Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JuAzI195axffh3iiwGVCSXdgJSU.roa
File:                     JuAzI195axffh3iiwGVCSXdgJSU.roa (raw, json)
Hash identifier:          b5ivz3U2UR/ynDohYWIVrk4VN1+w1rfFf7VYiBtO/CI=
Subject key identifier:   26:E0:33:23:5F:79:6B:17:DF:87:78:A2:C0:65:42:49:77:60:25:25
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019EB5E740EA3E7B1C46B887C8410E6194C8
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JuAzI195axffh3iiwGVCSXdgJSU.roa
Signing time:             Thu 11 Jun 2026 08:58:11 +0000
ROA not before:           Thu 11 Jun 2026 08:58:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19422
IP address blocks:        45.67.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:e7:40:ea:3e:7b:1c:46:b8:87:c8:41:0e:61:94:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jun 11 08:58:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26e033235f796b17df8778a2c065424977602525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d7:3c:a4:22:64:9f:d5:4b:25:b8:3b:0c:bc:
                    3c:63:e8:dc:12:d3:c9:a5:06:44:38:a3:11:5a:3f:
                    95:04:db:16:83:a7:9c:97:3e:a5:86:ac:64:30:19:
                    ae:3d:21:97:d7:64:77:e6:a2:b7:1b:30:7b:b9:d0:
                    19:52:82:16:da:2d:42:d1:6d:2c:90:29:26:12:8f:
                    8c:0f:5c:f2:ea:19:39:66:63:de:25:f2:6e:f3:11:
                    c5:c9:85:3f:4a:9c:5f:36:23:25:99:4f:13:16:bb:
                    dd:f7:ce:07:be:f0:85:8c:94:8f:15:f5:60:dc:e7:
                    67:b5:91:62:6d:18:18:4e:da:50:e5:9a:df:a0:ac:
                    b1:f3:94:86:5b:82:ec:af:a9:57:6d:d7:3b:86:3b:
                    b2:11:8a:29:c3:4c:ab:15:ee:03:53:01:cd:ab:9d:
                    3a:a0:59:82:8d:25:84:ed:0c:d8:b8:10:69:6e:e0:
                    a2:97:45:2e:d1:47:0c:9f:92:0a:52:b8:c0:f7:8a:
                    e3:c6:74:dc:9d:e2:31:6f:95:c5:6f:cb:05:18:ea:
                    e3:d4:84:44:07:ad:a3:e0:d7:d6:0f:bc:a0:98:9b:
                    51:48:bc:e5:0f:7a:60:81:69:c4:51:a5:a0:98:7c:
                    9c:78:79:7f:4b:a0:e1:f0:32:e5:9b:a8:4d:42:07:
                    ef:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E0:33:23:5F:79:6B:17:DF:87:78:A2:C0:65:42:49:77:60:25:25
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/JuAzI195axffh3iiwGVCSXdgJSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:2c:ec:b3:23:da:3a:5b:d1:bb:9a:08:ca:d4:d8:ea:39:66:
         78:68:82:7a:95:a8:09:6a:db:35:0e:42:d7:ba:b9:79:c7:3f:
         9b:43:70:cb:07:d4:36:2c:05:ad:50:85:c5:9f:c0:0b:11:d6:
         e9:26:bd:22:c4:72:c4:34:c4:8e:19:9c:58:4c:b3:2e:a7:39:
         d2:95:9f:14:b9:3b:1b:64:44:cc:ef:49:d8:f8:15:ca:cc:d0:
         4a:37:60:2b:30:64:49:5b:77:59:3c:59:22:07:4a:3e:f2:34:
         ea:12:d7:aa:36:06:79:49:43:33:40:91:eb:50:57:75:e7:f3:
         2d:6b:9f:96:8b:03:16:c2:3b:32:d3:bf:f8:9b:ef:11:51:4b:
         f6:5d:ae:91:4c:d9:34:8d:c5:14:17:1d:e3:4e:59:86:3a:c6:
         f1:66:b0:f8:57:77:a9:0a:83:0f:5f:2a:72:bc:57:21:86:b9:
         3d:07:2f:89:64:cf:52:98:28:d2:19:c6:2e:ea:03:53:d2:1d:
         27:4d:7d:4d:15:e4:d8:e7:f5:7d:7c:b1:e5:83:95:05:d2:09:
         07:d4:53:bb:59:6a:c8:ed:24:ad:4a:1a:80:9f:00:1a:c4:23:
         3e:b2:4c:df:f9:ae:eb:8a:f8:f7:09:ca:3e:2e:d8:c9:61:83:
         95:56:a2:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6150DqPnscRriHyEEOYZTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNjExMDg1ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmUwMzMyMzVmNzk2YjE3ZGY4Nzc4YTJjMDY1NDI0OTc3NjAyNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotc8pCJkn9VLJbg7DLw8Y+jcEtPJ
pQZEOKMRWj+VBNsWg6eclz6lhqxkMBmuPSGX12R35qK3GzB7udAZUoIW2i1C0W0s
kCkmEo+MD1zy6hk5ZmPeJfJu8xHFyYU/SpxfNiMlmU8TFrvd984HvvCFjJSPFfVg
3OdntZFibRgYTtpQ5ZrfoKyx85SGW4Lsr6lXbdc7hjuyEYopw0yrFe4DUwHNq506
oFmCjSWE7QzYuBBpbuCil0Uu0UcMn5IKUrjA94rjxnTcneIxb5XFb8sFGOrj1IRE
B62j4NfWD7ygmJtRSLzlD3pggWnEUaWgmHyceHl/S6Dh8DLlm6hNQgfvdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbgMyNfeWsX34d4osBlQkl3YCUlMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSnVBekkxOTVheGZmaDNpaXdHVkNTWGRnSlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUP1MA0G
CSqGSIb3DQEBCwUAA4IBAQCuLOyzI9o6W9G7mgjK1NjqOWZ4aIJ6lagJats1DkLX
url5xz+bQ3DLB9Q2LAWtUIXFn8ALEdbpJr0ixHLENMSOGZxYTLMupznSlZ8UuTsb
ZETM70nY+BXKzNBKN2ArMGRJW3dZPFkiB0o+8jTqEteqNgZ5SUMzQJHrUFd15/Mt
a5+WiwMWwjsy07/4m+8RUUv2Xa6RTNk0jcUUFx3jTlmGOsbxZrD4V3epCoMPXypy
vFchhrk9By+JZM9SmCjSGcYu6gNT0h0nTX1NFeTY5/V9fLHlg5UF0gkH1FO7WWrI
7SStShqAnwAaxCM+skzf+a7rivj3Cco+LtjJYYOVVqIF
-----END CERTIFICATE-----