Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ja0BpQXhcblpKEj-Zj_RAjzr35g.roa
File:                     ja0BpQXhcblpKEj-Zj_RAjzr35g.roa (raw, json)
Hash identifier:          iy0Afou5BdlAsZDL/FBHdBDLDYuwKrfJY54mLykthTs=
Subject key identifier:   8D:AD:01:A5:05:E1:71:B9:69:28:48:FE:66:3F:D1:02:3C:EB:DF:98
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019DD79F381A19648F7BBDBFEDBE5A55EF46
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ja0BpQXhcblpKEj-Zj_RAjzr35g.roa
Signing time:             Wed 29 Apr 2026 05:03:49 +0000
ROA not before:           Wed 29 Apr 2026 05:03:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        195.216.190.0/24 maxlen: 24
                          213.182.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d7:9f:38:1a:19:64:8f:7b:bd:bf:ed:be:5a:55:ef:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Apr 29 05:03:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8dad01a505e171b9692848fe663fd1023cebdf98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:06:44:17:59:87:1c:45:9a:83:fe:3a:9b:5f:
                    a1:ca:7f:4f:24:84:de:3d:c4:ed:76:b7:18:8c:f0:
                    8d:c1:3c:f7:a8:a0:a4:1d:12:af:43:90:9c:4c:bc:
                    3a:93:33:a6:f3:87:74:ee:91:64:bd:33:74:51:2d:
                    50:bc:a1:c2:ed:12:4c:f2:cd:18:73:92:a0:97:a9:
                    4d:bc:7e:91:94:4a:bc:cd:63:7b:f5:c3:51:45:04:
                    b1:c4:1e:66:51:b6:8e:48:e4:fc:99:2d:46:fe:c8:
                    13:22:07:25:a9:0d:c0:4e:fe:d7:92:d5:79:40:0f:
                    23:b3:27:b9:f0:86:84:a6:e9:f9:5c:bf:92:81:81:
                    bd:32:e9:94:62:b4:28:f6:5e:e6:35:4b:54:b2:de:
                    47:f0:1d:49:49:2d:4f:b1:98:b2:70:3a:e2:68:d7:
                    6e:a9:a3:9f:87:82:6b:e0:3c:0d:2a:c3:02:c4:b2:
                    e6:8c:44:71:2e:1f:fc:46:79:1d:13:42:5d:40:57:
                    ee:0f:84:27:38:e2:5b:aa:8e:49:7f:62:30:13:68:
                    71:1f:8c:7a:7d:6f:ab:89:32:bb:d6:07:68:da:83:
                    b3:c4:18:99:65:c2:5e:01:2e:d7:92:e7:0d:f3:d2:
                    4f:db:c2:95:4e:11:03:e5:72:d5:30:51:b7:cd:b9:
                    dc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AD:01:A5:05:E1:71:B9:69:28:48:FE:66:3F:D1:02:3C:EB:DF:98
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ja0BpQXhcblpKEj-Zj_RAjzr35g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.190.0/24
                  213.182.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:72:97:77:42:5b:b2:5c:b4:cd:5a:f1:14:86:fc:7a:b8:6b:
         ad:4f:c9:b3:74:13:dd:0b:67:48:fc:13:20:73:27:14:c2:e8:
         47:60:f4:47:80:1f:b9:0b:6d:c6:f6:21:71:77:a7:11:8c:a5:
         98:3c:5c:71:95:2c:eb:98:a8:e9:34:e2:27:db:bc:15:19:79:
         8a:ed:e2:5d:4c:83:78:7d:3b:fa:aa:fd:cc:2f:b6:e3:05:b7:
         85:2e:87:88:71:e3:14:69:01:a0:96:4a:91:9e:47:21:e1:35:
         ad:a8:e3:9e:72:f3:ec:b0:1b:ec:14:1b:5c:3a:50:9a:6d:91:
         94:78:64:c4:66:cb:ea:32:c3:5d:38:77:64:30:85:6a:0e:01:
         8c:0d:89:08:03:60:c1:0e:3a:85:74:73:50:0c:2d:8e:96:31:
         ac:23:1e:ae:ed:56:f4:e0:0c:1e:3e:a7:5c:74:89:9a:45:e8:
         88:69:3e:65:9d:da:cd:31:3a:72:3b:f2:80:b8:17:62:a2:0d:
         3d:c6:af:90:bd:95:8d:2b:6d:1d:89:d4:02:eb:f7:9f:17:43:
         f9:e4:3d:d8:aa:57:ef:24:ba:2b:ce:4d:84:18:41:61:85:2f:
         69:31:48:82:de:f5:23:c6:63:00:2f:24:b9:85:f6:b3:36:55:
         3c:18:d8:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3XnzgaGWSPe72/7b5aVe9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwNDI5MDUwMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGFkMDFhNTA1ZTE3MWI5NjkyODQ4ZmU2NjNmZDEwMjNjZWJkZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogZEF1mHHEWag/46m1+hyn9PJITe
PcTtdrcYjPCNwTz3qKCkHRKvQ5CcTLw6kzOm84d07pFkvTN0US1QvKHC7RJM8s0Y
c5Kgl6lNvH6RlEq8zWN79cNRRQSxxB5mUbaOSOT8mS1G/sgTIgclqQ3ATv7XktV5
QA8jsye58IaEpun5XL+SgYG9MumUYrQo9l7mNUtUst5H8B1JSS1PsZiycDriaNdu
qaOfh4Jr4DwNKsMCxLLmjERxLh/8RnkdE0JdQFfuD4QnOOJbqo5Jf2IwE2hxH4x6
fW+riTK71gdo2oOzxBiZZcJeAS7XkucN89JP28KVThED5XLVMFG3zbnc1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI2tAaUF4XG5aShI/mY/0QI869+YMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvamEwQnBRWGhjYmxwS0VqLVpqX1JBanpyMzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw9i+AwQA
1bbSMA0GCSqGSIb3DQEBCwUAA4IBAQA0cpd3QluyXLTNWvEUhvx6uGutT8mzdBPd
C2dI/BMgcycUwuhHYPRHgB+5C23G9iFxd6cRjKWYPFxxlSzrmKjpNOIn27wVGXmK
7eJdTIN4fTv6qv3ML7bjBbeFLoeIceMUaQGglkqRnkch4TWtqOOecvPssBvsFBtc
OlCabZGUeGTEZsvqMsNdOHdkMIVqDgGMDYkIA2DBDjqFdHNQDC2OljGsIx6u7Vb0
4AwePqdcdImaReiIaT5lndrNMTpyO/KAuBdiog09xq+QvZWNK20didQC6/efF0P5
5D3YqlfvJLorzk2EGEFhhS9pMUiC3vUjxmMALyS5hfazNlU8GNhO
-----END CERTIFICATE-----