Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/JE5XEEPFy3xnMp0mZff79m8mDGs.roa
File:                     JE5XEEPFy3xnMp0mZff79m8mDGs.roa (raw, json)
Hash identifier:          MTyVmIbeRnNhNkqPPq1vEPc8yH9207lU5VVuSxhqe48=
Subject key identifier:   24:4E:57:10:43:C5:CB:7C:67:32:9D:26:65:F7:FB:F6:6F:26:0C:6B
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019D8BE826AE981DB726C354F866ACA6533E
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/JE5XEEPFy3xnMp0mZff79m8mDGs.roa
Signing time:             Tue 14 Apr 2026 12:12:20 +0000
ROA not before:           Tue 14 Apr 2026 12:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214822
IP address blocks:        213.108.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:e8:26:ae:98:1d:b7:26:c3:54:f8:66:ac:a6:53:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 14 12:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=244e571043c5cb7c67329d2665f7fbf66f260c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dd:d8:86:d4:50:91:9f:01:4d:9c:aa:a9:8c:
                    0a:c1:99:4e:b8:39:74:26:d7:be:b0:11:14:15:a9:
                    78:3f:27:d9:f1:83:d9:7b:6a:c7:a4:66:59:e7:c7:
                    ec:bc:b3:54:a0:5b:32:1c:6e:2b:06:5a:a7:8e:e6:
                    5d:2e:3c:69:e1:db:94:62:60:e0:cb:cf:59:7d:d7:
                    29:db:54:74:1d:3f:e2:ea:bb:91:2b:23:43:db:7e:
                    07:ec:86:7f:66:8d:f3:2a:83:09:0e:86:64:96:a7:
                    61:b3:02:f4:0d:b2:e4:54:6d:a9:fd:10:47:23:c1:
                    cf:06:70:4f:64:95:80:04:d8:af:4d:37:d2:e3:78:
                    19:ed:2e:75:ea:98:22:d7:30:7a:3b:b5:53:da:c1:
                    d2:8e:2e:43:7e:a0:29:97:89:8a:5c:04:91:9d:f0:
                    e4:d6:f7:98:3e:5e:4e:a0:0d:57:ba:44:14:fb:2b:
                    59:56:ec:4f:b4:98:1b:2a:1b:a6:f0:c8:57:81:0a:
                    f5:5c:df:a1:77:6d:59:8f:c9:73:13:e4:d5:3e:a0:
                    84:2a:05:ff:d7:17:8c:16:d7:3a:ca:bd:31:bb:fa:
                    62:43:a7:f7:4e:0e:02:ef:c2:4f:64:22:e2:3d:b6:
                    3f:38:c9:ce:2c:4d:43:e0:0d:cb:f1:f6:2d:37:36:
                    68:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:4E:57:10:43:C5:CB:7C:67:32:9D:26:65:F7:FB:F6:6F:26:0C:6B
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/JE5XEEPFy3xnMp0mZff79m8mDGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:46:45:90:0e:fe:c8:65:3f:b8:eb:ab:13:59:ac:99:d6:3b:
         37:63:86:8f:5b:a3:b6:41:94:d3:9b:6b:64:f5:9d:a7:88:4e:
         59:71:ad:b2:d7:e2:0f:f7:39:c3:51:b7:a5:93:67:d0:73:2a:
         b7:35:50:49:b8:7b:e4:05:7d:71:e3:b4:d3:08:5e:ac:85:e4:
         d7:79:f0:3c:bf:f6:bf:bd:c8:3a:89:fd:50:83:48:3a:79:62:
         f6:4a:97:05:8b:7e:8a:4b:f1:20:c4:a1:ff:27:5e:c5:72:02:
         b9:8e:ad:8b:a9:6a:a3:24:b1:7a:5d:ec:dd:b9:b0:a5:03:b5:
         45:45:0e:4c:78:6d:fb:f8:4f:fc:b2:58:eb:db:e3:e2:8c:71:
         0a:92:ab:3c:b4:45:c5:42:a1:1a:c0:10:90:12:aa:fa:ef:76:
         ab:47:f4:45:2d:31:50:e0:40:c9:a1:9c:13:b0:67:f9:9e:74:
         e7:89:f0:09:5d:da:ed:73:e4:be:8e:1f:08:2a:ae:d5:84:1f:
         69:c9:34:6b:f9:a5:50:49:82:3c:05:fb:1d:0c:19:50:d8:8c:
         d5:a8:b6:a0:07:a4:ab:cb:8c:43:8f:a3:72:82:89:a6:86:df:
         3b:85:ce:57:cb:3a:b0:66:c6:92:06:35:0d:49:f3:ae:74:b3:
         fe:7b:b2:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2L6CaumB23JsNU+GasplM+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNDE0MTIxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRlNTcxMDQzYzVjYjdjNjczMjlkMjY2NWY3ZmJmNjZmMjYwYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst3YhtRQkZ8BTZyqqYwKwZlOuDl0
Jte+sBEUFal4PyfZ8YPZe2rHpGZZ58fsvLNUoFsyHG4rBlqnjuZdLjxp4duUYmDg
y89Zfdcp21R0HT/i6ruRKyND234H7IZ/Zo3zKoMJDoZklqdhswL0DbLkVG2p/RBH
I8HPBnBPZJWABNivTTfS43gZ7S516pgi1zB6O7VT2sHSji5DfqApl4mKXASRnfDk
1veYPl5OoA1XukQU+ytZVuxPtJgbKhum8MhXgQr1XN+hd21Zj8lzE+TVPqCEKgX/
1xeMFtc6yr0xu/piQ6f3Tg4C78JPZCLiPbY/OMnOLE1D4A3L8fYtNzZoZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCROVxBDxct8ZzKdJmX3+/ZvJgxrMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvSkU1WEVFUEZ5M3huTXAwbVpmZjc5bThtREdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WwHMA0G
CSqGSIb3DQEBCwUAA4IBAQB+RkWQDv7IZT+466sTWayZ1js3Y4aPW6O2QZTTm2tk
9Z2niE5Zca2y1+IP9znDUbelk2fQcyq3NVBJuHvkBX1x47TTCF6sheTXefA8v/a/
vcg6if1Qg0g6eWL2SpcFi36KS/EgxKH/J17FcgK5jq2LqWqjJLF6XezdubClA7VF
RQ5MeG37+E/8sljr2+PijHEKkqs8tEXFQqEawBCQEqr673arR/RFLTFQ4EDJoZwT
sGf5nnTnifAJXdrtc+S+jh8IKq7VhB9pyTRr+aVQSYI8BfsdDBlQ2IzVqLagB6Sr
y4xDj6Nygommht87hc5XyzqwZsaSBjUNSfOudLP+e7Kk
-----END CERTIFICATE-----