Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/j23BZZk_JCF_SfyfxVWcOAzB598.roa
File:                     j23BZZk_JCF_SfyfxVWcOAzB598.roa (raw, json)
Hash identifier:          E3VUgy7wmstrKfM+/rHOKE3M1MtzxmFo74y/4C1q9hQ=
Subject key identifier:   8F:6D:C1:65:99:3F:24:21:7F:49:FC:9F:C5:55:9C:38:0C:C1:E7:DF
Certificate issuer:       /CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
Certificate serial:       019B7C8042A11DA3347F2795AD48EB21C93B
Authority key identifier: D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/j23BZZk_JCF_SfyfxVWcOAzB598.roa
Signing time:             Fri 02 Jan 2026 02:18:59 +0000
ROA not before:           Fri 02 Jan 2026 02:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198882
IP address blocks:        91.240.35.0/24 maxlen: 24
                          2001:67c:29d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:42:a1:1d:a3:34:7f:27:95:ad:48:eb:21:c9:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
        Validity
            Not Before: Jan  2 02:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f6dc165993f24217f49fc9fc5559c380cc1e7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:10:e6:5f:ce:89:ea:94:67:13:aa:17:06:00:
                    96:05:b7:d6:73:21:25:db:5b:bb:19:ae:59:38:a9:
                    17:f6:82:ea:0b:e9:22:a8:05:be:95:a3:77:2c:ed:
                    44:f2:18:c0:d2:a3:17:91:f4:98:f0:77:4b:c6:cc:
                    53:9c:16:bd:09:85:ea:9d:7a:0b:f9:1e:01:a0:10:
                    5f:28:1b:ca:75:96:ea:db:5e:7f:d0:d5:91:49:4b:
                    7d:8a:9c:91:a3:2a:45:65:05:ce:78:52:d9:df:28:
                    59:3c:ba:ab:16:be:69:2c:f7:4f:f1:6c:82:6b:6e:
                    23:18:b8:81:5e:d0:94:fa:0a:4c:9d:6a:73:c2:7b:
                    27:30:dd:56:2f:c7:02:b0:17:3d:64:a0:4b:ef:72:
                    4c:42:c6:3a:e0:07:bb:2f:4e:c6:99:68:64:5d:41:
                    e0:c3:a7:cc:ea:94:21:01:cc:18:dc:d4:56:44:4d:
                    2c:16:9b:17:63:88:22:b8:69:8a:a2:b2:45:d7:d8:
                    d2:37:aa:88:da:65:a8:91:07:30:ff:ce:70:df:0e:
                    68:77:65:1d:84:c9:52:d7:4a:22:c6:e8:19:b4:f0:
                    17:bf:3f:ec:04:73:61:ee:12:20:14:54:9d:a4:35:
                    96:50:a0:89:82:25:08:21:93:d7:6e:4b:6e:0c:7f:
                    30:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:6D:C1:65:99:3F:24:21:7F:49:FC:9F:C5:55:9C:38:0C:C1:E7:DF
            X509v3 Authority Key Identifier:
                keyid:D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/j23BZZk_JCF_SfyfxVWcOAzB598.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.35.0/24
                IPv6:
                  2001:67c:29d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:a3:df:6f:00:5d:4d:c4:f9:7d:63:52:83:86:97:a2:78:70:
         0a:ce:7a:0e:a6:02:dd:44:ff:92:3a:bc:5c:8e:46:54:4c:ff:
         22:88:16:6b:8e:0b:bd:4b:a0:61:fb:63:bd:63:5e:88:0a:11:
         43:10:45:b4:a1:75:94:7b:2c:e9:fe:d0:03:9f:50:b7:c3:6e:
         a5:b3:9e:8d:c7:04:0d:5b:5d:6a:62:f9:38:f0:65:db:bf:19:
         53:f3:61:95:a2:4a:90:79:a7:88:6c:0f:da:d7:e8:43:19:10:
         9d:d6:1d:cd:d8:12:88:e7:6e:2e:a1:3d:eb:e2:d3:d6:10:33:
         96:d0:e2:f0:0c:97:0d:b1:86:e1:c8:79:5a:b1:55:13:5f:a7:
         76:e8:d4:38:94:4e:3f:52:12:a3:6f:4e:cb:75:f2:dd:0a:eb:
         82:e2:f2:87:8b:e3:83:62:79:e3:83:f1:b0:8d:96:43:85:35:
         35:2c:c9:9b:ff:98:97:b6:65:42:85:a9:bf:e4:5a:a7:a6:c2:
         68:06:c0:06:85:c7:f0:77:6d:0d:7c:36:8f:33:49:c2:59:5a:
         a4:f8:1f:b2:10:14:50:27:2f:48:5d:3a:92:09:88:64:d7:d7:
         33:c9:0c:7a:68:05:a4:4f:01:65:78:31:41:16:77:e1:89:ea:
         f7:fe:de:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt8gEKhHaM0fyeVrUjrIck7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjJmOWIxYzBmNmZhOWNhNTMxNzY0ZTI2ZDNhZWQyMTFi
ZmVkODEwHhcNMjYwMTAyMDIxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjZkYzE2NTk5M2YyNDIxN2Y0OWZjOWZjNTU1OWMzODBjYzFlN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxDmX86J6pRnE6oXBgCWBbfWcyEl
21u7Ga5ZOKkX9oLqC+kiqAW+laN3LO1E8hjA0qMXkfSY8HdLxsxTnBa9CYXqnXoL
+R4BoBBfKBvKdZbq215/0NWRSUt9ipyRoypFZQXOeFLZ3yhZPLqrFr5pLPdP8WyC
a24jGLiBXtCU+gpMnWpzwnsnMN1WL8cCsBc9ZKBL73JMQsY64Ae7L07GmWhkXUHg
w6fM6pQhAcwY3NRWRE0sFpsXY4giuGmKorJF19jSN6qI2mWokQcw/85w3w5od2Ud
hMlS10oixugZtPAXvz/sBHNh7hIgFFSdpDWWUKCJgiUIIZPXbktuDH8wkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI9twWWZPyQhf0n8n8VVnDgMweffMB8GA1UdIwQY
MBaAFNRi+bHA9vqcpTF2TibTrtIRv+2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEt
YjEwNDNiNjM1YTFlLzEvajIzQlpaa19KQ0ZfU2Z5ZnhWV2NPQXpCNTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEtYjEwNDNiNjM1YTFl
LzEvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/AjMA8E
AgACMAkDBwAgAQZ8KdAwDQYJKoZIhvcNAQELBQADggEBAIqj328AXU3E+X1jUoOG
l6J4cArOeg6mAt1E/5I6vFyORlRM/yKIFmuOC71LoGH7Y71jXogKEUMQRbShdZR7
LOn+0AOfULfDbqWzno3HBA1bXWpi+TjwZdu/GVPzYZWiSpB5p4hsD9rX6EMZEJ3W
Hc3YEojnbi6hPevi09YQM5bQ4vAMlw2xhuHIeVqxVRNfp3bo1DiUTj9SEqNvTst1
8t0K64Li8oeL44NieeOD8bCNlkOFNTUsyZv/mJe2ZUKFqb/kWqemwmgGwAaFx/B3
bQ18No8zScJZWqT4H7IQFFAnL0hdOpIJiGTX1zPJDHpoBaRPAWV4MUEWd+GJ6vf+
3vE=
-----END CERTIFICATE-----