Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/JTGa6gnVCnC_0aiY47Op1UuqiXg.roa
File:                     JTGa6gnVCnC_0aiY47Op1UuqiXg.roa (raw, json)
Hash identifier:          Ks2YhvrwgXilKIV5biVYzNEQiDr4tEwP3nbyii0EPRs=
Subject key identifier:   25:31:9A:EA:09:D5:0A:70:BF:D1:A8:98:E3:B3:A9:D5:4B:AA:89:78
Certificate issuer:       /CN=f071f4d119d0b74fb66e37a7ef878d449d54ddc8
Certificate serial:       019C08E9420103C7463D0C608635E0E2215E
Authority key identifier: F0:71:F4:D1:19:D0:B7:4F:B6:6E:37:A7:EF:87:8D:44:9D:54:DD:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8HH00RnQt0-2bjen74eNRJ1U3cg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/JTGa6gnVCnC_0aiY47Op1UuqiXg.roa
Signing time:             Thu 29 Jan 2026 08:40:30 +0000
ROA not before:           Thu 29 Jan 2026 08:40:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44957
IP address blocks:        93.151.0.0/17 maxlen: 17
                          93.179.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/8HH00RnQt0-2bjen74eNRJ1U3cg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/8HH00RnQt0-2bjen74eNRJ1U3cg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8HH00RnQt0-2bjen74eNRJ1U3cg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:08:e9:42:01:03:c7:46:3d:0c:60:86:35:e0:e2:21:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f071f4d119d0b74fb66e37a7ef878d449d54ddc8
        Validity
            Not Before: Jan 29 08:40:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25319aea09d50a70bfd1a898e3b3a9d54baa8978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:48:56:3b:98:1a:b9:20:69:65:85:69:1c:43:
                    b8:73:7e:23:69:75:ea:71:fe:b1:c4:31:00:b4:cd:
                    0b:fc:b3:d8:2e:9e:44:58:64:88:03:11:fd:20:00:
                    18:43:7d:2f:21:26:cb:df:2b:d4:c5:55:1c:20:16:
                    d0:ed:26:b2:c8:a1:35:1b:9e:74:7e:86:90:24:9d:
                    5d:48:89:49:08:1a:a0:0b:ef:4b:ac:22:c5:0e:c3:
                    8c:2c:99:f1:91:d4:05:5c:8f:2e:54:20:7e:66:6f:
                    52:bd:4f:eb:82:95:d2:38:ff:3c:74:52:5f:cc:46:
                    91:b9:3e:5e:a9:fc:93:32:d7:85:6d:c9:e9:cd:f9:
                    24:01:5e:41:d4:f9:85:3a:d6:cb:a6:35:a5:26:d5:
                    45:9f:f1:09:10:fd:12:50:2d:4a:80:68:72:34:bb:
                    0c:1b:ea:78:5e:d6:f4:a4:de:63:6c:78:eb:fb:44:
                    74:28:df:1c:93:23:96:e7:1b:1e:60:70:e8:78:95:
                    d5:0e:01:48:4b:e7:a0:7f:da:83:70:37:80:2a:8f:
                    25:84:ca:3b:3a:4c:01:41:88:6e:be:2f:e6:80:02:
                    06:39:37:28:a8:db:1a:75:07:74:63:1a:56:67:0c:
                    66:d9:73:36:8a:ae:47:98:1c:7d:0f:85:7c:54:31:
                    ea:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:31:9A:EA:09:D5:0A:70:BF:D1:A8:98:E3:B3:A9:D5:4B:AA:89:78
            X509v3 Authority Key Identifier:
                keyid:F0:71:F4:D1:19:D0:B7:4F:B6:6E:37:A7:EF:87:8D:44:9D:54:DD:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8HH00RnQt0-2bjen74eNRJ1U3cg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/JTGa6gnVCnC_0aiY47Op1UuqiXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6a9682-201b-4e01-ba09-07474524ef9a/1/8HH00RnQt0-2bjen74eNRJ1U3cg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.151.0.0/17
                  93.179.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:08:c0:65:5d:17:df:38:a0:ad:50:d3:91:dc:c1:b8:42:ab:
         fa:c3:1f:e0:94:99:0b:03:52:09:db:24:9e:16:57:c5:e6:f5:
         e9:4e:b1:c8:03:ae:79:46:9b:49:57:b8:f6:8c:b2:10:e2:e6:
         3b:c5:46:1f:26:28:a8:53:37:0d:5c:28:f6:a3:25:4c:72:a3:
         41:5a:7f:13:8c:2e:e3:91:62:fb:03:3e:f7:7f:30:36:e9:f5:
         8d:22:55:a0:93:c8:8b:9f:bb:a3:7c:11:1d:ac:04:82:08:96:
         ca:0c:b4:5c:00:a8:57:47:cb:05:10:21:7a:88:24:ea:40:a5:
         6e:3b:40:55:d7:bb:27:fc:02:8f:89:06:0c:31:75:83:4d:44:
         1d:a4:26:92:63:8a:98:d3:b6:b1:88:e6:71:7e:ae:9e:27:02:
         bd:75:43:f3:45:05:86:fa:9d:bb:ba:fa:4e:19:8e:d0:d2:f7:
         0f:1e:b1:9b:1d:86:b9:1e:71:6c:af:ea:3d:12:69:0e:45:72:
         aa:cc:00:e6:73:34:93:33:67:87:72:9b:c5:32:7c:41:5b:44:
         de:48:ee:63:50:93:64:19:33:1f:6a:5e:fb:af:90:15:e9:d7:
         ba:f9:e1:22:78:a0:d2:36:13:36:3b:46:aa:6c:d6:65:cd:1e:
         f9:b3:86:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwI6UIBA8dGPQxghjXg4iFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNzFmNGQxMTlkMGI3NGZiNjZlMzdhN2VmODc4ZDQ0OWQ1
NGRkYzgwHhcNMjYwMTI5MDg0MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTMxOWFlYTA5ZDUwYTcwYmZkMWE4OThlM2IzYTlkNTRiYWE4OTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0hWO5gauSBpZYVpHEO4c34jaXXq
cf6xxDEAtM0L/LPYLp5EWGSIAxH9IAAYQ30vISbL3yvUxVUcIBbQ7SayyKE1G550
foaQJJ1dSIlJCBqgC+9LrCLFDsOMLJnxkdQFXI8uVCB+Zm9SvU/rgpXSOP88dFJf
zEaRuT5eqfyTMteFbcnpzfkkAV5B1PmFOtbLpjWlJtVFn/EJEP0SUC1KgGhyNLsM
G+p4Xtb0pN5jbHjr+0R0KN8ckyOW5xseYHDoeJXVDgFIS+egf9qDcDeAKo8lhMo7
OkwBQYhuvi/mgAIGOTcoqNsadQd0YxpWZwxm2XM2iq5HmBx9D4V8VDHq+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCUxmuoJ1Qpwv9GomOOzqdVLqol4MB8GA1UdIwQY
MBaAFPBx9NEZ0LdPtm43p++HjUSdVN3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEhIMDBSblF0MC0yYmplbjc0ZU5SSjFVM2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82YTk2ODItMjAxYi00ZTAxLWJhMDkt
MDc0NzQ1MjRlZjlhLzEvSlRHYTZnblZDbkNfMGFpWTQ3T3AxVXVxaVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82YTk2ODItMjAxYi00ZTAxLWJhMDktMDc0NzQ1MjRlZjlh
LzEvOEhIMDBSblF0MC0yYmplbjc0ZU5SSjFVM2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHXZcAAwQA
XbO5MA0GCSqGSIb3DQEBCwUAA4IBAQBXCMBlXRffOKCtUNOR3MG4Qqv6wx/glJkL
A1IJ2ySeFlfF5vXpTrHIA655RptJV7j2jLIQ4uY7xUYfJiioUzcNXCj2oyVMcqNB
Wn8TjC7jkWL7Az73fzA26fWNIlWgk8iLn7ujfBEdrASCCJbKDLRcAKhXR8sFECF6
iCTqQKVuO0BV17sn/AKPiQYMMXWDTUQdpCaSY4qY07axiOZxfq6eJwK9dUPzRQWG
+p27uvpOGY7Q0vcPHrGbHYa5HnFsr+o9EmkORXKqzADmczSTM2eHcpvFMnxBW0Te
SO5jUJNkGTMfal77r5AV6de6+eEieKDSNhM2O0aqbNZlzR75s4aH
-----END CERTIFICATE-----