Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/JNZkNs3RJOo2AnXmnTbKg_X2Nm8.roa
File:                     JNZkNs3RJOo2AnXmnTbKg_X2Nm8.roa (raw, json)
Hash identifier:          +pMZwPRauFNHIAoy64TMZM699q7Sq6HNlbnD+XOQxn4=
Subject key identifier:   24:D6:64:36:CD:D1:24:EA:36:02:75:E6:9D:36:CA:83:F5:F6:36:6F
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       019C4642DCCC75EAAE3E253AB87A2F7BFFD5
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/JNZkNs3RJOo2AnXmnTbKg_X2Nm8.roa
Signing time:             Tue 10 Feb 2026 06:35:12 +0000
ROA not before:           Tue 10 Feb 2026 06:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        91.223.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:42:dc:cc:75:ea:ae:3e:25:3a:b8:7a:2f:7b:ff:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Feb 10 06:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24d66436cdd124ea360275e69d36ca83f5f6366f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:a5:ee:84:b8:b7:e7:74:ec:f8:68:68:71:
                    e8:d4:9c:5a:3d:31:44:aa:fa:42:0f:f2:16:29:2b:
                    83:90:99:5c:36:4c:25:68:26:33:ac:d1:39:8c:50:
                    ba:6c:ea:51:8d:fb:ef:a9:82:44:d5:05:47:29:a9:
                    d1:56:34:21:9f:19:f4:94:30:c3:f9:b2:bc:7c:91:
                    7b:6c:cf:ea:d8:79:1c:63:0b:12:f5:94:6e:a3:71:
                    63:25:ab:3d:b5:c8:64:cc:87:b6:c2:8a:0b:9d:ce:
                    14:97:e1:ab:7e:1d:f9:1e:a0:76:9d:6e:80:03:66:
                    27:2b:fc:e5:d0:1f:bd:e5:0d:d9:0b:ad:83:0c:66:
                    da:61:bb:46:cf:e8:80:10:dc:0d:d4:55:71:af:ea:
                    9f:81:a8:67:68:94:45:9a:61:d6:fd:e1:ec:b6:86:
                    68:df:ac:fd:7e:8f:30:5a:73:29:77:90:62:c8:94:
                    18:ae:41:f0:8b:20:a5:e7:85:58:44:9d:d2:81:79:
                    c2:9b:fe:8b:6e:54:9d:6a:88:f1:b3:7e:a4:3a:77:
                    fc:d9:5b:2d:b2:16:94:71:99:f2:0f:40:e1:c5:2b:
                    66:3b:56:13:b5:de:85:a0:b0:34:ca:63:2d:1c:97:
                    42:2b:44:76:af:3e:d2:6f:eb:db:71:68:4f:d0:6a:
                    3c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D6:64:36:CD:D1:24:EA:36:02:75:E6:9D:36:CA:83:F5:F6:36:6F
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/JNZkNs3RJOo2AnXmnTbKg_X2Nm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:79:e9:7a:6d:33:7f:f5:f7:4d:46:fc:44:69:7c:bb:4d:30:
         f2:09:07:cb:1c:bd:f6:25:c9:10:df:c9:22:a8:91:52:c0:ee:
         b8:41:33:6f:87:3e:91:61:06:0b:93:e1:65:ea:91:7b:8e:f0:
         aa:1c:83:a7:d0:ab:97:a0:70:a2:5b:df:ae:82:fe:ea:0d:d3:
         9c:98:af:8e:99:a9:4d:18:90:de:9b:21:c4:51:57:60:92:e6:
         df:04:e5:fa:71:e8:7d:ba:62:67:cd:70:69:cf:6e:9d:fd:07:
         18:6d:2e:a6:f7:d1:02:1b:37:c5:ab:b7:30:08:c2:3f:06:12:
         81:08:f4:3f:8f:98:ef:42:4f:7a:e1:a7:49:90:cc:c0:1f:b7:
         a4:a4:f0:b0:19:06:49:06:55:68:b9:39:27:2d:b2:5c:6c:fa:
         0d:ea:f6:40:81:7c:df:22:0d:76:60:9a:01:7b:fa:73:91:d8:
         4f:92:4f:c3:66:a0:03:84:e4:0e:02:ab:50:e1:62:58:2e:91:
         7d:f8:4a:9c:91:c3:3a:92:72:31:4d:c7:37:fc:8a:61:be:58:
         d0:5e:00:08:23:b2:bb:af:b8:02:1e:9d:9b:a9:60:f0:58:e7:
         63:f6:f2:ea:3b:c3:de:fe:74:9a:af:63:22:fe:45:54:b4:f4:
         4a:b0:e3:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGQtzMdequPiU6uHove//VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjYwMjEwMDYzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQ2NjQzNmNkZDEyNGVhMzYwMjc1ZTY5ZDM2Y2E4M2Y1ZjYzNjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzGl7oS4t+d07PhoaHHo1JxaPTFE
qvpCD/IWKSuDkJlcNkwlaCYzrNE5jFC6bOpRjfvvqYJE1QVHKanRVjQhnxn0lDDD
+bK8fJF7bM/q2HkcYwsS9ZRuo3FjJas9tchkzIe2wooLnc4Ul+Grfh35HqB2nW6A
A2YnK/zl0B+95Q3ZC62DDGbaYbtGz+iAENwN1FVxr+qfgahnaJRFmmHW/eHstoZo
36z9fo8wWnMpd5BiyJQYrkHwiyCl54VYRJ3SgXnCm/6LblSdaojxs36kOnf82Vst
shaUcZnyD0DhxStmO1YTtd6FoLA0ymMtHJdCK0R2rz7Sb+vbcWhP0Go8fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTWZDbN0STqNgJ15p02yoP19jZvMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvSk5aa05zM1JKT28yQW5YbW5UYktnX1gyTm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99eMA0G
CSqGSIb3DQEBCwUAA4IBAQCjeel6bTN/9fdNRvxEaXy7TTDyCQfLHL32JckQ38ki
qJFSwO64QTNvhz6RYQYLk+Fl6pF7jvCqHIOn0KuXoHCiW9+ugv7qDdOcmK+OmalN
GJDemyHEUVdgkubfBOX6ceh9umJnzXBpz26d/QcYbS6m99ECGzfFq7cwCMI/BhKB
CPQ/j5jvQk964adJkMzAH7ekpPCwGQZJBlVouTknLbJcbPoN6vZAgXzfIg12YJoB
e/pzkdhPkk/DZqADhOQOAqtQ4WJYLpF9+EqckcM6knIxTcc3/IphvljQXgAII7K7
r7gCHp2bqWDwWOdj9vLqO8Pe/nSar2Mi/kVUtPRKsOP5
-----END CERTIFICATE-----