Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/JPCCmHU8ahX1DiUwh62NrS-GovE.roa
File:                     JPCCmHU8ahX1DiUwh62NrS-GovE.roa (raw, json)
Hash identifier:          DSN9B+i7KCMrZdm0LMRFnAUtEcKLHOT2ja1tLaLHNkQ=
Subject key identifier:   24:F0:82:98:75:3C:6A:15:F5:0E:25:30:87:AD:8D:AD:2F:86:A2:F1
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       019EBB58ADC697D1D0FA3149814682901B22
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/JPCCmHU8ahX1DiUwh62NrS-GovE.roa
Signing time:             Fri 12 Jun 2026 10:20:11 +0000
ROA not before:           Fri 12 Jun 2026 10:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8038
IP address blocks:        185.54.92.0/23 maxlen: 23
                          2a00:8642::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:58:ad:c6:97:d1:d0:fa:31:49:81:46:82:90:1b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Jun 12 10:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24f08298753c6a15f50e253087ad8dad2f86a2f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4c:d1:d1:2c:ba:bb:26:fb:d8:4b:76:6a:0e:
                    02:df:fb:02:5b:e5:07:40:41:3a:2f:f5:da:aa:6b:
                    fd:f9:3b:f5:89:1b:f7:ea:ec:ba:6d:47:2c:3f:01:
                    33:6d:19:3c:00:cf:5b:dc:77:6c:94:9c:f0:31:3f:
                    8f:fa:52:87:22:b2:76:73:56:2e:c6:50:dc:40:4a:
                    b4:37:9d:a2:45:f8:00:a7:42:6c:cd:d5:56:fa:3c:
                    bb:e4:c6:cb:77:97:ab:be:26:7c:f0:7f:61:8f:7d:
                    5a:f8:9e:81:da:c1:11:50:e2:a2:66:62:1f:87:bc:
                    ac:a6:c1:2f:62:3e:f6:5c:b4:41:4a:04:1f:36:cb:
                    57:15:82:5b:50:e4:61:98:ba:76:cd:12:68:84:a0:
                    be:74:34:f3:e3:6e:87:6b:ac:cf:94:57:c1:71:dd:
                    c6:13:4c:04:2f:e8:b8:8c:ab:cb:10:22:05:3c:2d:
                    4d:81:23:b1:98:b6:57:7c:2f:a8:7e:59:cc:e5:2a:
                    78:5b:7a:89:97:ab:50:91:22:67:b9:39:9c:ba:bb:
                    df:14:af:cd:63:f5:83:18:57:51:4a:7e:51:ae:03:
                    9b:25:df:3a:6d:3e:4b:d0:4c:f4:df:c2:76:1c:45:
                    d0:14:bd:62:89:3f:c3:e9:49:7c:ef:a3:8e:91:99:
                    fa:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F0:82:98:75:3C:6A:15:F5:0E:25:30:87:AD:8D:AD:2F:86:A2:F1
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/JPCCmHU8ahX1DiUwh62NrS-GovE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.92.0/23
                IPv6:
                  2a00:8642::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:0e:c3:1a:c2:5b:3c:77:85:66:00:a4:b0:a6:c4:90:0b:ec:
         24:c1:e4:8b:3c:83:dd:a1:52:e3:49:c7:44:de:2b:ed:14:41:
         26:97:97:69:0f:d0:9d:63:de:ac:64:63:6c:17:cb:a4:88:d1:
         6b:f7:eb:2d:03:5c:aa:f7:48:bc:57:cf:3f:a1:80:a5:a1:f1:
         ee:4a:30:2e:29:a1:66:d2:8c:3e:45:fd:48:1b:86:42:3c:2e:
         43:02:5c:da:2a:b9:95:ba:07:47:f1:f0:e1:a6:9d:7e:3d:dc:
         6f:74:9d:09:92:f5:b8:57:3c:24:58:28:00:17:45:3f:10:b9:
         99:d3:6b:61:4e:70:bf:09:1e:c3:b5:6f:e6:31:eb:4c:f0:05:
         3a:25:3c:54:b0:46:61:59:cd:33:ef:6c:30:9a:87:d3:0a:16:
         db:cc:9f:a1:45:bf:5c:6d:59:6e:be:23:3d:28:07:78:43:9b:
         d3:7d:95:1f:69:d7:fb:f3:d2:5c:07:ab:c9:50:c1:a1:53:2b:
         af:1b:eb:1a:bf:89:20:c9:4d:9e:aa:d4:2e:ed:08:93:68:3a:
         db:d0:3a:f5:df:1b:3b:c8:ef:1b:c4:60:65:b9:2e:ab:af:72:
         f0:61:86:e3:86:d7:1e:ec:a3:29:9c:e3:7e:90:0d:5d:b6:a9:
         e2:d4:17:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ67WK3Gl9HQ+jFJgUaCkBsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjYwNjEyMTAyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGYwODI5ODc1M2M2YTE1ZjUwZTI1MzA4N2FkOGRhZDJmODZhMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0zR0Sy6uyb72Et2ag4C3/sCW+UH
QEE6L/Xaqmv9+Tv1iRv36uy6bUcsPwEzbRk8AM9b3HdslJzwMT+P+lKHIrJ2c1Yu
xlDcQEq0N52iRfgAp0JszdVW+jy75MbLd5erviZ88H9hj31a+J6B2sERUOKiZmIf
h7yspsEvYj72XLRBSgQfNstXFYJbUORhmLp2zRJohKC+dDTz426Ha6zPlFfBcd3G
E0wEL+i4jKvLECIFPC1NgSOxmLZXfC+oflnM5Sp4W3qJl6tQkSJnuTmcurvfFK/N
Y/WDGFdRSn5RrgObJd86bT5L0Ez038J2HEXQFL1iiT/D6Ul876OOkZn6aQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCTwgph1PGoV9Q4lMIetja0vhqLxMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvSlBDQ21IVThhaFgxRGlVd2g2Mk5yUy1Hb3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuTZcMA0E
AgACMAcDBQAqAIZCMA0GCSqGSIb3DQEBCwUAA4IBAQCkDsMawls8d4VmAKSwpsSQ
C+wkweSLPIPdoVLjScdE3ivtFEEml5dpD9CdY96sZGNsF8ukiNFr9+stA1yq90i8
V88/oYClofHuSjAuKaFm0ow+Rf1IG4ZCPC5DAlzaKrmVugdH8fDhpp1+PdxvdJ0J
kvW4VzwkWCgAF0U/ELmZ02thTnC/CR7DtW/mMetM8AU6JTxUsEZhWc0z72wwmofT
ChbbzJ+hRb9cbVluviM9KAd4Q5vTfZUfadf789JcB6vJUMGhUyuvG+sav4kgyU2e
qtQu7QiTaDrb0Dr13xs7yO8bxGBluS6rr3LwYYbjhtce7KMpnON+kA1dtqni1Bdn
-----END CERTIFICATE-----