Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jDor-8n7IEQ4cQ2W_5gtuDaxkDs.roa
File:                     jDor-8n7IEQ4cQ2W_5gtuDaxkDs.roa (raw, json)
Hash identifier:          wJYN17ftIfk4KPf4qJ6aXhiduMvzCSKWmnIXrE3RLUM=
Subject key identifier:   8C:3A:2B:FB:C9:FB:20:44:38:71:0D:96:FF:98:2D:B8:36:B1:90:3B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E93D999C4BEA584B854B28B48824652EC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jDor-8n7IEQ4cQ2W_5gtuDaxkDs.roa
Signing time:             Thu 04 Jun 2026 18:16:11 +0000
ROA not before:           Thu 04 Jun 2026 18:16:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16611
IP address blocks:        151.244.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:d9:99:c4:be:a5:84:b8:54:b2:8b:48:82:46:52:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  4 18:16:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c3a2bfbc9fb204438710d96ff982db836b1903b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c1:ec:3f:6a:3c:a5:6a:fc:5e:b3:00:02:cc:
                    db:a2:a4:14:67:36:11:7e:aa:cf:10:41:d9:37:de:
                    0e:ef:b4:4b:2a:f1:d2:a0:bb:86:61:42:4a:49:18:
                    7d:d7:83:59:23:09:0d:b1:f1:ba:53:b2:78:15:e7:
                    bc:0d:68:6a:3b:c3:3e:da:6d:bf:d3:0e:81:a3:9a:
                    71:a0:a9:7c:68:f6:4e:b2:e2:cc:0a:71:50:72:8a:
                    bb:84:1e:09:26:e8:f8:5c:09:5f:3c:31:ae:fa:f2:
                    36:84:2a:a7:a8:95:32:03:d0:b2:8e:82:08:c9:05:
                    ba:e7:c2:45:0f:04:de:0d:16:86:00:3b:14:dd:89:
                    69:e2:13:22:f1:9a:d2:aa:86:1b:16:fc:04:bb:74:
                    cc:97:b2:09:04:d3:60:1c:b3:6b:85:96:8e:7a:bb:
                    16:6c:73:1a:c2:d0:29:46:fe:79:37:b1:ad:ba:23:
                    40:7a:ff:74:69:91:e8:71:cf:b2:36:37:6f:b1:92:
                    a0:a4:38:1a:1e:9e:12:44:ad:4e:dc:72:65:b1:97:
                    e3:6f:89:dd:55:66:df:aa:ee:9e:0d:43:27:d5:24:
                    4b:37:d5:7c:d0:dc:c1:22:10:b7:d8:b8:8f:0d:a1:
                    e6:4a:86:f4:e8:55:49:8b:90:38:32:4a:f2:18:2a:
                    33:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3A:2B:FB:C9:FB:20:44:38:71:0D:96:FF:98:2D:B8:36:B1:90:3B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jDor-8n7IEQ4cQ2W_5gtuDaxkDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:84:fe:61:44:08:36:14:91:b1:a0:b3:c1:f4:28:78:6c:a5:
         52:e1:ec:77:9c:f2:d5:96:d6:c5:9b:52:4b:f0:b1:7e:fc:b2:
         7b:a3:47:74:20:66:31:d3:b3:73:1d:48:96:72:19:77:ef:d8:
         94:64:19:31:7c:85:6d:2d:3d:57:2f:66:ac:f8:4a:5b:10:0b:
         4e:a3:54:ca:55:29:63:d6:ec:43:90:26:b3:d3:9d:e1:26:0c:
         03:ee:09:14:c2:02:30:64:a1:76:1d:b5:4a:99:e0:e4:a6:61:
         08:8d:27:b4:2e:01:55:b2:1b:9b:f6:0c:a0:a5:71:47:67:3b:
         95:22:2a:a8:01:0b:ab:99:d9:7f:2a:2e:6d:a5:aa:98:98:4f:
         9b:6f:0a:e3:4d:ad:9f:85:2f:29:57:45:a2:84:89:fe:c4:f0:
         c8:c5:9f:43:1a:98:90:b7:a2:e0:b5:b0:9e:28:fa:47:8c:4d:
         c7:34:cc:17:27:6f:df:25:e4:1f:7e:b7:1b:7a:21:36:f7:ef:
         48:5d:12:42:1f:7f:dd:7d:dc:13:af:cf:0a:cb:f2:82:e3:81:
         25:62:2f:9a:80:31:1f:5b:ee:b7:e6:1e:4a:c7:57:ea:a2:f0:
         bc:49:ec:e1:ee:5e:57:20:e7:a0:12:4b:d2:3a:60:e9:31:4d:
         1d:a5:93:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6T2ZnEvqWEuFSyi0iCRlLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA0MTgxNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzNhMmJmYmM5ZmIyMDQ0Mzg3MTBkOTZmZjk4MmRiODM2YjE5MDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08HsP2o8pWr8XrMAAszboqQUZzYR
fqrPEEHZN94O77RLKvHSoLuGYUJKSRh914NZIwkNsfG6U7J4Fee8DWhqO8M+2m2/
0w6Bo5pxoKl8aPZOsuLMCnFQcoq7hB4JJuj4XAlfPDGu+vI2hCqnqJUyA9CyjoII
yQW658JFDwTeDRaGADsU3Ylp4hMi8ZrSqoYbFvwEu3TMl7IJBNNgHLNrhZaOersW
bHMawtApRv55N7GtuiNAev90aZHocc+yNjdvsZKgpDgaHp4SRK1O3HJlsZfjb4nd
VWbfqu6eDUMn1SRLN9V80NzBIhC32LiPDaHmSob06FVJi5A4MkryGCozVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIw6K/vJ+yBEOHENlv+YLbg2sZA7MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvakRvci04bjdJRVE0Y1EyV181Z3R1RGF4a0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFhP5hRAg2FJGxoLPB9Ch4bKVS4ex3nPLVltbFm1JL
8LF+/LJ7o0d0IGYx07NzHUiWchl379iUZBkxfIVtLT1XL2as+EpbEAtOo1TKVSlj
1uxDkCaz053hJgwD7gkUwgIwZKF2HbVKmeDkpmEIjSe0LgFVshub9gygpXFHZzuV
IiqoAQurmdl/Ki5tpaqYmE+bbwrjTa2fhS8pV0WihIn+xPDIxZ9DGpiQt6LgtbCe
KPpHjE3HNMwXJ2/fJeQffrcbeiE29+9IXRJCH3/dfdwTr88Ky/KC44ElYi+agDEf
W+635h5Kx1fqovC8Sezh7l5XIOegEkvSOmDpMU0dpZOR
-----END CERTIFICATE-----