Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/JCKR_kg5e02kURKGqD4pGEuK3MI.roa
File:                     JCKR_kg5e02kURKGqD4pGEuK3MI.roa (raw, json)
Hash identifier:          0tKito6h1TOQFLB50yP9m14KN7/k2N/3B5WbTDcVps0=
Subject key identifier:   24:22:91:FE:48:39:7B:4D:A4:51:12:86:A8:3E:29:18:4B:8A:DC:C2
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019D1B4A7A2EB13594644A1A85782506E4E5
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/JCKR_kg5e02kURKGqD4pGEuK3MI.roa
Signing time:             Mon 23 Mar 2026 15:22:38 +0000
ROA not before:           Mon 23 Mar 2026 15:22:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.143.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:4a:7a:2e:b1:35:94:64:4a:1a:85:78:25:06:e4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar 23 15:22:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=242291fe48397b4da4511286a83e29184b8adcc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f7:43:b3:45:b2:dd:5f:c9:35:32:03:3d:81:
                    06:e4:f8:c8:78:e4:ba:b5:fa:77:a5:ee:27:83:ab:
                    62:92:a8:ea:01:06:26:e4:af:37:b4:f3:97:3a:be:
                    d3:4a:bc:3b:b9:76:4c:07:fa:58:b9:6f:1b:4a:c0:
                    47:3c:72:7e:58:74:58:26:c6:33:d3:3c:1f:87:ce:
                    a6:99:b1:df:5c:1c:7d:18:48:fd:92:e1:a2:25:65:
                    3b:d7:77:f6:43:15:66:b2:e9:c2:93:e6:a9:0e:ba:
                    92:77:9c:21:dd:57:ca:1e:8d:60:36:c5:85:50:1a:
                    0d:08:6e:87:29:e7:16:08:c8:8e:b9:ce:8a:e7:88:
                    34:00:29:6d:e8:08:d4:1b:cf:5d:96:92:db:4b:e8:
                    67:da:21:4b:b7:5e:2a:30:bd:0d:fe:58:e7:81:65:
                    86:de:d4:2e:53:54:b3:ed:74:ae:29:5f:8b:cd:aa:
                    c6:61:6a:60:d6:16:ba:53:dd:01:2b:ed:58:45:b0:
                    f3:fd:ea:d8:b8:e1:82:0a:24:35:a5:13:83:40:f9:
                    1c:4f:0d:6c:a9:65:23:9e:25:f8:26:ea:c7:d1:cc:
                    b9:23:95:bd:ab:da:4e:95:b6:46:d4:d6:fd:5a:6c:
                    a1:fb:a5:0b:2f:f0:56:30:ba:7f:dd:19:a7:5d:b4:
                    2d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:22:91:FE:48:39:7B:4D:A4:51:12:86:A8:3E:29:18:4B:8A:DC:C2
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/JCKR_kg5e02kURKGqD4pGEuK3MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:47:10:89:55:5d:65:a7:e6:2a:cd:f0:2c:3b:bc:3f:9c:61:
         07:e8:4d:29:6d:a0:51:dd:11:1a:08:cc:6c:f3:eb:75:3d:83:
         aa:94:ac:bc:a5:f4:6c:cb:00:ad:7a:4e:37:fb:2a:2c:f5:9f:
         c4:68:6c:1f:32:24:66:5b:c6:9d:dd:c3:9b:82:8f:8a:91:9c:
         15:15:8c:94:22:85:ec:28:e5:73:c8:54:e5:0c:28:98:73:1e:
         3e:f8:df:23:8f:e1:ce:4b:b3:1c:ca:43:1c:d9:06:4f:39:67:
         d0:33:2a:36:28:00:10:72:bf:91:76:c2:5c:f5:98:fe:01:da:
         79:e4:f1:94:1e:04:c8:82:9e:00:29:e0:ed:12:a9:b1:33:db:
         a5:f9:d9:c7:da:b1:8d:2a:74:ef:fb:ba:97:72:47:7f:65:78:
         31:6b:64:ef:21:2e:51:95:55:f2:4f:ca:86:1b:f7:40:1b:71:
         74:d9:06:e8:00:3b:65:9a:6e:bf:01:8f:d5:e2:d4:d9:82:e1:
         9d:0e:64:47:ca:79:77:4a:fd:e0:ea:50:dc:36:28:41:06:e5:
         79:fd:2b:11:6e:8a:db:7e:ce:05:27:b1:1e:64:54:f2:92:4f:
         fb:de:21:c6:d7:28:e0:b6:81:f9:c8:f4:5d:ca:c1:0d:d5:e4:
         1c:58:48:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bSnousTWUZEoahXglBuTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwMzIzMTUyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDIyOTFmZTQ4Mzk3YjRkYTQ1MTEyODZhODNlMjkxODRiOGFkY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfdDs0Wy3V/JNTIDPYEG5PjIeOS6
tfp3pe4ng6tikqjqAQYm5K83tPOXOr7TSrw7uXZMB/pYuW8bSsBHPHJ+WHRYJsYz
0zwfh86mmbHfXBx9GEj9kuGiJWU713f2QxVmsunCk+apDrqSd5wh3VfKHo1gNsWF
UBoNCG6HKecWCMiOuc6K54g0AClt6AjUG89dlpLbS+hn2iFLt14qML0N/ljngWWG
3tQuU1Sz7XSuKV+LzarGYWpg1ha6U90BK+1YRbDz/erYuOGCCiQ1pRODQPkcTw1s
qWUjniX4JurH0cy5I5W9q9pOlbZG1Nb9Wmyh+6ULL/BWMLp/3RmnXbQtpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQikf5IOXtNpFEShqg+KRhLitzCMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvSkNLUl9rZzVlMDJrVVJLR3FENHBHRXVLM01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQBTRxCJVV1lp+YqzfAsO7w/nGEH6E0pbaBR3REaCMxs
8+t1PYOqlKy8pfRsywCtek43+yos9Z/EaGwfMiRmW8ad3cObgo+KkZwVFYyUIoXs
KOVzyFTlDCiYcx4++N8jj+HOS7McykMc2QZPOWfQMyo2KAAQcr+RdsJc9Zj+Adp5
5PGUHgTIgp4AKeDtEqmxM9ul+dnH2rGNKnTv+7qXckd/ZXgxa2TvIS5RlVXyT8qG
G/dAG3F02QboADtlmm6/AY/V4tTZguGdDmRHynl3Sv3g6lDcNihBBuV5/SsRborb
fs4FJ7EeZFTykk/73iHG1yjgtoH5yPRdysEN1eQcWEiB
-----END CERTIFICATE-----