Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/JlH896jRLkb2d5WA1iL7alFHEWA.roa
File:                     JlH896jRLkb2d5WA1iL7alFHEWA.roa (raw, json)
Hash identifier:          bQ5f9x+Gh7jsDwuMrCzaUdl7bMeFJJYJ4dHwQqT9vtE=
Subject key identifier:   26:51:FC:F7:A8:D1:2E:46:F6:77:95:80:D6:22:FB:6A:51:47:11:60
Certificate issuer:       /CN=eb10b09ba0c10cf076e5107931d3d691a4396528
Certificate serial:       019D72C6BC2A48237FB12B81B1D9CBD23896
Authority key identifier: EB:10:B0:9B:A0:C1:0C:F0:76:E5:10:79:31:D3:D6:91:A4:39:65:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/JlH896jRLkb2d5WA1iL7alFHEWA.roa
Signing time:             Thu 09 Apr 2026 15:05:20 +0000
ROA not before:           Thu 09 Apr 2026 15:05:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214755
IP address blocks:        193.22.163.0/24 maxlen: 24
                          212.104.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:c6:bc:2a:48:23:7f:b1:2b:81:b1:d9:cb:d2:38:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb10b09ba0c10cf076e5107931d3d691a4396528
        Validity
            Not Before: Apr  9 15:05:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2651fcf7a8d12e46f6779580d622fb6a51471160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ff:03:49:f6:88:93:69:7c:63:a8:0b:9c:14:
                    6d:a7:43:ab:18:4c:0c:44:d1:7e:6e:34:44:a7:d4:
                    3c:a5:63:5c:7f:1c:30:a1:66:30:69:7b:d2:1d:4b:
                    65:24:e4:84:a2:f3:43:91:4e:a8:0d:24:70:bf:ec:
                    77:be:ae:0e:93:d5:0c:0b:21:fa:a3:8d:8e:73:62:
                    c9:09:30:42:7c:62:8d:55:2c:11:bb:c5:1b:5f:7a:
                    6c:0e:76:5c:dc:58:a0:e7:4a:55:b1:5e:4b:a0:a8:
                    5e:3a:26:21:37:dd:3b:d3:c3:c7:63:57:c6:65:0c:
                    d0:71:c8:43:76:47:06:ef:91:04:a8:35:c8:9f:41:
                    7c:18:2b:5b:3f:bf:b0:c1:9a:8c:54:e0:a5:72:5d:
                    1c:0e:0c:67:16:b3:61:0e:26:e4:43:d3:3a:50:16:
                    65:6b:d7:0c:93:43:63:01:f1:eb:50:a2:49:32:7d:
                    6a:30:56:78:45:0d:0e:7f:05:ae:6f:56:a6:71:40:
                    a5:d7:75:4b:4e:91:fd:4d:9e:f9:bb:f2:fc:09:66:
                    77:6e:4d:c6:a4:ae:55:60:1f:5b:a9:8d:e4:d0:e6:
                    6b:90:9d:35:84:f5:98:7e:46:88:d6:ec:42:5c:5a:
                    04:fd:da:e7:5d:ec:82:67:e5:7f:b0:50:6d:87:33:
                    79:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:51:FC:F7:A8:D1:2E:46:F6:77:95:80:D6:22:FB:6A:51:47:11:60
            X509v3 Authority Key Identifier:
                keyid:EB:10:B0:9B:A0:C1:0C:F0:76:E5:10:79:31:D3:D6:91:A4:39:65:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/JlH896jRLkb2d5WA1iL7alFHEWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a00d12-8603-4bfa-9b62-0a037d78cf03/1/6xCwm6DBDPB25RB5MdPWkaQ5ZSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.163.0/24
                  212.104.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:9f:6f:6b:87:3f:76:e6:d9:67:fe:8b:c4:65:e3:42:97:29:
         14:c7:f0:78:fb:de:21:38:52:13:2a:20:15:e0:9e:08:de:c3:
         e3:1c:a1:02:2f:3f:cd:b3:d2:86:11:35:ff:00:7d:e8:18:f8:
         3d:c0:a3:32:6c:08:1b:65:98:1c:2c:dc:3b:88:9a:43:4c:e2:
         ef:49:ca:1f:dc:b6:55:90:3c:d2:15:d2:54:d5:ed:04:fd:55:
         78:ad:89:9b:61:29:7a:1d:95:d3:b1:a8:60:b9:bf:71:16:41:
         ac:e7:b7:17:36:d3:1b:08:95:98:2c:48:ea:2c:12:cb:87:0e:
         48:ec:db:cf:14:c1:bd:29:7c:0a:09:71:93:2c:b2:c9:2f:da:
         6a:93:71:b0:9d:bd:fa:cf:aa:e9:6f:8a:5f:6f:09:a2:2d:7e:
         d9:77:e6:c9:c8:70:38:09:4d:10:63:49:d0:02:25:6d:a6:fd:
         ab:3c:04:3b:0b:b6:88:73:6c:21:c9:11:a5:32:4f:28:89:1d:
         fb:67:87:e1:f2:c8:46:aa:a9:81:1a:6d:df:30:a0:cf:3f:1a:
         11:a7:ce:7c:73:c8:ef:30:0d:24:31:c5:12:b3:33:44:b8:d8:
         d3:57:c3:05:9e:0a:a7:01:22:5f:30:5f:7c:df:5f:ac:3a:28:
         ac:2a:0a:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1yxrwqSCN/sSuBsdnL0jiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMTBiMDliYTBjMTBjZjA3NmU1MTA3OTMxZDNkNjkxYTQz
OTY1MjgwHhcNMjYwNDA5MTUwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjUxZmNmN2E4ZDEyZTQ2ZjY3Nzk1ODBkNjIyZmI2YTUxNDcxMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP8DSfaIk2l8Y6gLnBRtp0OrGEwM
RNF+bjREp9Q8pWNcfxwwoWYwaXvSHUtlJOSEovNDkU6oDSRwv+x3vq4Ok9UMCyH6
o42Oc2LJCTBCfGKNVSwRu8UbX3psDnZc3Fig50pVsV5LoKheOiYhN90708PHY1fG
ZQzQcchDdkcG75EEqDXIn0F8GCtbP7+wwZqMVOClcl0cDgxnFrNhDibkQ9M6UBZl
a9cMk0NjAfHrUKJJMn1qMFZ4RQ0OfwWub1amcUCl13VLTpH9TZ75u/L8CWZ3bk3G
pK5VYB9bqY3k0OZrkJ01hPWYfkaI1uxCXFoE/drnXeyCZ+V/sFBthzN5VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCZR/Peo0S5G9neVgNYi+2pRRxFgMB8GA1UdIwQY
MBaAFOsQsJugwQzwduUQeTHT1pGkOWUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnhDd202REJEUEIyNVJCNU1kUFdrYVE1WlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hMDBkMTItODYwMy00YmZhLTliNjIt
MGEwMzdkNzhjZjAzLzEvSmxIODk2alJMa2IyZDVXQTFpTDdhbEZIRVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hMDBkMTItODYwMy00YmZhLTliNjItMGEwMzdkNzhjZjAz
LzEvNnhDd202REJEUEIyNVJCNU1kUFdrYVE1WlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRajAwQA
1GiXMA0GCSqGSIb3DQEBCwUAA4IBAQABn29rhz925tln/ovEZeNClykUx/B4+94h
OFITKiAV4J4I3sPjHKECLz/Ns9KGETX/AH3oGPg9wKMybAgbZZgcLNw7iJpDTOLv
Scof3LZVkDzSFdJU1e0E/VV4rYmbYSl6HZXTsahgub9xFkGs57cXNtMbCJWYLEjq
LBLLhw5I7NvPFMG9KXwKCXGTLLLJL9pqk3Gwnb36z6rpb4pfbwmiLX7Zd+bJyHA4
CU0QY0nQAiVtpv2rPAQ7C7aIc2whyRGlMk8oiR37Z4fh8shGqqmBGm3fMKDPPxoR
p858c8jvMA0kMcUSszNEuNjTV8MFngqnASJfMF9831+sOiisKgr4
-----END CERTIFICATE-----