Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/JKRhGHz1wOMMDMbkd77Yaq_Pjqk.roa
File:                     JKRhGHz1wOMMDMbkd77Yaq_Pjqk.roa (raw, json)
Hash identifier:          HUtH+6+YHomcHaSyEnrlGRMw9Xpgpt0Knkn8njrNXug=
Subject key identifier:   24:A4:61:18:7C:F5:C0:E3:0C:0C:C6:E4:77:BE:D8:6A:AF:CF:8E:A9
Certificate issuer:       /CN=b86bb60d96b3e5d6187eea38368be5489b9875c6
Certificate serial:       019DAEDD8683A4C25D3F5B37680AECF192AC
Authority key identifier: B8:6B:B6:0D:96:B3:E5:D6:18:7E:EA:38:36:8B:E5:48:9B:98:75:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGu2DZaz5dYYfuo4NovlSJuYdcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/JKRhGHz1wOMMDMbkd77Yaq_Pjqk.roa
Signing time:             Tue 21 Apr 2026 07:07:26 +0000
ROA not before:           Tue 21 Apr 2026 07:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     224
IP address blocks:        129.240.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/uGu2DZaz5dYYfuo4NovlSJuYdcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/uGu2DZaz5dYYfuo4NovlSJuYdcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGu2DZaz5dYYfuo4NovlSJuYdcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:dd:86:83:a4:c2:5d:3f:5b:37:68:0a:ec:f1:92:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b86bb60d96b3e5d6187eea38368be5489b9875c6
        Validity
            Not Before: Apr 21 07:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24a461187cf5c0e30c0cc6e477bed86aafcf8ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:62:95:0a:07:61:86:44:ca:bb:5a:c1:de:75:
                    cd:a8:1b:83:a8:6c:28:d8:7f:6e:bb:64:2a:a0:16:
                    0a:7e:e2:1c:ce:c5:b9:d2:a3:f1:2b:83:36:75:a1:
                    e1:2c:f8:b4:ac:5d:31:32:d9:53:7e:e2:ef:70:40:
                    57:07:17:6e:f6:fe:00:5d:c9:1f:2d:56:06:e3:47:
                    f0:74:13:3f:86:ee:fa:b0:24:fa:29:50:47:56:b0:
                    b3:86:27:61:55:1f:f5:1e:e7:da:74:5b:6f:c7:51:
                    69:df:d4:e7:b9:8a:d7:21:00:56:63:21:06:16:6a:
                    8e:67:b9:f1:f1:cb:60:6e:4b:b8:38:40:17:2f:9c:
                    99:d3:cb:3f:b6:2c:ed:a3:9d:ff:cb:86:2f:bb:fb:
                    50:83:79:3e:e7:12:a5:b3:83:d7:3d:60:d0:70:ce:
                    61:8e:9c:bd:a3:c9:95:3e:ef:84:49:75:c1:b4:c1:
                    fc:50:2c:db:4f:54:79:41:14:c5:6b:d0:9d:bd:9e:
                    19:84:43:e6:27:2d:84:16:76:36:3a:f6:44:48:fd:
                    57:de:a6:a1:de:d0:84:0e:1b:86:10:28:6e:4c:00:
                    89:08:d9:df:c2:1e:49:46:c5:a3:e3:84:6e:00:00:
                    e1:f7:d8:f4:42:ee:0f:65:e3:e3:14:70:67:04:96:
                    41:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A4:61:18:7C:F5:C0:E3:0C:0C:C6:E4:77:BE:D8:6A:AF:CF:8E:A9
            X509v3 Authority Key Identifier:
                keyid:B8:6B:B6:0D:96:B3:E5:D6:18:7E:EA:38:36:8B:E5:48:9B:98:75:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGu2DZaz5dYYfuo4NovlSJuYdcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/JKRhGHz1wOMMDMbkd77Yaq_Pjqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4ac7f6-4cfd-4b11-b007-69c25feaab50/1/uGu2DZaz5dYYfuo4NovlSJuYdcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.240.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:c5:a4:01:e7:35:e5:05:28:b9:d1:76:78:6b:be:bb:d5:39:
         e9:9a:2f:0b:ce:36:53:52:41:16:38:4a:5c:15:10:23:0b:71:
         bc:09:cb:b7:00:4e:36:ea:38:80:e8:da:11:40:94:f6:ff:43:
         5f:c6:3c:05:78:34:14:1b:23:e3:c2:e3:07:bd:1d:ae:ff:4f:
         68:d1:85:cb:e9:d8:9d:a9:ae:61:94:76:ef:e7:d4:24:aa:0a:
         40:0d:0b:e9:6a:0e:00:2b:ca:46:7c:05:c0:8f:2f:5c:8d:c5:
         c5:c2:0c:bf:2a:2f:09:d5:37:e9:fa:a9:72:3f:07:5d:39:e6:
         30:bf:34:5f:91:8c:b0:f1:2a:ec:88:0b:66:ce:78:05:7e:09:
         56:ff:cc:5f:ea:23:50:a8:50:06:88:17:95:40:14:62:95:d1:
         c3:cc:f9:fe:56:53:01:64:27:ce:88:c9:2d:53:47:c0:eb:2c:
         92:65:be:b9:bc:1d:e4:b5:c8:2a:d8:00:33:e3:ae:af:02:42:
         ca:7d:82:38:26:2a:c3:58:24:09:7d:22:e1:8f:d8:bd:02:4c:
         48:a9:25:99:12:b9:24:00:1b:4c:72:c8:e6:f1:00:05:dc:0d:
         1a:14:5a:59:c0:94:15:67:31:51:b4:f8:c7:8d:7a:07:79:fd:
         f0:a9:ea:8a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZ2u3YaDpMJdP1s3aArs8ZKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NmJiNjBkOTZiM2U1ZDYxODdlZWEzODM2OGJlNTQ4OWI5
ODc1YzYwHhcNMjYwNDIxMDcwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGE0NjExODdjZjVjMGUzMGMwY2M2ZTQ3N2JlZDg2YWFmY2Y4ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWKVCgdhhkTKu1rB3nXNqBuDqGwo
2H9uu2QqoBYKfuIczsW50qPxK4M2daHhLPi0rF0xMtlTfuLvcEBXBxdu9v4AXckf
LVYG40fwdBM/hu76sCT6KVBHVrCzhidhVR/1HufadFtvx1Fp39TnuYrXIQBWYyEG
FmqOZ7nx8ctgbku4OEAXL5yZ08s/tizto53/y4Yvu/tQg3k+5xKls4PXPWDQcM5h
jpy9o8mVPu+ESXXBtMH8UCzbT1R5QRTFa9CdvZ4ZhEPmJy2EFnY2OvZESP1X3qah
3tCEDhuGEChuTACJCNnfwh5JRsWj44RuAADh99j0Qu4PZePjFHBnBJZBawIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCSkYRh89cDjDAzG5He+2Gqvz46pMB8GA1UdIwQY
MBaAFLhrtg2Ws+XWGH7qODaL5UibmHXGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUd1MkRaYXo1ZFlZZnVvNE5vdmxTSnVZZGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80YWM3ZjYtNGNmZC00YjExLWIwMDct
NjljMjVmZWFhYjUwLzEvSktSaEdIejF3T01NRE1ia2Q3N1lhcV9QanFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80YWM3ZjYtNGNmZC00YjExLWIwMDctNjljMjVmZWFhYjUw
LzEvdUd1MkRaYXo1ZFlZZnVvNE5vdmxTSnVZZGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgfAwDQYJ
KoZIhvcNAQELBQADggEBAD3FpAHnNeUFKLnRdnhrvrvVOemaLwvONlNSQRY4SlwV
ECMLcbwJy7cATjbqOIDo2hFAlPb/Q1/GPAV4NBQbI+PC4we9Ha7/T2jRhcvp2J2p
rmGUdu/n1CSqCkANC+lqDgArykZ8BcCPL1yNxcXCDL8qLwnVN+n6qXI/B1055jC/
NF+RjLDxKuyIC2bOeAV+CVb/zF/qI1CoUAaIF5VAFGKV0cPM+f5WUwFkJ86IyS1T
R8DrLJJlvrm8HeS1yCrYADPjrq8CQsp9gjgmKsNYJAl9IuGP2L0CTEipJZkSuSQA
G0xyyObxAAXcDRoUWlnAlBVnMVG0+MeNegd5/fCp6oo=
-----END CERTIFICATE-----