Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/JJSQMWmlP-hmf_UubL_WpQCZF8Q.roa
File:                     JJSQMWmlP-hmf_UubL_WpQCZF8Q.roa (raw, json)
Hash identifier:          OJi0/wbd6qNneWhUcrjaUy/6eCpENBifwPxsWzlBoT4=
Subject key identifier:   24:94:90:31:69:A5:3F:E8:66:7F:F5:2E:6C:BF:D6:A5:00:99:17:C4
Certificate issuer:       /CN=a59caa2a73680698b2c9e1a6c9641a74f3ce76e8
Certificate serial:       019D3DE69FDAE434C00D5C37405239D88147
Authority key identifier: A5:9C:AA:2A:73:68:06:98:B2:C9:E1:A6:C9:64:1A:74:F3:CE:76:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/JJSQMWmlP-hmf_UubL_WpQCZF8Q.roa
Signing time:             Mon 30 Mar 2026 08:40:17 +0000
ROA not before:           Mon 30 Mar 2026 08:40:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202373
IP address blocks:        194.34.156.0/22 maxlen: 22
                          194.34.156.0/24 maxlen: 24
                          194.34.157.0/24 maxlen: 24
                          194.34.158.0/24 maxlen: 24
                          194.34.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3d:e6:9f:da:e4:34:c0:0d:5c:37:40:52:39:d8:81:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a59caa2a73680698b2c9e1a6c9641a74f3ce76e8
        Validity
            Not Before: Mar 30 08:40:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2494903169a53fe8667ff52e6cbfd6a5009917c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:31:12:a3:30:8d:ae:85:38:f8:f4:45:d5:
                    60:28:2a:a3:f5:c2:96:5c:6f:12:bf:46:49:9a:f0:
                    5e:3d:77:0a:18:04:a4:41:f5:bf:2d:3d:db:d0:ed:
                    16:c6:ab:c5:13:ad:64:55:28:a0:55:97:79:93:e9:
                    aa:37:68:c3:e8:07:a7:85:54:e0:a5:15:df:8b:a7:
                    af:c3:a0:e4:6c:1f:ce:99:8c:57:02:29:22:88:54:
                    8c:c3:3d:89:9f:6c:c2:f4:71:5d:a0:48:9a:43:57:
                    7f:34:3b:a9:d3:49:67:d3:53:f9:8f:84:73:84:97:
                    eb:55:47:e2:58:f5:73:58:37:99:bf:93:03:56:79:
                    25:52:a8:bf:1d:65:52:92:93:9a:70:e7:39:3f:ad:
                    43:47:50:15:11:de:84:1a:38:1d:77:c6:e7:09:ce:
                    14:ee:c5:d1:44:e5:d7:3d:91:18:da:08:09:98:42:
                    7f:fb:5e:c0:0d:ca:72:95:05:a5:4f:0b:18:69:7a:
                    c5:91:2a:ec:29:ce:8d:18:73:61:d9:cb:f2:eb:c2:
                    8e:76:d5:21:7f:18:92:51:ca:90:a7:b6:2f:0c:ff:
                    46:0d:4b:c2:e9:d6:5d:78:19:49:15:08:02:6d:b3:
                    84:ed:33:3c:8f:fd:3a:98:e0:1e:d3:dc:e1:08:df:
                    0d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:94:90:31:69:A5:3F:E8:66:7F:F5:2E:6C:BF:D6:A5:00:99:17:C4
            X509v3 Authority Key Identifier:
                keyid:A5:9C:AA:2A:73:68:06:98:B2:C9:E1:A6:C9:64:1A:74:F3:CE:76:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZyqKnNoBpiyyeGmyWQadPPOdug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/JJSQMWmlP-hmf_UubL_WpQCZF8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/dd672f-5336-4f35-b3ef-ae91ab342be1/1/pZyqKnNoBpiyyeGmyWQadPPOdug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:fa:b5:c5:b1:fc:f6:de:cd:dc:70:f2:37:1b:ab:82:b8:78:
         33:e3:df:a0:3e:de:1a:18:01:6e:d5:6e:22:22:98:19:30:43:
         3f:30:4a:c0:95:a3:45:6f:ea:65:ec:a2:60:19:bb:ae:7b:6c:
         f3:9a:41:46:d8:b9:67:d3:e9:71:5a:98:f3:7b:55:a2:5c:8d:
         3a:3d:9f:13:e8:2a:d3:0f:94:e5:53:a9:bd:30:47:29:8b:8c:
         19:10:da:27:39:57:c8:d4:bd:f4:69:01:6b:ea:7e:f4:58:e1:
         fd:4d:94:fe:08:c3:f6:ec:97:ed:2b:b3:ab:e4:c3:4b:49:68:
         25:4e:fe:c0:97:40:55:14:c0:de:da:da:19:2a:6d:58:6a:4d:
         86:2b:58:b3:c0:ab:cd:13:c0:5a:77:55:9d:d0:22:6e:57:a0:
         6b:c8:91:ec:d1:c3:f1:bb:5f:ea:96:1c:b1:4d:13:9e:e1:e7:
         aa:b7:e4:84:d6:00:cc:8e:51:09:87:10:3e:d0:5f:c6:1b:8b:
         cc:f3:00:2c:b7:c6:fb:bf:83:20:34:f7:9a:4e:65:f6:b1:75:
         fa:c4:e2:7a:66:38:6a:3a:0f:82:a9:d2:21:a4:0f:01:f3:d5:
         fc:53:ef:7e:a7:fa:50:79:91:1e:86:45:cf:b6:ad:9d:c3:4c:
         25:53:b0:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ095p/a5DTADVw3QFI52IFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OWNhYTJhNzM2ODA2OThiMmM5ZTFhNmM5NjQxYTc0ZjNj
ZTc2ZTgwHhcNMjYwMzMwMDg0MDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDk0OTAzMTY5YTUzZmU4NjY3ZmY1MmU2Y2JmZDZhNTAwOTkxN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsoxEqMwja6FOPj0RdVgKCqj9cKW
XG8Sv0ZJmvBePXcKGASkQfW/LT3b0O0WxqvFE61kVSigVZd5k+mqN2jD6AenhVTg
pRXfi6evw6DkbB/OmYxXAikiiFSMwz2Jn2zC9HFdoEiaQ1d/NDup00ln01P5j4Rz
hJfrVUfiWPVzWDeZv5MDVnklUqi/HWVSkpOacOc5P61DR1AVEd6EGjgdd8bnCc4U
7sXRROXXPZEY2ggJmEJ/+17ADcpylQWlTwsYaXrFkSrsKc6NGHNh2cvy68KOdtUh
fxiSUcqQp7YvDP9GDUvC6dZdeBlJFQgCbbOE7TM8j/06mOAe09zhCN8NewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSUkDFppT/oZn/1Lmy/1qUAmRfEMB8GA1UdIwQY
MBaAFKWcqipzaAaYssnhpslkGnTzznboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFp5cUtuTm9CcGl5eWVHbXlXUWFkUFBPZHVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9kZDY3MmYtNTMzNi00ZjM1LWIzZWYt
YWU5MWFiMzQyYmUxLzEvSkpTUU1XbWxQLWhtZl9VdWJMX1dwUUNaRjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9kZDY3MmYtNTMzNi00ZjM1LWIzZWYtYWU5MWFiMzQyYmUx
LzEvcFp5cUtuTm9CcGl5eWVHbXlXUWFkUFBPZHVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiKcMA0G
CSqGSIb3DQEBCwUAA4IBAQBV+rXFsfz23s3ccPI3G6uCuHgz49+gPt4aGAFu1W4i
IpgZMEM/MErAlaNFb+pl7KJgGbuue2zzmkFG2Lln0+lxWpjze1WiXI06PZ8T6CrT
D5TlU6m9MEcpi4wZENonOVfI1L30aQFr6n70WOH9TZT+CMP27JftK7Or5MNLSWgl
Tv7Al0BVFMDe2toZKm1Yak2GK1izwKvNE8Bad1Wd0CJuV6BryJHs0cPxu1/qlhyx
TROe4eeqt+SE1gDMjlEJhxA+0F/GG4vM8wAst8b7v4MgNPeaTmX2sXX6xOJ6Zjhq
Og+CqdIhpA8B89X8U+9+p/pQeZEehkXPtq2dw0wlU7DA
-----END CERTIFICATE-----