Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/JtNOXdGA5fipxN1GrOMuUIJ7q9k.roa
File:                     JtNOXdGA5fipxN1GrOMuUIJ7q9k.roa (raw, json)
Hash identifier:          Ch+yP387eB8/AynJ6umYa5iyr+8OvTnvzpSDBhkHGXw=
Subject key identifier:   26:D3:4E:5D:D1:80:E5:F8:A9:C4:DD:46:AC:E3:2E:50:82:7B:AB:D9
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019D8BF14E009BC9216EFBAD65A5F767D159
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/JtNOXdGA5fipxN1GrOMuUIJ7q9k.roa
Signing time:             Tue 14 Apr 2026 12:22:20 +0000
ROA not before:           Tue 14 Apr 2026 12:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204720
IP address blocks:        37.18.14.0/24 maxlen: 24
                          37.18.15.0/24 maxlen: 24
                          46.243.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:f1:4e:00:9b:c9:21:6e:fb:ad:65:a5:f7:67:d1:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Apr 14 12:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26d34e5dd180e5f8a9c4dd46ace32e50827babd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cd:db:c1:25:e9:66:b8:9c:8f:c9:30:c2:18:
                    a6:bc:80:21:be:9e:66:b8:eb:1f:6e:7e:5f:f5:80:
                    bc:4b:17:e1:ec:58:b5:7b:78:4b:4a:2a:60:af:03:
                    8c:f2:c9:e5:f1:d2:c3:02:b8:36:e4:1e:e0:f3:e2:
                    ba:a8:dd:4e:05:33:2e:1c:15:06:ae:95:9f:b7:f4:
                    b9:68:c4:98:dd:75:dc:3c:cd:32:6d:fd:2d:f8:fe:
                    89:4e:ca:df:3f:3c:fc:53:94:37:7e:2e:90:a9:08:
                    e1:f1:c6:9c:ff:c1:6e:66:59:14:2f:a7:2d:0e:ea:
                    60:26:6b:2e:0b:a1:04:31:6a:ca:73:c6:e1:01:4c:
                    b6:58:3e:9b:d7:c2:ce:bb:88:be:21:e8:ab:e6:17:
                    b2:eb:be:ac:82:14:7f:41:c9:bd:d8:c2:7e:a5:20:
                    76:66:36:08:43:da:e4:18:7e:6c:7a:01:68:03:d6:
                    3c:f2:d3:6a:50:46:f6:d0:2c:5a:ba:63:9d:26:71:
                    88:7a:99:e6:79:c5:18:a9:62:32:ec:2c:e8:23:5f:
                    f7:39:a6:46:5f:d3:d1:56:91:6f:4c:c6:b0:84:e5:
                    8f:5f:8d:ef:b8:c8:2b:3b:f9:b7:6a:42:8a:98:c8:
                    dd:74:db:5e:df:99:1a:c9:ec:5e:0d:b5:89:f0:bd:
                    56:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D3:4E:5D:D1:80:E5:F8:A9:C4:DD:46:AC:E3:2E:50:82:7B:AB:D9
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/JtNOXdGA5fipxN1GrOMuUIJ7q9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.14.0/23
                  46.243.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:f5:67:c9:b9:58:32:1e:51:05:a4:cc:da:7a:de:09:52:64:
         c7:12:ec:42:38:b4:41:72:79:f9:17:9f:88:85:df:ad:d7:4e:
         9a:8a:87:bc:74:72:3d:6f:fe:63:1b:70:f0:47:e6:06:7d:36:
         cf:b2:71:69:94:96:c5:8d:60:41:c0:cf:b5:a6:86:50:c4:a5:
         c0:a0:d1:1e:fa:b9:97:71:31:ce:e4:94:84:09:df:c4:82:08:
         02:38:b1:72:23:aa:f5:97:44:0e:50:e3:0b:52:e7:56:cc:9a:
         94:f4:65:7a:2d:4f:c9:cd:78:b0:dc:47:f4:de:85:fe:85:b7:
         5d:15:4e:56:a8:9f:d6:f5:0b:9c:01:e5:66:bf:f1:b4:0d:d5:
         84:7b:c3:38:d0:02:85:50:42:6e:77:19:70:47:d4:29:a3:c0:
         5c:0e:7e:26:e6:98:b7:8f:b6:40:4f:9c:24:16:82:f9:29:56:
         2e:0a:15:b7:61:95:2d:27:5e:b6:a2:59:ed:fc:05:bc:6c:db:
         80:7a:ef:b5:37:76:7d:f0:dd:e9:7f:03:e0:02:18:f5:3e:aa:
         6e:70:31:f7:f5:20:fe:c1:fb:f6:ac:37:d8:24:fd:a5:06:d5:
         80:d1:ef:b4:6d:fd:f8:38:ce:4e:1f:2a:2c:23:49:9d:15:66:
         4e:92:38:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2L8U4Am8khbvutZaX3Z9FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwNDE0MTIyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQzNGU1ZGQxODBlNWY4YTljNGRkNDZhY2UzMmU1MDgyN2JhYmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc3bwSXpZricj8kwwhimvIAhvp5m
uOsfbn5f9YC8Sxfh7Fi1e3hLSipgrwOM8snl8dLDArg25B7g8+K6qN1OBTMuHBUG
rpWft/S5aMSY3XXcPM0ybf0t+P6JTsrfPzz8U5Q3fi6QqQjh8cac/8FuZlkUL6ct
DupgJmsuC6EEMWrKc8bhAUy2WD6b18LOu4i+Ieir5hey676sghR/Qcm92MJ+pSB2
ZjYIQ9rkGH5segFoA9Y88tNqUEb20CxaumOdJnGIepnmecUYqWIy7CzoI1/3OaZG
X9PRVpFvTMawhOWPX43vuMgrO/m3akKKmMjddNte35kayexeDbWJ8L1W1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCbTTl3RgOX4qcTdRqzjLlCCe6vZMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvSnROT1hkR0E1ZmlweE4xR3JPTXVVSUo3cTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJRIOAwQC
LvPoMA0GCSqGSIb3DQEBCwUAA4IBAQCs9WfJuVgyHlEFpMzaet4JUmTHEuxCOLRB
cnn5F5+Ihd+t106aioe8dHI9b/5jG3DwR+YGfTbPsnFplJbFjWBBwM+1poZQxKXA
oNEe+rmXcTHO5JSECd/EgggCOLFyI6r1l0QOUOMLUudWzJqU9GV6LU/JzXiw3Ef0
3oX+hbddFU5WqJ/W9QucAeVmv/G0DdWEe8M40AKFUEJudxlwR9Qpo8BcDn4m5pi3
j7ZAT5wkFoL5KVYuChW3YZUtJ162olnt/AW8bNuAeu+1N3Z98N3pfwPgAhj1Pqpu
cDH39SD+wfv2rDfYJP2lBtWA0e+0bf34OM5OHyosI0mdFWZOkjiJ
-----END CERTIFICATE-----