Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/JEv-p42MOZ0QrNfVUGr1gTTDu7o.roa
File:                     JEv-p42MOZ0QrNfVUGr1gTTDu7o.roa (raw, json)
Hash identifier:          gc04AhUcmWl7QLETDmgumdvIpDyqEnMmC5mWOPsnvmI=
Subject key identifier:   24:4B:FE:A7:8D:8C:39:9D:10:AC:D7:D5:50:6A:F5:81:34:C3:BB:BA
Certificate issuer:       /CN=57537938613d5268e83f4800130f1f9d569f7850
Certificate serial:       019C9F18CDE3367ED81C8F5E3C507132FA52
Authority key identifier: 57:53:79:38:61:3D:52:68:E8:3F:48:00:13:0F:1F:9D:56:9F:78:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1N5OGE9UmjoP0gAEw8fnVafeFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/JEv-p42MOZ0QrNfVUGr1gTTDu7o.roa
Signing time:             Fri 27 Feb 2026 12:35:28 +0000
ROA not before:           Fri 27 Feb 2026 12:35:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54990
IP address blocks:        185.193.124.0/24 maxlen: 24
                          2001:67c:235c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/V1N5OGE9UmjoP0gAEw8fnVafeFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/V1N5OGE9UmjoP0gAEw8fnVafeFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1N5OGE9UmjoP0gAEw8fnVafeFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:18:cd:e3:36:7e:d8:1c:8f:5e:3c:50:71:32:fa:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57537938613d5268e83f4800130f1f9d569f7850
        Validity
            Not Before: Feb 27 12:35:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=244bfea78d8c399d10acd7d5506af58134c3bbba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3b:e7:24:e8:da:90:ac:59:55:79:66:4c:a3:
                    5c:68:7b:17:be:f9:af:8b:e9:97:f5:36:23:3d:f7:
                    12:f6:5e:f4:9c:65:6c:df:1b:29:2b:11:64:da:39:
                    7e:c7:1a:f8:cc:7f:a5:4d:5e:d2:65:fc:47:1e:4a:
                    e2:c4:a5:e3:71:2e:d4:23:e5:e6:88:f9:a3:3c:cc:
                    80:d8:82:e4:67:5f:dc:a7:6e:2b:af:1d:6e:42:5d:
                    85:90:15:e0:1a:aa:8a:94:51:05:bd:29:f8:1f:45:
                    a4:96:db:29:f5:5e:bc:50:4f:2d:79:f2:fc:09:c4:
                    65:46:d0:16:80:57:aa:43:c8:72:3a:92:c5:98:4f:
                    25:39:42:46:de:6f:02:c4:08:a9:ad:d1:1f:61:60:
                    1c:eb:e9:8f:65:3a:dd:58:8d:0a:a7:30:93:5e:a6:
                    cf:58:68:0f:4d:4e:b7:3f:2d:ce:84:a9:81:96:d7:
                    54:10:5f:35:8e:b2:1f:7b:24:ee:f4:86:30:02:35:
                    01:10:b5:a7:47:60:46:6d:bb:3e:7c:55:81:f9:65:
                    0d:75:0a:87:e3:04:f2:8e:72:82:e2:9b:15:19:f1:
                    15:87:d3:3e:68:c9:9a:8c:f3:01:25:76:d2:25:5c:
                    43:6d:36:db:ba:61:a1:82:ca:aa:52:ed:92:2c:03:
                    c4:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:4B:FE:A7:8D:8C:39:9D:10:AC:D7:D5:50:6A:F5:81:34:C3:BB:BA
            X509v3 Authority Key Identifier:
                keyid:57:53:79:38:61:3D:52:68:E8:3F:48:00:13:0F:1F:9D:56:9F:78:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1N5OGE9UmjoP0gAEw8fnVafeFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/JEv-p42MOZ0QrNfVUGr1gTTDu7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/13b2a5-c045-490b-8af6-88c21e43cd1e/1/V1N5OGE9UmjoP0gAEw8fnVafeFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.124.0/24
                IPv6:
                  2001:67c:235c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:e0:4b:25:96:36:58:b8:8c:92:9d:77:a5:66:a6:cb:4f:cf:
         89:b1:41:f9:bd:b8:0e:05:b6:ee:78:7f:e1:25:3e:82:ed:22:
         95:66:48:97:4c:fe:71:bd:4b:46:43:76:4b:f5:d0:90:cf:80:
         4e:72:f1:7f:e7:7c:aa:0a:15:63:71:eb:5e:c5:8b:be:59:5c:
         07:49:63:e1:60:ce:46:66:48:17:56:d3:e4:51:7b:80:f6:ad:
         40:7d:c8:5d:be:27:c7:7d:3c:bb:eb:73:ab:8c:62:61:1c:56:
         d7:be:cb:70:d1:64:94:8f:61:a6:58:9d:96:97:7c:6c:75:1f:
         d6:2c:bb:7e:d0:2d:c1:3c:6e:04:1c:a9:83:42:0e:79:b0:80:
         a4:b2:ac:ce:e3:68:a5:14:e5:86:56:3b:54:48:72:14:c7:f3:
         1f:1c:f0:12:93:e2:f1:30:c8:c3:00:87:d9:13:d1:08:99:03:
         67:47:e1:c1:cb:5f:65:cf:91:5b:4f:04:23:2c:da:46:7a:14:
         9e:87:f6:86:5d:ae:45:9a:cd:86:a7:c6:00:17:af:ea:e0:d8:
         e7:77:e5:58:7f:3e:cf:60:95:89:19:c3:d8:50:b9:2d:f1:fb:
         63:b7:1b:13:b4:fd:2f:a2:c6:ab:ee:37:af:37:54:18:bf:fe:
         17:a4:5d:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZyfGM3jNn7YHI9ePFBxMvpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTM3OTM4NjEzZDUyNjhlODNmNDgwMDEzMGYxZjlkNTY5
Zjc4NTAwHhcNMjYwMjI3MTIzNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRiZmVhNzhkOGMzOTlkMTBhY2Q3ZDU1MDZhZjU4MTM0YzNiYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljvnJOjakKxZVXlmTKNcaHsXvvmv
i+mX9TYjPfcS9l70nGVs3xspKxFk2jl+xxr4zH+lTV7SZfxHHkrixKXjcS7UI+Xm
iPmjPMyA2ILkZ1/cp24rrx1uQl2FkBXgGqqKlFEFvSn4H0Wkltsp9V68UE8tefL8
CcRlRtAWgFeqQ8hyOpLFmE8lOUJG3m8CxAiprdEfYWAc6+mPZTrdWI0KpzCTXqbP
WGgPTU63Py3OhKmBltdUEF81jrIfeyTu9IYwAjUBELWnR2BGbbs+fFWB+WUNdQqH
4wTyjnKC4psVGfEVh9M+aMmajPMBJXbSJVxDbTbbumGhgsqqUu2SLAPEEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCRL/qeNjDmdEKzX1VBq9YE0w7u6MB8GA1UdIwQY
MBaAFFdTeThhPVJo6D9IABMPH51Wn3hQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFONU9HRTlVbWpvUDBnQUV3OGZuVmFmZUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xM2IyYTUtYzA0NS00OTBiLThhZjYt
ODhjMjFlNDNjZDFlLzEvSkV2LXA0Mk1PWjBRck5mVlVHcjFnVFREdTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xM2IyYTUtYzA0NS00OTBiLThhZjYtODhjMjFlNDNjZDFl
LzEvVjFONU9HRTlVbWpvUDBnQUV3OGZuVmFmZUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucF8MA8E
AgACMAkDBwAgAQZ8I1wwDQYJKoZIhvcNAQELBQADggEBAAvgSyWWNli4jJKdd6Vm
pstPz4mxQfm9uA4Ftu54f+ElPoLtIpVmSJdM/nG9S0ZDdkv10JDPgE5y8X/nfKoK
FWNx617Fi75ZXAdJY+FgzkZmSBdW0+RRe4D2rUB9yF2+J8d9PLvrc6uMYmEcVte+
y3DRZJSPYaZYnZaXfGx1H9Ysu37QLcE8bgQcqYNCDnmwgKSyrM7jaKUU5YZWO1RI
chTH8x8c8BKT4vEwyMMAh9kT0QiZA2dH4cHLX2XPkVtPBCMs2kZ6FJ6H9oZdrkWa
zYanxgAXr+rg2Od35Vh/Ps9glYkZw9hQuS3x+2O3GxO0/S+ixqvuN683VBi//hek
Xew=
-----END CERTIFICATE-----