Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/usJarqX_Bcgp49lKmp6H5bg_vB0.roa
File:                     usJarqX_Bcgp49lKmp6H5bg_vB0.roa (raw, json)
Hash identifier:          mDZL7znsJizflKQPFMq4p5675za6GHyVXQmz00J2row=
Subject key identifier:   BA:C2:5A:AE:A5:FF:05:C8:29:E3:D9:4A:9A:9E:87:E5:B8:3F:BC:1D
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D8A8A6AC680F4BC6ECFAFFB32FDC1610E
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/usJarqX_Bcgp49lKmp6H5bg_vB0.roa
Signing time:             Tue 14 Apr 2026 05:50:20 +0000
ROA not before:           Tue 14 Apr 2026 05:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211344
IP address blocks:        150.251.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:8a:6a:c6:80:f4:bc:6e:cf:af:fb:32:fd:c1:61:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Apr 14 05:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bac25aaea5ff05c829e3d94a9a9e87e5b83fbc1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:72:fa:32:c1:40:6d:70:9a:ab:01:f3:40:08:
                    97:f0:e7:8a:ba:9d:44:8c:32:ca:b3:7a:45:d3:01:
                    d0:56:fb:1d:75:0a:2e:8a:de:0a:80:6c:61:47:07:
                    85:ca:8a:b0:b3:46:a0:81:7e:59:59:2f:13:76:2a:
                    3e:f7:59:5b:d0:31:3e:b8:eb:e2:91:f3:61:cd:36:
                    64:e6:9a:b9:d8:90:2c:db:5f:b3:08:68:d6:37:02:
                    61:76:c2:bb:ed:5a:ae:b8:a1:fd:d9:d5:ba:14:ad:
                    0d:08:46:c9:f3:b2:3b:da:93:c4:fd:f8:fe:c1:0e:
                    63:14:c8:62:f0:34:b3:6b:74:4e:79:91:c3:8e:61:
                    bf:5c:02:ce:0b:0b:e7:a5:bf:63:36:c6:58:38:61:
                    cc:e8:04:7f:29:0f:4c:46:df:f3:d6:28:00:55:fb:
                    d4:0c:2a:ef:8c:bb:01:64:16:ff:18:69:bd:1c:ec:
                    0e:4e:bd:3e:76:df:6d:d6:44:be:53:e6:c7:5f:89:
                    1a:f3:2a:cc:c4:b9:83:81:41:d2:22:a6:dd:66:4d:
                    ea:1a:a8:9e:00:0d:e5:a7:04:36:71:52:b7:3f:70:
                    fb:6c:20:ec:a3:93:ee:19:3a:b5:6b:a6:33:2d:86:
                    e1:be:5b:09:74:db:9e:0c:1b:d9:1e:a9:cf:e4:f6:
                    76:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C2:5A:AE:A5:FF:05:C8:29:E3:D9:4A:9A:9E:87:E5:B8:3F:BC:1D
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/usJarqX_Bcgp49lKmp6H5bg_vB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:0a:79:c5:8e:6b:b2:ff:6a:a5:16:57:5a:d8:f4:c0:36:63:
         29:1d:a6:96:6b:37:8d:24:93:d4:b4:79:d0:a5:fb:d7:48:84:
         a6:60:80:91:f4:b0:b0:a6:ec:62:3a:f1:ef:7f:d1:99:e7:bf:
         42:0a:9e:1e:91:05:82:6e:e8:b5:f6:c2:41:42:17:e6:3a:0c:
         8b:e7:c2:21:c5:36:e1:62:6b:b8:7a:7c:bc:67:a5:54:3d:ca:
         82:a2:ee:69:19:1f:75:7f:23:eb:b0:f3:e4:76:04:9c:f2:59:
         9d:0e:55:3e:42:61:e4:48:ac:9c:ee:7a:4a:8b:87:fd:1a:32:
         43:87:39:52:38:0d:62:39:b5:bc:a8:5d:6e:46:65:9a:00:00:
         dc:c7:66:40:56:e2:39:99:8f:58:c5:86:13:d7:66:79:fd:fc:
         ec:e4:79:ce:12:81:b8:94:04:9e:78:b1:8a:d7:41:fb:76:20:
         8c:f2:0f:6c:bf:56:e8:47:dc:12:80:11:1d:84:08:c8:ec:11:
         2f:a8:13:8d:7c:dc:5b:49:ad:be:c4:6e:30:b1:c1:5a:be:f4:
         65:ff:85:59:36:27:ea:a1:c0:34:a4:76:70:56:18:68:c9:9a:
         28:41:5f:35:a7:22:98:ce:c5:65:2e:b5:cf:e0:eb:71:a1:22:
         7b:81:c9:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2KimrGgPS8bs+v+zL9wWEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNDE0MDU1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMyNWFhZWE1ZmYwNWM4MjllM2Q5NGE5YTllODdlNWI4M2ZiYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HL6MsFAbXCaqwHzQAiX8OeKup1E
jDLKs3pF0wHQVvsddQouit4KgGxhRweFyoqws0aggX5ZWS8Tdio+91lb0DE+uOvi
kfNhzTZk5pq52JAs21+zCGjWNwJhdsK77VquuKH92dW6FK0NCEbJ87I72pPE/fj+
wQ5jFMhi8DSza3ROeZHDjmG/XALOCwvnpb9jNsZYOGHM6AR/KQ9MRt/z1igAVfvU
DCrvjLsBZBb/GGm9HOwOTr0+dt9t1kS+U+bHX4ka8yrMxLmDgUHSIqbdZk3qGqie
AA3lpwQ2cVK3P3D7bCDso5PuGTq1a6YzLYbhvlsJdNueDBvZHqnP5PZ2/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrCWq6l/wXIKePZSpqeh+W4P7wdMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvdXNKYXJxWF9CY2dwNDlsS21wNkg1YmdfdkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuUMA0G
CSqGSIb3DQEBCwUAA4IBAQA9CnnFjmuy/2qlFlda2PTANmMpHaaWazeNJJPUtHnQ
pfvXSISmYICR9LCwpuxiOvHvf9GZ579CCp4ekQWCbui19sJBQhfmOgyL58IhxTbh
Ymu4eny8Z6VUPcqCou5pGR91fyPrsPPkdgSc8lmdDlU+QmHkSKyc7npKi4f9GjJD
hzlSOA1iObW8qF1uRmWaAADcx2ZAVuI5mY9YxYYT12Z5/fzs5HnOEoG4lASeeLGK
10H7diCM8g9sv1boR9wSgBEdhAjI7BEvqBONfNxbSa2+xG4wscFavvRl/4VZNifq
ocA0pHZwVhhoyZooQV81pyKYzsVlLrXP4OtxoSJ7gcmf
-----END CERTIFICATE-----