Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JvqrBr1DEAe2iopZPshII5Tk9o8.roa
File:                     JvqrBr1DEAe2iopZPshII5Tk9o8.roa (raw, json)
Hash identifier:          QoH3J8/tZ8BfhcdC9N1JzAvcYhu5XefOV0DpiKqW2No=
Subject key identifier:   26:FA:AB:06:BD:43:10:07:B6:8A:8A:59:3E:C8:48:23:94:E4:F6:8F
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019E0852DC01DE7DF8324334FF703011367F
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JvqrBr1DEAe2iopZPshII5Tk9o8.roa
Signing time:             Fri 08 May 2026 16:01:48 +0000
ROA not before:           Fri 08 May 2026 16:01:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62425
IP address blocks:        78.135.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:52:dc:01:de:7d:f8:32:43:34:ff:70:30:11:36:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May  8 16:01:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26faab06bd431007b68a8a593ec8482394e4f68f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2a:e2:a2:83:86:cd:e7:f3:03:f7:2d:99:fc:
                    97:0e:5e:00:18:fb:ee:b7:0e:a5:dc:c9:91:c6:ba:
                    f4:60:e5:a2:bb:27:af:4c:00:d5:95:c0:e1:9b:c1:
                    db:0f:b0:86:10:df:9d:50:57:85:e0:65:e4:9a:67:
                    87:5d:2b:8d:9f:9c:c6:f5:c6:47:b0:97:e3:d1:ae:
                    72:b9:4c:d7:4b:9f:09:f2:fc:d2:f6:00:fb:20:86:
                    e1:49:21:73:ab:1c:a6:bd:49:bd:29:cd:05:c6:cd:
                    33:3d:10:67:81:90:7c:bd:99:7c:18:ae:87:71:59:
                    98:04:43:f2:17:e4:ed:73:fb:af:bb:af:76:6b:ec:
                    f8:21:55:81:21:cb:0e:a0:ea:3a:ef:11:2a:91:6f:
                    c9:72:86:65:be:41:38:c7:1b:3c:41:0c:a7:75:bf:
                    04:46:26:7f:3f:20:af:46:2f:f1:0b:c2:9d:d5:6f:
                    c0:be:8f:9c:0f:14:a7:88:d5:55:b6:48:8c:e1:b7:
                    e5:36:a6:ea:8c:ce:6a:8a:0a:80:42:ea:b1:89:b2:
                    0a:39:bf:73:5a:19:a8:02:a6:9c:35:e7:d6:00:98:
                    35:7d:33:54:47:f5:2b:56:ad:05:ee:ca:0a:dc:02:
                    13:31:ad:d8:d2:4a:76:28:8e:fe:e7:84:d8:2a:d3:
                    25:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:FA:AB:06:BD:43:10:07:B6:8A:8A:59:3E:C8:48:23:94:E4:F6:8F
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/JvqrBr1DEAe2iopZPshII5Tk9o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fc:d1:51:bc:53:e7:66:cf:5c:7d:f3:d5:44:6b:39:f4:51:
         85:d7:12:ee:a6:69:ff:bc:13:63:09:85:e1:60:a9:09:42:2b:
         ab:7d:16:53:f3:2a:4f:42:25:41:19:d8:54:80:e2:2e:c4:a6:
         3a:00:d0:c1:42:d2:80:a6:02:e5:af:d5:60:bc:2f:7f:76:d2:
         e2:ce:9e:bf:18:73:1c:e7:ee:d2:53:d5:5d:63:99:28:9d:22:
         02:27:4b:a1:19:33:63:5e:ef:a4:a2:d9:11:b3:38:7b:c6:d7:
         44:a0:ab:05:b7:20:69:ea:87:ed:47:88:74:11:09:23:1f:2a:
         34:14:f0:69:83:98:b1:4a:e6:9d:69:48:59:c5:c4:d1:05:04:
         db:c3:3c:9a:e8:92:26:cb:c4:fd:0d:0f:54:90:29:f7:82:c5:
         90:6f:fc:df:f0:4b:b3:1c:db:b7:67:76:fd:ac:13:57:19:c9:
         be:0d:4c:a2:f9:52:5a:b0:ad:a7:a5:ca:97:fd:22:0b:1f:07:
         28:70:9a:a7:8a:e7:65:1d:5c:0e:0d:80:5e:5c:81:00:43:26:
         67:86:d4:9d:07:cb:6a:d3:13:da:0c:44:93:ee:e2:09:94:b8:
         64:e1:1f:d7:61:1a:60:fb:bc:bb:cc:c3:79:ee:91:60:a4:6c:
         9f:aa:35:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4IUtwB3n34MkM0/3AwETZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwNTA4MTYwMTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmZhYWIwNmJkNDMxMDA3YjY4YThhNTkzZWM4NDgyMzk0ZTRmNjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSriooOGzefzA/ctmfyXDl4AGPvu
tw6l3MmRxrr0YOWiuyevTADVlcDhm8HbD7CGEN+dUFeF4GXkmmeHXSuNn5zG9cZH
sJfj0a5yuUzXS58J8vzS9gD7IIbhSSFzqxymvUm9Kc0Fxs0zPRBngZB8vZl8GK6H
cVmYBEPyF+Ttc/uvu692a+z4IVWBIcsOoOo67xEqkW/JcoZlvkE4xxs8QQyndb8E
RiZ/PyCvRi/xC8Kd1W/Avo+cDxSniNVVtkiM4bflNqbqjM5qigqAQuqxibIKOb9z
WhmoAqacNefWAJg1fTNUR/UrVq0F7soK3AITMa3Y0kp2KI7+54TYKtMlqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCb6qwa9QxAHtoqKWT7ISCOU5PaPMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSnZxckJyMURFQWUyaW9wWlBzaElJNVRrOW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodnMA0G
CSqGSIb3DQEBCwUAA4IBAQAF/NFRvFPnZs9cffPVRGs59FGF1xLupmn/vBNjCYXh
YKkJQiurfRZT8ypPQiVBGdhUgOIuxKY6ANDBQtKApgLlr9VgvC9/dtLizp6/GHMc
5+7SU9VdY5konSICJ0uhGTNjXu+kotkRszh7xtdEoKsFtyBp6oftR4h0EQkjHyo0
FPBpg5ixSuadaUhZxcTRBQTbwzya6JImy8T9DQ9UkCn3gsWQb/zf8EuzHNu3Z3b9
rBNXGcm+DUyi+VJasK2npcqX/SILHwcocJqniudlHVwODYBeXIEAQyZnhtSdB8tq
0xPaDEST7uIJlLhk4R/XYRpg+7y7zMN57pFgpGyfqjXs
-----END CERTIFICATE-----