Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/JGRc8gWxsOVbOpLY1p0YvVJjb3A.roa
File:                     JGRc8gWxsOVbOpLY1p0YvVJjb3A.roa (raw, json)
Hash identifier:          Wj8ZnZcpmyQBFn1WIawrKmviMNPdyAHSA5qDhEVw6AY=
Subject key identifier:   24:64:5C:F2:05:B1:B0:E5:5B:3A:92:D8:D6:9D:18:BD:52:63:6F:70
Certificate issuer:       /CN=b9a8795037dd40f018373f47c59e04a212f5a055
Certificate serial:       019B7910D9E9C88F540AAE2A8DE22A1FA609
Authority key identifier: B9:A8:79:50:37:DD:40:F0:18:37:3F:47:C5:9E:04:A2:12:F5:A0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uah5UDfdQPAYNz9HxZ4EohL1oFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/JGRc8gWxsOVbOpLY1p0YvVJjb3A.roa
Signing time:             Thu 01 Jan 2026 10:18:26 +0000
ROA not before:           Thu 01 Jan 2026 10:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209246
IP address blocks:        185.177.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/uah5UDfdQPAYNz9HxZ4EohL1oFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/uah5UDfdQPAYNz9HxZ4EohL1oFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uah5UDfdQPAYNz9HxZ4EohL1oFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:d9:e9:c8:8f:54:0a:ae:2a:8d:e2:2a:1f:a6:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9a8795037dd40f018373f47c59e04a212f5a055
        Validity
            Not Before: Jan  1 10:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24645cf205b1b0e55b3a92d8d69d18bd52636f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6e:b1:a2:a1:c8:ae:11:6d:23:88:4a:ae:5b:
                    2a:b0:2a:b7:7f:0d:e5:26:30:30:f8:e5:1e:86:6b:
                    b1:ea:21:cb:f2:60:50:58:45:00:f1:2c:62:0b:1f:
                    14:60:08:aa:6f:f9:9e:90:34:c3:c6:7b:8f:bd:88:
                    11:62:fe:90:dd:51:e1:9a:38:ec:2c:b0:41:92:cd:
                    cc:f0:24:d0:c5:bd:21:e4:eb:15:12:f9:5b:fa:d1:
                    b6:c6:41:2e:94:10:b9:e4:bc:b0:10:ce:17:5e:90:
                    ce:aa:ae:dc:17:04:e6:67:96:5c:c6:e3:34:dc:24:
                    03:4c:09:21:15:8c:80:c8:eb:67:18:b7:2c:61:15:
                    81:c2:bf:a5:f6:bb:7c:d6:26:3f:4d:b9:1b:ae:b8:
                    50:33:b2:4d:51:c6:ca:36:43:ba:8e:5d:82:4d:bc:
                    a8:10:eb:b6:cc:76:fa:2f:7c:75:a9:b0:cd:b1:14:
                    e6:41:23:b8:a7:00:9b:b7:02:2a:eb:24:c8:33:77:
                    3d:60:d7:60:ae:fe:20:fe:1a:05:4d:87:c7:75:41:
                    4b:64:c1:a3:1d:be:a4:a8:e3:8e:07:5f:52:6f:7e:
                    29:6f:3c:47:8b:c0:e7:ae:1a:6f:00:3a:f5:08:33:
                    6e:26:cb:31:26:e9:76:8b:5d:4f:cd:7e:e8:21:45:
                    96:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:64:5C:F2:05:B1:B0:E5:5B:3A:92:D8:D6:9D:18:BD:52:63:6F:70
            X509v3 Authority Key Identifier:
                keyid:B9:A8:79:50:37:DD:40:F0:18:37:3F:47:C5:9E:04:A2:12:F5:A0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uah5UDfdQPAYNz9HxZ4EohL1oFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/JGRc8gWxsOVbOpLY1p0YvVJjb3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f3d326-154e-412e-b344-7d22b7684479/1/uah5UDfdQPAYNz9HxZ4EohL1oFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:aa:d8:bf:ca:4b:3a:af:1f:49:3c:52:69:5b:2a:b6:ad:f0:
         69:86:46:8b:9d:bb:bf:c1:cb:b9:11:92:cd:ed:d2:19:67:1b:
         22:0d:54:cb:12:89:57:cd:a5:f0:ad:e8:42:44:af:b2:ff:70:
         fd:7d:60:1c:d6:39:8e:d1:70:e3:f8:7b:d6:d7:78:c1:da:24:
         5d:85:d3:f8:44:e4:a7:3b:a8:4b:32:72:9a:2f:af:10:a2:f6:
         4a:50:01:c1:4f:d4:37:63:44:83:e6:1f:f2:e2:96:e8:cf:79:
         d9:ba:76:bf:48:87:58:c5:a7:d4:3b:5c:14:a2:eb:ed:54:be:
         f4:8d:23:ac:32:7e:82:b3:52:7e:94:45:21:f6:35:7a:b0:98:
         a1:91:59:e2:8a:34:b4:ae:32:ef:2b:43:61:2a:ce:8d:84:0a:
         23:e3:07:c6:6a:ea:38:86:6d:9c:a2:c6:22:ab:0b:5e:a9:af:
         53:15:c8:f8:f5:78:99:92:b5:be:e9:f9:b4:78:bf:cf:9b:0a:
         97:c2:96:30:42:3b:66:a5:3f:99:b6:7f:e7:da:b9:8b:dc:3e:
         95:a6:42:f4:cb:6a:b9:c4:bc:57:6d:8e:c8:d1:8a:00:eb:59:
         72:b6:3a:3b:1d:13:b8:c7:3b:f2:eb:1b:61:7a:b6:05:60:d3:
         83:a3:76:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ENnpyI9UCq4qjeIqH6YJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YTg3OTUwMzdkZDQwZjAxODM3M2Y0N2M1OWUwNGEyMTJm
NWEwNTUwHhcNMjYwMTAxMTAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDY0NWNmMjA1YjFiMGU1NWIzYTkyZDhkNjlkMThiZDUyNjM2ZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm6xoqHIrhFtI4hKrlsqsCq3fw3l
JjAw+OUehmux6iHL8mBQWEUA8SxiCx8UYAiqb/mekDTDxnuPvYgRYv6Q3VHhmjjs
LLBBks3M8CTQxb0h5OsVEvlb+tG2xkEulBC55LywEM4XXpDOqq7cFwTmZ5ZcxuM0
3CQDTAkhFYyAyOtnGLcsYRWBwr+l9rt81iY/TbkbrrhQM7JNUcbKNkO6jl2CTbyo
EOu2zHb6L3x1qbDNsRTmQSO4pwCbtwIq6yTIM3c9YNdgrv4g/hoFTYfHdUFLZMGj
Hb6kqOOOB19Sb34pbzxHi8DnrhpvADr1CDNuJssxJul2i11PzX7oIUWWzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRkXPIFsbDlWzqS2NadGL1SY29wMB8GA1UdIwQY
MBaAFLmoeVA33UDwGDc/R8WeBKIS9aBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWFoNVVEZmRRUEFZTno5SHhaNEVvaEwxb0ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mM2QzMjYtMTU0ZS00MTJlLWIzNDQt
N2QyMmI3Njg0NDc5LzEvSkdSYzhnV3hzT1ZiT3BMWTFwMFl2VkpqYjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mM2QzMjYtMTU0ZS00MTJlLWIzNDQtN2QyMmI3Njg0NDc5
LzEvdWFoNVVEZmRRUEFZTno5SHhaNEVvaEwxb0ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubHRMA0G
CSqGSIb3DQEBCwUAA4IBAQATqti/yks6rx9JPFJpWyq2rfBphkaLnbu/wcu5EZLN
7dIZZxsiDVTLEolXzaXwrehCRK+y/3D9fWAc1jmO0XDj+HvW13jB2iRdhdP4ROSn
O6hLMnKaL68QovZKUAHBT9Q3Y0SD5h/y4pboz3nZuna/SIdYxafUO1wUouvtVL70
jSOsMn6Cs1J+lEUh9jV6sJihkVniijS0rjLvK0NhKs6NhAoj4wfGauo4hm2cosYi
qwteqa9TFcj49XiZkrW+6fm0eL/PmwqXwpYwQjtmpT+Ztn/n2rmL3D6VpkL0y2q5
xLxXbY7I0YoA61lytjo7HRO4xzvy6xtherYFYNODo3bY
-----END CERTIFICATE-----