Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/JlA25F-M7KvAsSDseKudSFRF3HA.roa
File:                     JlA25F-M7KvAsSDseKudSFRF3HA.roa (raw, json)
Hash identifier:          gES4kDR6mhGPpQfnhqsx3vEvMQVGKlNZIuooaU01hCo=
Subject key identifier:   26:50:36:E4:5F:8C:EC:AB:C0:B1:20:EC:78:AB:9D:48:54:45:DC:70
Certificate issuer:       /CN=c221258974ee8e054560c7176f8347d4355b9a87
Certificate serial:       019E16E48A444B83B5A434FB530D970430F2
Authority key identifier: C2:21:25:89:74:EE:8E:05:45:60:C7:17:6F:83:47:D4:35:5B:9A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/JlA25F-M7KvAsSDseKudSFRF3HA.roa
Signing time:             Mon 11 May 2026 11:55:36 +0000
ROA not before:           Mon 11 May 2026 11:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197951
IP address blocks:        193.84.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:e4:8a:44:4b:83:b5:a4:34:fb:53:0d:97:04:30:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c221258974ee8e054560c7176f8347d4355b9a87
        Validity
            Not Before: May 11 11:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=265036e45f8cecabc0b120ec78ab9d485445dc70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:50:62:98:6d:88:16:ab:e2:08:36:17:2c:86:
                    c7:9f:8a:c2:cc:68:e1:01:31:24:16:a5:01:d7:e8:
                    6b:a0:fe:ee:56:2c:45:33:f5:0f:fa:b3:10:d3:3d:
                    de:eb:9f:68:7e:72:2f:37:7e:e6:21:6a:67:73:f9:
                    c9:99:11:c9:73:b0:c4:ae:34:37:44:75:2b:4d:ca:
                    48:cd:06:52:43:9d:a2:34:ae:8a:d6:b3:2f:36:71:
                    19:80:46:98:8c:0d:d5:ca:2c:62:dc:c5:46:da:64:
                    d0:78:1f:cc:32:ed:b2:fe:17:8d:ff:3d:e7:6f:ef:
                    b8:26:21:29:c6:36:1e:f7:5d:94:38:ed:d1:fd:b9:
                    61:49:8f:f2:25:36:e9:a3:48:05:0a:49:be:f8:ed:
                    a1:8b:25:ae:d8:78:1f:83:e8:d5:14:86:85:1d:83:
                    cc:0a:da:7f:89:8f:a4:44:57:87:5e:7b:c8:37:d2:
                    79:dd:42:c8:d9:18:13:8a:2a:39:5c:e7:5b:e9:0a:
                    78:e4:bd:9e:d5:f6:eb:f9:c3:ff:23:dc:80:35:1b:
                    be:0d:05:49:bf:2d:35:cd:13:4b:5a:0d:c6:01:8d:
                    56:1e:75:7c:87:ea:6d:64:f9:be:4c:93:0d:8b:ba:
                    2b:90:47:b1:50:78:b5:57:46:c8:b5:a2:cd:1a:ab:
                    c6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:50:36:E4:5F:8C:EC:AB:C0:B1:20:EC:78:AB:9D:48:54:45:DC:70
            X509v3 Authority Key Identifier:
                keyid:C2:21:25:89:74:EE:8E:05:45:60:C7:17:6F:83:47:D4:35:5B:9A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wiEliXTujgVFYMcXb4NH1DVbmoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/JlA25F-M7KvAsSDseKudSFRF3HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/08482f-a7c5-4627-a068-25f79d2d8c17/1/wiEliXTujgVFYMcXb4NH1DVbmoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:76:98:32:4c:85:38:d4:98:ca:b5:1f:2b:08:c9:b5:b0:81:
         5a:4d:df:94:4b:79:5c:51:91:36:6a:19:7f:12:d4:66:90:c0:
         39:5b:31:f3:54:63:e5:6a:67:46:69:d9:29:3f:d3:dc:84:3e:
         6c:69:b8:70:ff:e7:49:ec:30:0f:2e:bf:3a:73:19:53:70:60:
         90:7e:2c:3d:e1:d2:c6:27:4a:b5:0e:d2:2b:e7:42:cf:e1:5e:
         b7:25:bf:4a:b5:31:5c:25:af:ca:73:5c:58:dd:24:0b:cb:6e:
         7d:f1:a6:c0:c1:9a:72:ec:26:15:cb:cd:3f:3a:65:1c:65:22:
         8e:71:90:f5:69:e1:bc:ff:8e:f3:ae:f2:75:74:44:51:00:48:
         17:5c:d1:f9:15:7b:40:c2:b0:38:ad:47:ad:93:5f:0f:49:8d:
         a3:dd:ba:88:1a:be:99:e1:bf:e8:b4:12:15:de:d9:0a:9f:4e:
         d6:01:2a:d8:bd:bf:09:b2:1c:d7:5b:7c:95:33:29:23:ef:af:
         6f:c7:df:bb:46:45:be:1b:8c:9c:61:e4:23:a4:b7:24:74:c1:
         ea:c7:fe:91:a1:23:ff:f0:04:ab:fa:9d:da:41:45:28:89:80:
         97:9d:0d:2f:21:26:de:43:4e:46:ed:88:9e:4a:d0:9d:6b:42:
         d6:64:13:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4W5IpES4O1pDT7Uw2XBDDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjEyNTg5NzRlZThlMDU0NTYwYzcxNzZmODM0N2Q0MzU1
YjlhODcwHhcNMjYwNTExMTE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjUwMzZlNDVmOGNlY2FiYzBiMTIwZWM3OGFiOWQ0ODU0NDVkYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVBimG2IFqviCDYXLIbHn4rCzGjh
ATEkFqUB1+hroP7uVixFM/UP+rMQ0z3e659ofnIvN37mIWpnc/nJmRHJc7DErjQ3
RHUrTcpIzQZSQ52iNK6K1rMvNnEZgEaYjA3Vyixi3MVG2mTQeB/MMu2y/heN/z3n
b++4JiEpxjYe912UOO3R/blhSY/yJTbpo0gFCkm++O2hiyWu2Hgfg+jVFIaFHYPM
Ctp/iY+kRFeHXnvIN9J53ULI2RgTiio5XOdb6Qp45L2e1fbr+cP/I9yANRu+DQVJ
vy01zRNLWg3GAY1WHnV8h+ptZPm+TJMNi7orkEexUHi1V0bItaLNGqvGhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZQNuRfjOyrwLEg7HirnUhURdxwMB8GA1UdIwQY
MBaAFMIhJYl07o4FRWDHF2+DR9Q1W5qHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lFbGlYVHVqZ1ZGWU1jWGI0TkgxRFZibW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wODQ4MmYtYTdjNS00NjI3LWEwNjgt
MjVmNzlkMmQ4YzE3LzEvSmxBMjVGLU03S3ZBc1NEc2VLdWRTRlJGM0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wODQ4MmYtYTdjNS00NjI3LWEwNjgtMjVmNzlkMmQ4YzE3
LzEvd2lFbGlYVHVqZ1ZGWU1jWGI0TkgxRFZibW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRmMA0G
CSqGSIb3DQEBCwUAA4IBAQCYdpgyTIU41JjKtR8rCMm1sIFaTd+US3lcUZE2ahl/
EtRmkMA5WzHzVGPlamdGadkpP9PchD5sabhw/+dJ7DAPLr86cxlTcGCQfiw94dLG
J0q1DtIr50LP4V63Jb9KtTFcJa/Kc1xY3SQLy2598abAwZpy7CYVy80/OmUcZSKO
cZD1aeG8/47zrvJ1dERRAEgXXNH5FXtAwrA4rUetk18PSY2j3bqIGr6Z4b/otBIV
3tkKn07WASrYvb8JshzXW3yVMykj769vx9+7RkW+G4ycYeQjpLckdMHqx/6RoSP/
8ASr+p3aQUUoiYCXnQ0vISbeQ05G7YieStCda0LWZBP5
-----END CERTIFICATE-----