Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/jWhLrhE9ioMP947eBu_O1EpWlOQ.roa
File:                     jWhLrhE9ioMP947eBu_O1EpWlOQ.roa (raw, json)
Hash identifier:          zqiN2GO+4eADjryw36IzQaGz8V+eCkbHjcHuBCp6yME=
Subject key identifier:   8D:68:4B:AE:11:3D:8A:83:0F:F7:8E:DE:06:EF:CE:D4:4A:56:94:E4
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019DFE93F57DD280CFFBF704E35482EF3B49
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/jWhLrhE9ioMP947eBu_O1EpWlOQ.roa
Signing time:             Wed 06 May 2026 18:36:42 +0000
ROA not before:           Wed 06 May 2026 18:36:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213702
IP address blocks:        132.243.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:93:f5:7d:d2:80:cf:fb:f7:04:e3:54:82:ef:3b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: May  6 18:36:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d684bae113d8a830ff78ede06efced44a5694e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c9:b4:e6:b7:02:d4:b4:33:9f:74:c1:12:18:
                    5d:07:ac:0e:30:23:dd:ba:57:f5:70:09:d5:0c:ba:
                    d4:b9:e6:38:83:6c:57:9a:55:d5:1f:c8:67:41:99:
                    08:79:52:a1:d9:e1:44:90:7e:37:41:33:03:be:df:
                    46:6d:16:2c:c2:0a:b5:9a:63:d5:20:97:f7:da:27:
                    b3:03:f6:47:9b:ab:9f:75:e1:6d:8e:a5:bb:86:7d:
                    cf:7a:6b:28:25:a7:7e:04:d3:32:cf:9f:f4:99:e9:
                    4a:af:32:e4:e8:16:bc:a3:34:ed:d7:f6:b9:35:8f:
                    58:99:a1:1d:65:73:f7:00:cb:19:51:8b:c7:92:ca:
                    6a:a9:99:71:d0:03:d0:8e:9d:8e:ef:a8:74:a9:ef:
                    cb:02:06:6c:d0:01:cf:86:b7:55:20:df:4c:26:ef:
                    bd:60:78:b9:8c:e0:da:5c:32:80:18:d2:66:00:6b:
                    f0:3a:72:7a:f4:e4:7c:ae:38:8d:cc:e4:32:17:4c:
                    25:88:ad:1a:49:79:8c:78:c8:55:79:00:55:23:98:
                    00:b6:8a:ed:1f:1e:e7:45:ea:ed:d7:da:09:d6:6c:
                    38:2e:05:1c:b1:83:47:99:5e:c3:27:8e:0e:4e:f2:
                    4e:f7:8b:04:c6:65:d5:86:b2:cb:56:1a:de:9e:55:
                    75:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:68:4B:AE:11:3D:8A:83:0F:F7:8E:DE:06:EF:CE:D4:4A:56:94:E4
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/jWhLrhE9ioMP947eBu_O1EpWlOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:64:ae:21:33:a1:2c:f4:06:4d:c2:a1:50:f3:80:67:1b:83:
         22:64:e7:d2:15:19:6b:18:55:c0:14:e8:80:c7:a1:99:6e:a6:
         45:d0:9a:73:b9:02:bc:a8:d1:db:da:6c:18:bc:5d:26:4e:ae:
         60:60:c0:7e:70:89:ea:63:e3:2a:34:5c:96:94:99:28:90:4e:
         b4:ec:57:1c:1a:e2:7c:64:1c:50:64:8a:41:29:f5:32:1d:b1:
         0b:d1:3e:97:24:33:d4:fa:c3:9d:0b:ba:85:82:b2:e0:fe:c2:
         d7:ed:0c:2a:1d:27:f5:64:eb:89:70:be:ff:e5:26:91:d3:0c:
         62:ae:43:bf:9d:43:d1:ab:1f:4c:60:49:96:d0:cf:31:86:9c:
         5c:96:cf:66:fa:c1:75:f4:8b:82:48:36:be:9c:1e:2b:07:4b:
         de:4b:2f:e4:65:31:fa:0e:99:43:79:f6:9e:85:fd:3e:a8:67:
         c6:e2:1c:3e:3a:ce:b0:01:d2:1f:8a:28:98:f7:7f:d2:e0:a4:
         bd:8b:3c:79:77:0d:73:0f:97:98:e4:93:b0:9b:fa:f3:5e:6e:
         54:85:d6:96:56:e6:8f:8a:a1:2e:3c:9c:ba:6a:3a:4e:b5:01:
         81:b9:b3:cb:6b:07:44:4e:60:b5:9e:df:ec:73:d6:70:c8:21:
         8b:33:08:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+k/V90oDP+/cE41SC7ztJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwNTA2MTgzNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDY4NGJhZTExM2Q4YTgzMGZmNzhlZGUwNmVmY2VkNDRhNTY5NGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsm05rcC1LQzn3TBEhhdB6wOMCPd
ulf1cAnVDLrUueY4g2xXmlXVH8hnQZkIeVKh2eFEkH43QTMDvt9GbRYswgq1mmPV
IJf32iezA/ZHm6ufdeFtjqW7hn3PemsoJad+BNMyz5/0melKrzLk6Ba8ozTt1/a5
NY9YmaEdZXP3AMsZUYvHkspqqZlx0APQjp2O76h0qe/LAgZs0AHPhrdVIN9MJu+9
YHi5jODaXDKAGNJmAGvwOnJ69OR8rjiNzOQyF0wliK0aSXmMeMhVeQBVI5gAtort
Hx7nRert19oJ1mw4LgUcsYNHmV7DJ44OTvJO94sExmXVhrLLVhrenlV1uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1oS64RPYqDD/eO3gbvztRKVpTkMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvaldoTHJoRTlpb01QOTQ3ZUJ1X08xRXBXbE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPNBMA0G
CSqGSIb3DQEBCwUAA4IBAQBXZK4hM6Es9AZNwqFQ84BnG4MiZOfSFRlrGFXAFOiA
x6GZbqZF0JpzuQK8qNHb2mwYvF0mTq5gYMB+cInqY+MqNFyWlJkokE607FccGuJ8
ZBxQZIpBKfUyHbEL0T6XJDPU+sOdC7qFgrLg/sLX7QwqHSf1ZOuJcL7/5SaR0wxi
rkO/nUPRqx9MYEmW0M8xhpxcls9m+sF19IuCSDa+nB4rB0veSy/kZTH6DplDefae
hf0+qGfG4hw+Os6wAdIfiiiY93/S4KS9izx5dw1zD5eY5JOwm/rzXm5UhdaWVuaP
iqEuPJy6ajpOtQGBubPLawdETmC1nt/sc9ZwyCGLMwgq
-----END CERTIFICATE-----