Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JrRi-0qoMFLhRr6cb92PJhrDFOQ.roa
File:                     JrRi-0qoMFLhRr6cb92PJhrDFOQ.roa (raw, json)
Hash identifier:          IOBcBMl3KD2AdRrtTbfJnBEtnt8xxIivFvb7gPSo8iM=
Subject key identifier:   26:B4:62:FB:4A:A8:30:52:E1:46:BE:9C:6F:DD:8F:26:1A:C3:14:E4
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019C772AB506F2ADA2E8EA739835D2475463
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JrRi-0qoMFLhRr6cb92PJhrDFOQ.roa
Signing time:             Thu 19 Feb 2026 18:30:13 +0000
ROA not before:           Thu 19 Feb 2026 18:30:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        80.246.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:77:2a:b5:06:f2:ad:a2:e8:ea:73:98:35:d2:47:54:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Feb 19 18:30:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26b462fb4aa83052e146be9c6fdd8f261ac314e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4c:68:6e:0f:82:a6:b8:45:57:37:ab:2e:57:
                    9a:f2:9c:18:a6:e3:c7:af:6d:5e:50:19:51:3a:3c:
                    0f:6f:92:a0:45:20:72:ef:6a:84:1b:0b:87:99:6d:
                    9b:aa:78:47:ea:ba:92:8e:e3:55:b4:b5:cb:a3:a4:
                    8b:fe:29:d1:a1:e5:be:b1:cc:8d:13:ac:ff:d5:3d:
                    5c:20:24:67:b0:b9:0b:9a:93:e3:7b:7f:21:f7:84:
                    ce:4d:ea:b1:4c:a4:d0:8c:8f:ef:c3:5d:ec:fd:da:
                    51:a6:0d:ce:36:fe:0f:28:41:57:50:15:74:7e:1a:
                    d8:3a:1a:53:89:8d:9c:ff:49:56:1d:65:23:53:e5:
                    1d:fc:94:0e:c7:7f:6a:a1:5f:60:95:83:16:24:f2:
                    b8:ba:05:82:71:58:f8:00:d2:c1:16:74:5e:b6:e7:
                    0f:fd:68:f9:1c:e8:e3:ef:28:ef:a3:ef:32:f5:f5:
                    08:aa:cf:fb:6c:2e:51:90:a3:57:36:ae:26:bd:40:
                    c8:f1:02:ca:60:fd:ac:5d:88:4b:63:48:9d:fd:9f:
                    8f:c8:46:b0:c8:de:96:0e:8e:9f:d4:b1:d3:dd:58:
                    df:e6:be:6d:5b:7a:33:ff:26:97:cd:7e:f3:ed:c8:
                    d6:5f:31:1e:c3:3d:03:45:58:05:45:f9:47:cd:cf:
                    cc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B4:62:FB:4A:A8:30:52:E1:46:BE:9C:6F:DD:8F:26:1A:C3:14:E4
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JrRi-0qoMFLhRr6cb92PJhrDFOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:79:a8:67:8a:e9:01:2d:9c:88:c5:19:ad:fb:66:91:75:0f:
         51:50:dc:39:ce:00:67:09:be:b2:09:00:a0:43:48:ba:23:ec:
         7a:8c:db:90:83:4b:ba:9c:2d:f2:95:94:db:b3:3c:5c:f0:0d:
         a3:27:68:5d:89:a6:76:d5:99:78:f2:4d:c3:a0:32:ef:60:c1:
         ef:71:f4:f2:ef:ba:2a:c2:9a:bd:09:88:7a:e5:64:32:76:04:
         c5:29:ff:c1:70:9b:2f:38:4f:50:c5:21:30:50:11:b0:dd:28:
         a9:75:90:92:97:ef:09:1e:24:e0:d9:66:cc:fa:7f:54:c7:4b:
         3a:79:73:2e:b1:46:04:ff:54:cd:77:1b:79:eb:53:5a:48:55:
         0a:1e:82:3b:23:95:8d:1b:59:78:0b:40:b1:f0:72:42:f4:e3:
         a9:85:ee:21:28:6b:8f:eb:b1:4a:97:f0:1d:ee:2d:b4:a3:f9:
         33:b3:2e:cd:a6:93:b1:51:fc:e0:a8:ab:c8:a5:af:17:b9:3f:
         f4:17:bf:a2:92:99:06:b4:53:e5:fa:87:6a:e3:5b:b0:b0:c0:
         81:03:ea:43:27:9d:d4:c0:2f:dc:12:d3:63:43:a4:90:cc:01:
         ec:dd:81:fb:67:35:4e:25:12:36:16:e1:36:03:33:36:cb:11:
         e1:ac:4b:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx3KrUG8q2i6OpzmDXSR1RjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwMjE5MTgzMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmI0NjJmYjRhYTgzMDUyZTE0NmJlOWM2ZmRkOGYyNjFhYzMxNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkxobg+CprhFVzerLlea8pwYpuPH
r21eUBlROjwPb5KgRSBy72qEGwuHmW2bqnhH6rqSjuNVtLXLo6SL/inRoeW+scyN
E6z/1T1cICRnsLkLmpPje38h94TOTeqxTKTQjI/vw13s/dpRpg3ONv4PKEFXUBV0
fhrYOhpTiY2c/0lWHWUjU+Ud/JQOx39qoV9glYMWJPK4ugWCcVj4ANLBFnRetucP
/Wj5HOjj7yjvo+8y9fUIqs/7bC5RkKNXNq4mvUDI8QLKYP2sXYhLY0id/Z+PyEaw
yN6WDo6f1LHT3Vjf5r5tW3oz/yaXzX7z7cjWXzEewz0DRVgFRflHzc/MTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCa0YvtKqDBS4Ua+nG/djyYawxTkMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvSnJSaS0wcW9NRkxoUnI2Y2I5MlBKaHJERk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbnMA0G
CSqGSIb3DQEBCwUAA4IBAQBdeahniukBLZyIxRmt+2aRdQ9RUNw5zgBnCb6yCQCg
Q0i6I+x6jNuQg0u6nC3ylZTbszxc8A2jJ2hdiaZ21Zl48k3DoDLvYMHvcfTy77oq
wpq9CYh65WQydgTFKf/BcJsvOE9QxSEwUBGw3SipdZCSl+8JHiTg2WbM+n9Ux0s6
eXMusUYE/1TNdxt561NaSFUKHoI7I5WNG1l4C0Cx8HJC9OOphe4hKGuP67FKl/Ad
7i20o/kzsy7NppOxUfzgqKvIpa8XuT/0F7+ikpkGtFPl+odq41uwsMCBA+pDJ53U
wC/cEtNjQ6SQzAHs3YH7ZzVOJRI2FuE2AzM2yxHhrEsc
-----END CERTIFICATE-----