Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/jdLi2jo-vRnA8HhgEIQUXpdJ3GU.roa
File:                     jdLi2jo-vRnA8HhgEIQUXpdJ3GU.roa (raw, json)
Hash identifier:          kJfk39O0SlyYYvFMHymb9HselcoiZgC/FdVLuUvtcKw=
Subject key identifier:   8D:D2:E2:DA:3A:3E:BD:19:C0:F0:78:60:10:84:14:5E:97:49:DC:65
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019D1F3E23296B0656EB1653175BF6F84789
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/jdLi2jo-vRnA8HhgEIQUXpdJ3GU.roa
Signing time:             Tue 24 Mar 2026 09:47:39 +0000
ROA not before:           Tue 24 Mar 2026 09:47:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        185.87.56.0/24 maxlen: 24
                          185.87.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:3e:23:29:6b:06:56:eb:16:53:17:5b:f6:f8:47:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Mar 24 09:47:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8dd2e2da3a3ebd19c0f078601084145e9749dc65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7a:7a:bc:ea:ea:bf:33:84:8c:28:ab:98:f9:
                    35:50:40:76:e2:41:12:b5:42:0c:39:5e:8d:89:f9:
                    7b:6f:86:09:0f:93:41:08:50:b0:e1:3e:c2:fe:01:
                    f0:fc:42:82:49:f5:e6:5d:67:48:80:08:42:12:fe:
                    86:93:74:c6:2d:b0:95:0d:2c:30:90:3e:68:e7:df:
                    ca:b4:ae:90:69:3c:29:7f:6c:b2:86:4b:6f:b7:a0:
                    9d:d7:52:2f:9d:a1:ab:cb:74:33:ad:f4:c5:ee:52:
                    65:76:e8:47:a1:7f:fa:cb:c9:49:9c:e8:42:a1:b4:
                    4f:94:f9:e8:ce:d1:4b:d1:f1:93:70:0f:65:24:89:
                    18:ae:57:c9:31:51:fd:ed:f6:6c:d6:35:8d:67:d8:
                    6f:a1:12:5d:f3:f8:2d:ad:38:da:68:50:c2:50:73:
                    55:92:93:20:74:44:85:64:20:3a:19:ce:23:48:ac:
                    dd:02:03:08:07:0a:59:b1:16:68:d8:56:04:32:2b:
                    64:02:61:9e:f6:ee:81:68:0e:45:c2:34:99:eb:7e:
                    11:8b:c0:8f:2e:53:49:28:65:58:39:99:7b:7a:36:
                    7d:19:24:d9:cb:a5:26:c7:40:a9:b1:cc:f9:cd:e9:
                    d4:a0:e1:ca:76:8f:ad:54:ed:01:e8:d9:1f:8f:fa:
                    f5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D2:E2:DA:3A:3E:BD:19:C0:F0:78:60:10:84:14:5E:97:49:DC:65
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/jdLi2jo-vRnA8HhgEIQUXpdJ3GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.56.0/24
                  185.87.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:c8:49:ab:dd:d4:d2:c2:94:1a:54:c1:66:b0:33:ba:31:70:
         a1:98:1e:5f:d6:9e:af:e7:5c:02:3b:f5:83:33:04:04:01:8a:
         69:23:7e:b6:a1:11:48:40:8b:32:f7:bc:86:42:77:7d:17:a6:
         da:83:e7:38:49:bd:cc:73:8c:80:42:f8:1d:4f:20:66:27:cf:
         58:99:2c:56:4b:a5:25:42:f3:5b:c7:bb:24:73:a9:ca:65:f6:
         15:f8:06:dd:c8:9b:59:6f:79:92:d4:76:0d:a8:e7:1e:91:e5:
         10:c8:83:2f:ef:78:02:55:0e:08:ce:e5:c3:a8:52:d5:4c:9a:
         62:d4:4f:99:c2:81:07:64:ac:8a:50:dc:a9:e3:b0:94:13:39:
         8d:8c:82:59:ab:90:44:b6:83:f2:f6:f4:0a:36:f2:a8:d9:bd:
         ae:1a:5b:49:0c:57:9e:b1:91:16:eb:33:95:2b:ca:ae:17:5d:
         03:cd:45:25:b4:73:6e:0b:0e:b6:1c:48:80:dc:cc:09:5c:f6:
         6d:04:42:5a:a9:4e:7f:f6:91:e8:c7:b0:b8:91:0c:37:96:ce:
         64:00:65:60:cf:a3:f7:f5:77:ef:ad:99:40:b1:8f:b5:11:eb:
         78:5e:ad:a7:cc:77:c2:49:76:c2:45:11:66:52:a8:93:d0:57:
         bf:36:50:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0fPiMpawZW6xZTF1v2+EeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwMzI0MDk0NzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQyZTJkYTNhM2ViZDE5YzBmMDc4NjAxMDg0MTQ1ZTk3NDlkYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnp6vOrqvzOEjCirmPk1UEB24kES
tUIMOV6Nifl7b4YJD5NBCFCw4T7C/gHw/EKCSfXmXWdIgAhCEv6Gk3TGLbCVDSww
kD5o59/KtK6QaTwpf2yyhktvt6Cd11IvnaGry3QzrfTF7lJlduhHoX/6y8lJnOhC
obRPlPnoztFL0fGTcA9lJIkYrlfJMVH97fZs1jWNZ9hvoRJd8/gtrTjaaFDCUHNV
kpMgdESFZCA6Gc4jSKzdAgMIBwpZsRZo2FYEMitkAmGe9u6BaA5FwjSZ634Ri8CP
LlNJKGVYOZl7ejZ9GSTZy6Umx0Cpscz5zenUoOHKdo+tVO0B6Nkfj/r1UwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI3S4to6Pr0ZwPB4YBCEFF6XSdxlMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvamRMaTJqby12Um5BOEhoZ0VJUVVYcGRKM0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVc4AwQA
uVc7MA0GCSqGSIb3DQEBCwUAA4IBAQDHyEmr3dTSwpQaVMFmsDO6MXChmB5f1p6v
51wCO/WDMwQEAYppI362oRFIQIsy97yGQnd9F6bag+c4Sb3Mc4yAQvgdTyBmJ89Y
mSxWS6UlQvNbx7skc6nKZfYV+AbdyJtZb3mS1HYNqOcekeUQyIMv73gCVQ4IzuXD
qFLVTJpi1E+ZwoEHZKyKUNyp47CUEzmNjIJZq5BEtoPy9vQKNvKo2b2uGltJDFee
sZEW6zOVK8quF10DzUUltHNuCw62HEiA3MwJXPZtBEJaqU5/9pHox7C4kQw3ls5k
AGVgz6P39XfvrZlAsY+1Eet4Xq2nzHfCSXbCRRFmUqiT0Fe/NlBy
-----END CERTIFICATE-----