Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/JmZyr_HiGWhXrQT4G35RdzY5FBo.roa
File:                     JmZyr_HiGWhXrQT4G35RdzY5FBo.roa (raw, json)
Hash identifier:          7gA8L5P9/nr9jLYxlFbsO9wNhD1sAVMuCpL277mztEA=
Subject key identifier:   26:66:72:AF:F1:E2:19:68:57:AD:04:F8:1B:7E:51:77:36:39:14:1A
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D8740CB515F4F466E55FE0621DA95E01C
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/JmZyr_HiGWhXrQT4G35RdzY5FBo.roa
Signing time:             Mon 13 Apr 2026 14:31:03 +0000
ROA not before:           Mon 13 Apr 2026 14:31:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        207.89.22.0/24 maxlen: 24
                          207.89.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:40:cb:51:5f:4f:46:6e:55:fe:06:21:da:95:e0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Apr 13 14:31:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=266672aff1e2196857ad04f81b7e51773639141a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:37:e0:b9:86:66:e0:b0:98:a2:5e:13:98:57:
                    ef:59:40:a5:15:20:bd:3b:d4:53:46:3d:32:7e:48:
                    b5:d9:2e:6f:54:91:bb:93:0d:fc:4c:f1:3f:77:50:
                    00:16:e3:f1:d6:9d:ff:ee:3c:95:75:85:6a:45:85:
                    44:ac:4d:56:6d:5a:43:77:a9:e9:f9:cf:4e:c2:66:
                    92:89:91:08:45:47:e4:bf:df:ce:ad:30:1b:1f:a1:
                    ff:31:fb:e5:4f:fe:72:b6:a1:85:cd:19:c2:dd:e7:
                    ed:e0:ce:bf:89:7d:36:a4:99:4a:56:c5:84:1f:de:
                    eb:14:95:21:76:dd:f4:54:31:f9:1e:4c:33:c3:9e:
                    64:98:db:2c:6a:10:6c:d0:5a:b0:a3:da:fa:04:c4:
                    57:78:2c:1f:6d:58:c6:ed:08:85:4c:14:d0:1c:2a:
                    bc:a2:ca:2e:9d:38:ec:4d:cb:d5:d5:88:ea:25:c2:
                    10:af:31:52:13:f9:77:96:7c:b0:c7:12:d4:01:aa:
                    1c:64:58:dc:e3:ac:d5:22:45:7e:78:e0:bb:5c:95:
                    b1:d4:08:1d:a9:7d:11:da:cd:a3:27:a6:7e:77:76:
                    bd:1c:3b:fa:f5:4a:05:99:a1:64:b8:12:b1:f6:24:
                    b7:30:ce:9f:b0:b4:47:0a:6a:09:f2:ab:4e:7c:0a:
                    38:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:66:72:AF:F1:E2:19:68:57:AD:04:F8:1B:7E:51:77:36:39:14:1A
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/JmZyr_HiGWhXrQT4G35RdzY5FBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.89.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:81:0a:e9:e9:a1:80:28:82:c4:71:09:0c:8f:84:45:26:c2:
         ca:17:e5:08:57:65:2c:a8:ad:b0:37:a0:53:f0:ae:c0:59:3b:
         66:a4:6e:1d:b6:12:66:21:86:f6:e0:20:3b:32:6f:f3:72:97:
         8d:74:4e:99:fd:7d:a2:7d:57:be:63:6f:ed:ad:16:31:59:c9:
         87:5a:51:42:db:7f:9b:66:bd:01:8f:a4:e3:77:87:7d:3e:dc:
         03:d7:11:2d:db:00:44:f7:ab:f7:9c:33:ff:e5:1e:ea:50:67:
         06:0c:88:2a:72:0d:dd:86:5d:6b:67:ca:b6:55:17:b5:5c:2b:
         dc:37:62:bf:91:a5:62:09:69:c3:eb:18:c1:a3:9a:80:32:a4:
         a6:22:72:4e:98:00:14:ed:74:15:df:e3:de:24:5b:c1:5c:75:
         b3:ed:24:b6:c5:14:77:5e:73:27:4a:76:02:09:b3:18:88:c8:
         c6:e6:f1:d0:5b:c2:e4:26:f3:04:f8:22:16:a8:91:8e:49:d7:
         b6:3e:85:76:00:39:f4:91:04:ef:dd:d3:c3:22:1b:72:21:ce:
         23:5f:17:2e:15:38:9b:76:f5:dd:26:70:94:fa:1d:ff:10:b1:
         e7:34:00:b4:79:ed:78:46:08:d4:08:07:a9:e3:1a:e8:f5:41:
         eb:4e:47:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HQMtRX09GblX+BiHaleAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNDEzMTQzMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjY2NzJhZmYxZTIxOTY4NTdhZDA0ZjgxYjdlNTE3NzM2MzkxNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizfguYZm4LCYol4TmFfvWUClFSC9
O9RTRj0yfki12S5vVJG7kw38TPE/d1AAFuPx1p3/7jyVdYVqRYVErE1WbVpDd6np
+c9OwmaSiZEIRUfkv9/OrTAbH6H/MfvlT/5ytqGFzRnC3eft4M6/iX02pJlKVsWE
H97rFJUhdt30VDH5Hkwzw55kmNssahBs0Fqwo9r6BMRXeCwfbVjG7QiFTBTQHCq8
osounTjsTcvV1YjqJcIQrzFSE/l3lnywxxLUAaocZFjc46zVIkV+eOC7XJWx1Agd
qX0R2s2jJ6Z+d3a9HDv69UoFmaFkuBKx9iS3MM6fsLRHCmoJ8qtOfAo4pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZmcq/x4hloV60E+Bt+UXc2ORQaMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvSm1aeXJfSGlHV2hYclFUNEczNVJkelk1RkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBz1kWMA0G
CSqGSIb3DQEBCwUAA4IBAQBMgQrp6aGAKILEcQkMj4RFJsLKF+UIV2UsqK2wN6BT
8K7AWTtmpG4dthJmIYb24CA7Mm/zcpeNdE6Z/X2ifVe+Y2/trRYxWcmHWlFC23+b
Zr0Bj6Tjd4d9PtwD1xEt2wBE96v3nDP/5R7qUGcGDIgqcg3dhl1rZ8q2VRe1XCvc
N2K/kaViCWnD6xjBo5qAMqSmInJOmAAU7XQV3+PeJFvBXHWz7SS2xRR3XnMnSnYC
CbMYiMjG5vHQW8LkJvME+CIWqJGOSde2PoV2ADn0kQTv3dPDIhtyIc4jXxcuFTib
dvXdJnCU+h3/ELHnNAC0ee14RgjUCAep4xro9UHrTkcw
-----END CERTIFICATE-----