Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/cujgpcZMo-u6-uAPJgjn05vZZY8.roa
File:                     cujgpcZMo-u6-uAPJgjn05vZZY8.roa (raw, json)
Hash identifier:          /gwhlQJjmiLq2vNQ7oIXxqrvTIMx9w5D/yDlNU/SfBg=
Subject key identifier:   72:E8:E0:A5:C6:4C:A3:EB:BA:FA:E0:0F:26:08:E7:D3:9B:D9:65:8F
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019DFE33D45E3DC153EA4C06F13641134D3F
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/cujgpcZMo-u6-uAPJgjn05vZZY8.roa
Signing time:             Wed 06 May 2026 16:51:42 +0000
ROA not before:           Wed 06 May 2026 16:51:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154321
IP address blocks:        209.248.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:33:d4:5e:3d:c1:53:ea:4c:06:f1:36:41:13:4d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: May  6 16:51:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72e8e0a5c64ca3ebbafae00f2608e7d39bd9658f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:98:d8:8a:6a:94:c2:43:c0:70:46:f8:f3:1a:
                    2b:b9:b8:c9:6d:63:2b:f3:9e:93:68:a5:c5:34:11:
                    4c:05:28:14:ee:17:7d:8a:51:e5:4f:e2:74:81:11:
                    de:ea:26:3d:54:b9:9d:cd:07:ae:3d:9b:be:21:76:
                    a7:e6:5c:49:77:d3:dd:8f:ae:9f:21:5c:95:ee:13:
                    28:1d:ed:93:b2:a6:67:f7:92:86:fa:8b:16:24:17:
                    42:49:45:f3:75:db:b8:2d:51:cd:4f:89:77:36:5b:
                    2d:eb:fb:0d:cb:66:1f:21:22:e7:1d:5f:f5:03:fc:
                    fc:70:49:c7:b0:b7:fa:18:91:57:02:37:6f:d4:2e:
                    65:d6:af:31:0f:77:46:90:95:4b:2c:b2:ba:3a:0a:
                    15:0b:15:49:c1:25:56:db:72:01:fa:cb:43:3f:1e:
                    45:e8:80:4e:49:c5:2e:99:2c:72:fb:7e:8f:4f:cb:
                    a3:ca:91:b9:1b:8c:a4:c0:d2:4b:6a:87:8f:77:5a:
                    0f:4d:77:1b:d6:b0:dc:48:b1:4b:6e:e1:7d:e7:6b:
                    34:d4:ec:1e:63:01:36:e2:7b:a3:e8:65:b0:88:00:
                    9e:83:ad:b0:c5:b9:2b:8d:0c:e2:59:f7:7d:81:82:
                    f8:33:a5:a1:3b:aa:e3:cd:6c:f1:6c:01:69:c6:18:
                    8b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E8:E0:A5:C6:4C:A3:EB:BA:FA:E0:0F:26:08:E7:D3:9B:D9:65:8F
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/cujgpcZMo-u6-uAPJgjn05vZZY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0d:f9:7f:66:37:8d:de:b6:b2:75:3c:7a:ae:97:6b:00:8d:ea:
         07:8d:6a:bc:16:2d:08:67:db:7d:a8:ba:f0:78:61:0b:ca:d4:
         cd:c2:06:81:f4:78:40:77:c8:2a:cd:17:62:a0:ba:c5:f4:4c:
         6c:a8:3a:d7:e2:b6:0c:31:ba:8b:5d:2b:2b:de:c6:71:16:c9:
         96:25:af:95:08:72:bb:65:41:01:54:26:28:aa:78:19:fd:b5:
         d5:7c:ea:be:15:40:d4:a2:54:d7:d6:d9:46:b1:d0:7c:7a:20:
         6e:58:c6:92:5a:79:cc:f9:36:ca:28:ed:81:fc:f9:a1:46:96:
         dc:5d:fb:94:9f:88:48:e0:67:12:a8:b7:95:4f:d6:04:10:91:
         86:08:b6:af:71:a0:07:e3:f2:c8:5f:dd:03:76:64:cb:19:48:
         1a:1a:b7:27:93:bc:0d:11:78:11:23:bb:51:78:34:4e:8d:2a:
         73:3e:ef:d0:99:a6:77:18:6d:6f:7a:1b:41:70:45:d3:be:3f:
         ed:06:50:cd:fe:ac:c2:f2:aa:6e:77:fe:c3:c8:d1:06:d0:56:
         85:75:7d:72:76:8f:bf:93:9b:c9:5a:1d:9e:dc:f8:aa:54:ee:
         4a:ac:25:43:ce:f1:22:a7:72:f1:ac:94:7c:38:8c:47:10:36:
         92:57:d4:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+M9RePcFT6kwG8TZBE00/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwNTA2MTY1MTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU4ZTBhNWM2NGNhM2ViYmFmYWUwMGYyNjA4ZTdkMzliZDk2NThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZjYimqUwkPAcEb48xorubjJbWMr
856TaKXFNBFMBSgU7hd9ilHlT+J0gRHe6iY9VLmdzQeuPZu+IXan5lxJd9Pdj66f
IVyV7hMoHe2TsqZn95KG+osWJBdCSUXzddu4LVHNT4l3Nlst6/sNy2YfISLnHV/1
A/z8cEnHsLf6GJFXAjdv1C5l1q8xD3dGkJVLLLK6OgoVCxVJwSVW23IB+stDPx5F
6IBOScUumSxy+36PT8ujypG5G4ykwNJLaoePd1oPTXcb1rDcSLFLbuF952s01Owe
YwE24nuj6GWwiACeg62wxbkrjQziWfd9gYL4M6WhO6rjzWzxbAFpxhiLAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLo4KXGTKPruvrgDyYI59Ob2WWPMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvY3VqZ3BjWk1vLXU2LXVBUEpnam4wNXZaWlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD0fgYMA0G
CSqGSIb3DQEBCwUAA4IBAQAN+X9mN43etrJ1PHqul2sAjeoHjWq8Fi0IZ9t9qLrw
eGELytTNwgaB9HhAd8gqzRdioLrF9ExsqDrX4rYMMbqLXSsr3sZxFsmWJa+VCHK7
ZUEBVCYoqngZ/bXVfOq+FUDUolTX1tlGsdB8eiBuWMaSWnnM+TbKKO2B/PmhRpbc
XfuUn4hI4GcSqLeVT9YEEJGGCLavcaAH4/LIX90DdmTLGUgaGrcnk7wNEXgRI7tR
eDROjSpzPu/QmaZ3GG1vehtBcEXTvj/tBlDN/qzC8qpud/7DyNEG0FaFdX1ydo+/
k5vJWh2e3PiqVO5KrCVDzvEip3LxrJR8OIxHEDaSV9Qi
-----END CERTIFICATE-----