Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JFzwXMH-VQPX2LMMYttTal0Vj5I.roa
File:                     JFzwXMH-VQPX2LMMYttTal0Vj5I.roa (raw, json)
Hash identifier:          f2YbT+ssDeuyFufGiHeMdXVUBzWXdwch5zaBIFixQeg=
Subject key identifier:   24:5C:F0:5C:C1:FE:55:03:D7:D8:B3:0C:62:DB:53:6A:5D:15:8F:92
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019D6C255A66053220057377E11AF4DB9553
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JFzwXMH-VQPX2LMMYttTal0Vj5I.roa
Signing time:             Wed 08 Apr 2026 08:11:20 +0000
ROA not before:           Wed 08 Apr 2026 08:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215670
IP address blocks:        109.248.247.0/24 maxlen: 24
                          188.130.238.0/24 maxlen: 24
                          2001:146a::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:25:5a:66:05:32:20:05:73:77:e1:1a:f4:db:95:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr  8 08:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=245cf05cc1fe5503d7d8b30c62db536a5d158f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8c:eb:dd:b1:25:76:fe:b8:bd:9a:a7:19:60:
                    a4:89:fe:f5:ad:32:26:f2:b9:a5:70:c6:cb:d0:5b:
                    1f:79:69:b7:1e:0b:6e:b0:8a:09:4d:e3:4c:cf:1a:
                    d9:1c:bc:c6:9e:68:9b:55:06:61:73:5b:ec:fa:aa:
                    f5:04:9c:5c:97:d0:84:93:df:93:38:38:10:24:fe:
                    27:72:93:b8:b1:83:07:72:14:74:38:b7:5b:bf:d9:
                    bb:1b:59:43:2d:a5:af:07:f8:17:fc:f0:81:3c:41:
                    a4:6a:38:02:3f:d8:2f:bc:4c:31:e4:02:e3:fe:40:
                    cc:ab:dd:2e:77:b9:da:58:81:f7:02:f9:30:f6:6d:
                    35:91:7b:6e:fe:c6:59:39:cb:07:b8:98:e3:29:13:
                    6a:7a:9d:0d:0a:7c:08:da:14:19:bc:e3:b2:37:6b:
                    4d:f2:3d:16:f0:b2:cf:03:79:8b:e5:b2:13:c3:0c:
                    98:59:76:3e:95:0d:cf:7c:e5:b0:d6:52:18:5a:c1:
                    11:4a:ea:44:08:db:42:93:8d:f7:09:61:f5:dc:e6:
                    6e:4d:dc:af:51:96:20:cc:e8:3c:c8:42:39:a3:e8:
                    3f:8b:3d:8c:4e:d9:9b:00:a2:69:54:35:2e:95:fd:
                    64:ca:31:42:11:e4:a6:dd:0f:75:76:37:cf:f7:09:
                    0a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5C:F0:5C:C1:FE:55:03:D7:D8:B3:0C:62:DB:53:6A:5D:15:8F:92
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JFzwXMH-VQPX2LMMYttTal0Vj5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.247.0/24
                  188.130.238.0/24
                IPv6:
                  2001:146a::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:16:bc:b3:41:f1:b2:90:74:2f:e5:6a:51:79:5d:74:a3:d7:
         81:99:ab:90:99:ab:e5:93:f7:8e:13:83:1b:65:5f:27:a7:4e:
         de:e9:6d:7d:f7:16:90:59:04:05:77:5b:3a:a7:b9:28:23:d5:
         ae:34:dd:6e:92:14:dd:35:4f:6b:b3:3d:bc:84:b6:b0:42:2f:
         21:f0:bf:06:a8:6f:16:b9:88:c9:07:14:e1:10:9a:ed:17:11:
         fc:20:56:29:f7:78:10:16:69:c0:b2:66:15:3f:5c:44:26:a7:
         9f:84:01:23:7b:3f:a9:15:b1:63:c6:d7:03:74:7d:36:12:01:
         52:e5:b1:a7:ad:0b:f0:08:7a:f7:be:6b:48:bf:63:a1:86:fd:
         1d:b5:19:0f:b6:2c:26:9d:89:d7:eb:16:64:36:3f:bb:04:27:
         29:fe:56:d5:82:ae:b6:71:e9:ec:20:98:bd:30:86:01:f9:5f:
         fe:54:aa:33:60:ed:67:d1:5c:88:8a:40:5c:10:1b:3e:20:d5:
         fa:6b:ce:89:ff:d1:cb:ca:0d:34:e7:e8:a6:ba:d5:b8:ff:a3:
         76:5f:6c:55:03:bb:d5:92:d5:76:b6:e0:38:b3:a5:8a:13:bb:
         53:8e:45:a3:43:d7:e9:bf:50:19:6f:7a:32:3b:39:c4:04:82:
         73:d7:74:02
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ1sJVpmBTIgBXN34Rr025VTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwNDA4MDgxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDVjZjA1Y2MxZmU1NTAzZDdkOGIzMGM2MmRiNTM2YTVkMTU4ZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsozr3bEldv64vZqnGWCkif71rTIm
8rmlcMbL0FsfeWm3HgtusIoJTeNMzxrZHLzGnmibVQZhc1vs+qr1BJxcl9CEk9+T
ODgQJP4ncpO4sYMHchR0OLdbv9m7G1lDLaWvB/gX/PCBPEGkajgCP9gvvEwx5ALj
/kDMq90ud7naWIH3Avkw9m01kXtu/sZZOcsHuJjjKRNqep0NCnwI2hQZvOOyN2tN
8j0W8LLPA3mL5bITwwyYWXY+lQ3PfOWw1lIYWsERSupECNtCk433CWH13OZuTdyv
UZYgzOg8yEI5o+g/iz2MTtmbAKJpVDUulf1kyjFCEeSm3Q91djfP9wkK8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCRc8FzB/lUD19izDGLbU2pdFY+SMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSkZ6d1hNSC1WUVBYMkxNTVl0dFRhbDBWajVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAbfj3AwQA
vILuMA0EAgACMAcDBQAgARRqMA0GCSqGSIb3DQEBCwUAA4IBAQCiFryzQfGykHQv
5WpReV10o9eBmauQmavlk/eOE4MbZV8np07e6W199xaQWQQFd1s6p7koI9WuNN1u
khTdNU9rsz28hLawQi8h8L8GqG8WuYjJBxThEJrtFxH8IFYp93gQFmnAsmYVP1xE
JqefhAEjez+pFbFjxtcDdH02EgFS5bGnrQvwCHr3vmtIv2Ohhv0dtRkPtiwmnYnX
6xZkNj+7BCcp/lbVgq62censIJi9MIYB+V/+VKozYO1n0VyIikBcEBs+INX6a86J
/9HLyg005+imutW4/6N2X2xVA7vVktV2tuA4s6WKE7tTjkWjQ9fpv1AZb3oyOznE
BIJz13QC
-----END CERTIFICATE-----