Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/JB8yx2b88cSBO2zP8HmMFflCSbQ.roa
File:                     JB8yx2b88cSBO2zP8HmMFflCSbQ.roa (raw, json)
Hash identifier:          ptfoSvZpsHgOB3p1UFy4y5riUES2ZHub67bxSsiN4pw=
Subject key identifier:   24:1F:32:C7:66:FC:F1:C4:81:3B:6C:CF:F0:79:8C:15:F9:42:49:B4
Certificate issuer:       /CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
Certificate serial:       019E6AF69C75BC730B4F180AF7839EAFC711
Authority key identifier: 0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/JB8yx2b88cSBO2zP8HmMFflCSbQ.roa
Signing time:             Wed 27 May 2026 19:43:27 +0000
ROA not before:           Wed 27 May 2026 19:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202275
IP address blocks:        176.113.94.0/24 maxlen: 24
                          2a14:e100:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:f6:9c:75:bc:73:0b:4f:18:0a:f7:83:9e:af:c7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
        Validity
            Not Before: May 27 19:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=241f32c766fcf1c4813b6ccff0798c15f94249b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:db:ba:57:80:48:e5:5f:8e:f9:33:9e:d0:36:
                    05:1c:bb:c7:94:48:99:af:d5:27:df:15:f0:63:67:
                    d9:b8:8b:2e:cf:77:99:35:58:50:3d:1d:87:67:f1:
                    ab:2c:83:a1:f3:bb:3d:4d:2a:2e:2b:16:67:20:7b:
                    31:47:69:c9:e3:cb:0f:36:a1:ad:1b:05:db:e3:f3:
                    9a:b0:22:e1:c1:fa:4f:e5:33:fc:40:84:5a:fb:d6:
                    b7:17:5a:19:c1:f5:c9:d1:e5:62:83:f5:7b:5c:c8:
                    f1:4e:63:f1:d5:b3:c9:d7:5e:31:4b:ff:a6:f2:b5:
                    31:ee:88:9f:f1:e7:51:e6:35:52:ec:3b:6c:8e:e2:
                    97:3d:69:3a:35:ad:14:67:c5:a4:f5:20:f6:00:35:
                    22:79:50:75:b6:aa:9d:54:2d:bb:e2:34:c1:4c:46:
                    39:b4:fa:c7:82:2f:1d:fb:f2:55:c0:76:06:3c:c9:
                    5c:8f:b6:25:c3:00:31:b7:13:78:45:5e:93:ea:c0:
                    3f:80:f5:c0:26:40:e5:9b:f7:31:5b:1d:35:c9:8f:
                    94:2a:4a:f5:28:75:cf:41:86:e9:c7:8f:ad:0d:ec:
                    6b:c3:35:21:9f:82:37:4a:43:e8:74:a5:6d:fd:2e:
                    0d:40:a6:9d:44:34:d7:03:cc:f9:7d:7a:d7:bb:1d:
                    92:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1F:32:C7:66:FC:F1:C4:81:3B:6C:CF:F0:79:8C:15:F9:42:49:B4
            X509v3 Authority Key Identifier:
                keyid:0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/JB8yx2b88cSBO2zP8HmMFflCSbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.94.0/24
                IPv6:
                  2a14:e100:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:dd:fc:57:b0:4b:f5:b1:38:b0:6a:7a:d3:9f:5f:89:ec:74:
         d6:30:9b:e3:21:64:03:c9:c5:4b:6c:52:6f:d8:2e:38:d9:a0:
         83:2b:b5:6a:9b:e6:21:5a:e5:e7:44:5e:a3:b4:7a:ef:90:5a:
         ca:85:eb:6c:8c:69:53:cc:7b:85:f1:c6:df:ef:89:36:89:e0:
         b5:f5:2d:09:4b:ff:e9:ff:c3:58:8e:92:d0:11:72:43:0f:86:
         48:c7:74:d8:c8:03:ce:12:c7:6e:0d:19:21:d7:04:77:80:ca:
         5b:0f:ac:95:41:70:ce:39:de:cc:8f:dd:c0:f6:68:6c:75:86:
         86:eb:a6:95:e6:d2:f4:ad:d1:22:40:73:ca:65:9d:e6:74:6d:
         d7:49:06:47:e4:d9:5b:ca:7f:3c:94:e9:8b:5b:70:88:b2:5f:
         dc:89:f3:c4:5a:62:98:d6:46:7e:3a:e5:dc:9c:b8:3a:e4:3c:
         3b:d4:3d:24:81:7a:db:06:9b:d5:09:f0:a2:67:41:8f:46:88:
         0f:1d:2e:57:ac:d2:a8:e7:29:ab:9b:1d:a5:88:f8:a0:2a:83:
         04:f8:84:e8:87:77:f7:e9:e7:79:0f:56:1e:8d:e3:64:e9:ee:
         1d:87:dc:ea:1c:1f:2f:1b:94:2f:4a:c5:25:86:95:4a:3a:57:
         af:02:30:cc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ5q9px1vHMLTxgK94Oer8cRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNzhiMmQzZjYyNzAwZmU2N2U1OTNiNWEzM2QxY2Y5MTc4
OTI1MmYwHhcNMjYwNTI3MTk0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFmMzJjNzY2ZmNmMWM0ODEzYjZjY2ZmMDc5OGMxNWY5NDI0OWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtu6V4BI5V+O+TOe0DYFHLvHlEiZ
r9Un3xXwY2fZuIsuz3eZNVhQPR2HZ/GrLIOh87s9TSouKxZnIHsxR2nJ48sPNqGt
GwXb4/OasCLhwfpP5TP8QIRa+9a3F1oZwfXJ0eVig/V7XMjxTmPx1bPJ114xS/+m
8rUx7oif8edR5jVS7DtsjuKXPWk6Na0UZ8Wk9SD2ADUieVB1tqqdVC274jTBTEY5
tPrHgi8d+/JVwHYGPMlcj7YlwwAxtxN4RV6T6sA/gPXAJkDlm/cxWx01yY+UKkr1
KHXPQYbpx4+tDexrwzUhn4I3SkPodKVt/S4NQKadRDTXA8z5fXrXux2SbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCQfMsdm/PHEgTtsz/B5jBX5Qkm0MB8GA1UdIwQY
MBaAFAt4stP2JwD+Z+WTtaM9HPkXiSUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEt
NjA3OGVmZDA3ODVlLzEvSkI4eXgyYjg4Y1NCTzJ6UDhIbU1GZmxDU2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEtNjA3OGVmZDA3ODVl
LzEvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsHFeMA8E
AgACMAkDBwAqFOEAAAEwDQYJKoZIhvcNAQELBQADggEBALDd/FewS/WxOLBqetOf
X4nsdNYwm+MhZAPJxUtsUm/YLjjZoIMrtWqb5iFa5edEXqO0eu+QWsqF62yMaVPM
e4Xxxt/viTaJ4LX1LQlL/+n/w1iOktARckMPhkjHdNjIA84Sx24NGSHXBHeAylsP
rJVBcM453syP3cD2aGx1hobrppXm0vSt0SJAc8plneZ0bddJBkfk2VvKfzyU6Ytb
cIiyX9yJ88RaYpjWRn465dycuDrkPDvUPSSBetsGm9UJ8KJnQY9GiA8dLles0qjn
KaubHaWI+KAqgwT4hOiHd/fp53kPVh6N42Tp7h2H3OocHy8blC9KxSWGlUo6V68C
MMw=
-----END CERTIFICATE-----