Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/Jac1EeUsCOU9PNKJghMRhALb5vg.roa
File:                     Jac1EeUsCOU9PNKJghMRhALb5vg.roa (raw, json)
Hash identifier:          VrBYKI+eA8ElszFTROTPF/fpPXRNVBQ9W9hfTJtea1Q=
Subject key identifier:   25:A7:35:11:E5:2C:08:E5:3D:3C:D2:89:82:13:11:84:02:DB:E6:F8
Certificate issuer:       /CN=ccb0ca2291276d7d2a2f8a7050f4ba827fe910a1
Certificate serial:       019B78A34E8DA33AB2B6046406FAF166BECB
Authority key identifier: CC:B0:CA:22:91:27:6D:7D:2A:2F:8A:70:50:F4:BA:82:7F:E9:10:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/Jac1EeUsCOU9PNKJghMRhALb5vg.roa
Signing time:             Thu 01 Jan 2026 08:18:46 +0000
ROA not before:           Thu 01 Jan 2026 08:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211753
IP address blocks:        87.254.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:4e:8d:a3:3a:b2:b6:04:64:06:fa:f1:66:be:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccb0ca2291276d7d2a2f8a7050f4ba827fe910a1
        Validity
            Not Before: Jan  1 08:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25a73511e52c08e53d3cd2898213118402dbe6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:b6:9a:32:30:10:aa:21:f2:e6:9b:64:b8:
                    bf:2e:93:80:ee:7a:55:20:f5:de:92:bf:fb:c9:46:
                    df:8b:82:ca:39:6f:7d:d1:83:92:e8:82:bb:b5:35:
                    0d:fc:e8:29:9f:d0:02:84:df:fc:0e:1b:e7:78:b2:
                    3a:4a:e3:06:e4:e0:b6:c6:4a:a6:e3:9c:39:dc:c2:
                    47:b4:47:c4:be:c0:2d:7c:74:32:65:63:53:1f:d8:
                    9e:ed:84:26:91:0c:e3:25:51:fa:82:81:36:e8:27:
                    6f:12:f2:1f:cf:1d:39:64:99:8a:f6:54:da:ad:ac:
                    6e:8f:ba:3c:ed:05:ad:5d:0d:74:99:78:ff:58:00:
                    6a:2b:f1:81:64:eb:a3:3f:44:60:b9:4e:99:ba:16:
                    3e:f5:44:e7:d2:ad:4d:7e:74:9b:8e:1d:7b:71:8b:
                    82:40:8c:4e:11:e3:34:e3:62:07:6e:20:8e:1a:06:
                    4f:ff:4d:0e:92:dc:ee:b7:6c:89:c4:93:da:ff:f5:
                    2f:fa:5a:8a:0d:90:bc:b9:49:4e:89:55:b6:6e:91:
                    03:f2:29:e7:cd:a8:49:71:b6:55:a1:4f:07:44:bf:
                    96:59:82:4d:15:88:53:10:ce:71:47:32:6f:e0:9b:
                    60:d1:3d:83:09:cd:95:93:39:5d:16:f0:1b:63:60:
                    28:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A7:35:11:E5:2C:08:E5:3D:3C:D2:89:82:13:11:84:02:DB:E6:F8
            X509v3 Authority Key Identifier:
                keyid:CC:B0:CA:22:91:27:6D:7D:2A:2F:8A:70:50:F4:BA:82:7F:E9:10:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/Jac1EeUsCOU9PNKJghMRhALb5vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ae:2b:83:03:08:22:4c:91:14:4c:cb:ba:3f:af:a0:b6:05:
         79:65:dc:9f:29:38:e6:35:a3:05:4c:70:21:12:b1:84:a3:bc:
         e4:e7:3c:5a:6a:3b:e7:91:7e:2a:c0:25:5a:f8:0f:5d:54:43:
         a3:7c:88:e4:09:23:bd:c3:43:74:a0:99:21:bf:f3:4b:e9:37:
         55:8d:95:8a:92:4f:13:8d:91:ec:52:88:97:e8:e3:89:6d:84:
         2b:54:28:ff:8c:ab:d5:37:c3:7a:d5:1a:57:e4:d2:73:25:4c:
         af:f0:83:10:f9:ed:e8:18:9f:27:ee:79:43:8c:37:e6:f1:81:
         48:db:51:ee:c4:24:42:0e:82:c3:40:84:b9:07:83:ad:65:1e:
         77:b9:10:a6:ec:b1:73:a4:4f:59:cb:89:01:18:ea:a9:36:86:
         5f:32:12:fa:84:38:6c:b3:f8:3a:ad:03:7e:c6:eb:65:ab:d7:
         1e:db:00:9c:7f:98:e3:ff:2a:b1:2a:26:f4:9b:4d:7b:86:64:
         fa:c0:04:47:81:9c:9d:e4:22:f6:3c:50:7c:c9:1f:3e:b9:da:
         3a:84:39:87:34:85:44:fa:a6:10:0e:dc:42:42:e5:27:ae:67:
         b8:5e:ea:08:a5:eb:69:0d:6a:6a:9e:b8:4c:11:62:a5:28:14:
         84:1c:79:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o06NozqytgRkBvrxZr7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYjBjYTIyOTEyNzZkN2QyYTJmOGE3MDUwZjRiYTgyN2Zl
OTEwYTEwHhcNMjYwMTAxMDgxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE3MzUxMWU1MmMwOGU1M2QzY2QyODk4MjEzMTE4NDAyZGJlNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArki2mjIwEKoh8uabZLi/LpOA7npV
IPXekr/7yUbfi4LKOW990YOS6IK7tTUN/Ogpn9AChN/8DhvneLI6SuMG5OC2xkqm
45w53MJHtEfEvsAtfHQyZWNTH9ie7YQmkQzjJVH6goE26CdvEvIfzx05ZJmK9lTa
raxuj7o87QWtXQ10mXj/WABqK/GBZOujP0RguU6ZuhY+9UTn0q1NfnSbjh17cYuC
QIxOEeM042IHbiCOGgZP/00Oktzut2yJxJPa//Uv+lqKDZC8uUlOiVW2bpED8inn
zahJcbZVoU8HRL+WWYJNFYhTEM5xRzJv4Jtg0T2DCc2VkzldFvAbY2AoRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWnNRHlLAjlPTzSiYITEYQC2+b4MB8GA1UdIwQY
MBaAFMywyiKRJ219Ki+KcFD0uoJ/6RChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekxES0lwRW5iWDBxTDRwd1VQUzZnbl9wRUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9kMzgzNjAtNGQxZi00MjJlLTkwYWUt
MDhiOWUxMTAxYWE3LzEvSmFjMUVlVXNDT1U5UE5LSmdoTVJoQUxiNXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9kMzgzNjAtNGQxZi00MjJlLTkwYWUtMDhiOWUxMTAxYWE3
LzEvekxES0lwRW5iWDBxTDRwd1VQUzZnbl9wRUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4kMA0G
CSqGSIb3DQEBCwUAA4IBAQC4riuDAwgiTJEUTMu6P6+gtgV5ZdyfKTjmNaMFTHAh
ErGEo7zk5zxaajvnkX4qwCVa+A9dVEOjfIjkCSO9w0N0oJkhv/NL6TdVjZWKkk8T
jZHsUoiX6OOJbYQrVCj/jKvVN8N61RpX5NJzJUyv8IMQ+e3oGJ8n7nlDjDfm8YFI
21HuxCRCDoLDQIS5B4OtZR53uRCm7LFzpE9Zy4kBGOqpNoZfMhL6hDhss/g6rQN+
xutlq9ce2wCcf5jj/yqxKib0m017hmT6wARHgZyd5CL2PFB8yR8+udo6hDmHNIVE
+qYQDtxCQuUnrme4XuoIpetpDWpqnrhMEWKlKBSEHHmu
-----END CERTIFICATE-----