0:8C:96
            X509v3 Authority Key Identifier:
                keyid:CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/JLo2q2iBmFKeMgKoTnjBpvjAjJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/zfUae0xbJFgCkrjEqmqpwyVmVIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6c:93:59:6f:c8:b3:2e:05:36:a9:13:58:95:c9:29:54:48:57:
         3a:8f:fc:35:43:8a:b3:d1:29:a8:9b:81:f2:88:98:18:ba:56:
         6d:f7:ba:a5:fc:da:bd:65:5a:bd:7e:10:b9:e8:67:55:e5:f7:
         7f:84:79:e1:63:d7:e5:b0:5e:d3:a6:56:f6:44:02:32:93:1b:
         1b:26:cd:2a:46:53:21:3b:5f:5e:b6:fb:c7:7e:22:ab:de:9f:
         86:80:1d:89:6f:5a:e0:74:03:60:cb:f3:52:51:1d:58:c3:8b:
         be:23:0a:42:d3:d6:4e:75:d4:df:36:79:3a:59:48:8e:88:69:
         02:6d:56:d5:be:f5:74:42:01:4c:d8:c2:b5:ee:24:f4:80:5b:
         29:92:60:2f:2b:ee:14:e7:cb:e9:b5:48:e0:19:8a:24:1d:dc:
         f3:82:5d:1e:fe:f7:9d:7d:dc:46:5f:07:ce:e9:18:7a:26:65:
         57:5f:cf:cb:5d:2b:b6:67:ea:e8:ea:e7:b4:ed:e1:17:64:68:
         8c:8e:3a:70:70:bf:20:f8:4a:25:8b:2d:52:38:d5:cf:1e:73:
         91:ce:74:39:1c:af:2a:45:b5:91:39:43:5c:ab:b8:83:9f:8e:
         74:e8:0a:93:9d:67:3d:2f:42:83:cc:23:31:b1:81:3b:21:21:
         c6:94:d7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NIVwosoqnUT1+vzQ0jtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZjUxYTdiNGM1YjI0NTgwMjkyYjhjNGFhNmFhOWMzMjU2
NjU0ODAwHhcNMjYwMTAxMDYxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJhMzZhYjY4ODE5ODUyOWUzMjAyYTg0ZTc4YzFhNmY4YzA4Yzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX6gQx3PfIofFW3jjFj7NV5myxV0
eehb70/MxJSERZS4GGfykQVXUGN58VZ5b4RD0Omlo9qM6mxE4gDayDfogQIyzwZ7
pP6a5GXeKEuHdWOj39Jt7EyfIsv2QuaeSD/wlG71lL/bnZdHQ6uYeKML8tjClQ5l
kq4oTObSCQWVMVbFSmU9gc4eCWMpQyr5I3MfxMRTPlWhdzSt7gRNWZ8CX1wed9l/
ObgqF1TbrTni0kZ6FsCjYvcGUuj+cWK0Y1yH3zzZMx5UbTdEP/Gko5DMcBjF/yh9
LOsnM9u+rKQA0KGZ8KNxzF6QYJ9roc8aDTmLbOs4qnjinRrcHQt7VVB/VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS6NqtogZhSnjICqE54wab4wIyWMB8GA1UdIwQY
MBaAFM31GntMWyRYApK4xKpqqcMlZlSAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemZVYWUweGJKRmdDa3JqRXFtcXB3eVZtVklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8yNzI5ODYtODhhOS00NzdjLWEyNzct
YTU1YjU4MGIwZWEzLzEvSkxvMnEyaUJtRktlTWdLb1RuakJwdmpBakpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8yNzI5ODYtODhhOS00NzdjLWEyNzctYTU1YjU4MGIwZWEz
LzEvemZVYWUweGJKRmdDa3JqRXFtcXB3eVZtVklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1ALgMA0G
CSqGSIb3DQEBCwUAA4IBAQBsk1lvyLMuBTapE1iVySlUSFc6j/w1Q4qz0Smom4Hy
iJgYulZt97ql/Nq9ZVq9fhC56GdV5fd/hHnhY9flsF7Tplb2RAIykxsbJs0qRlMh
O19etvvHfiKr3p+GgB2Jb1rgdANgy/NSUR1Yw4u+IwpC09ZOddTfNnk6WUiOiGkC
bVbVvvV0QgFM2MK17iT0gFspkmAvK+4U58vptUjgGYokHdzzgl0e/vedfdxGXwfO
6Rh6JmVXX8/LXSu2Z+ro6ue07eEXZGiMjjpwcL8g+Eoliy1SONXPHnORznQ5HK8q
RbWROUNcq7iDn4506AqTnWc9L0KDzCMxsYE7ISHGlNdj
-----END CERTIFICATE-----