Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/Jy76E1q7dDTCejXtPafJsRSES8Y.roa
File:                     Jy76E1q7dDTCejXtPafJsRSES8Y.roa (raw, json)
Hash identifier:          1WiGvZJxKYYrQ+5QCN5Y0ow1dlNCCLa6+9MgNHjV0TQ=
Subject key identifier:   27:2E:FA:13:5A:BB:74:34:C2:7A:35:ED:3D:A7:C9:B1:14:84:4B:C6
Certificate issuer:       /CN=358cd267c54a3fc228bca1dee372d96c60373c27
Certificate serial:       019DBEC97403CC1BFBA2E8B9B79BCE73C5C9
Authority key identifier: 35:8C:D2:67:C5:4A:3F:C2:28:BC:A1:DE:E3:72:D9:6C:60:37:3C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NYzSZ8VKP8IovKHe43LZbGA3PCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/Jy76E1q7dDTCejXtPafJsRSES8Y.roa
Signing time:             Fri 24 Apr 2026 09:19:26 +0000
ROA not before:           Fri 24 Apr 2026 09:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214895
IP address blocks:        193.242.223.0/24 maxlen: 24
                          2a0c:3b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/NYzSZ8VKP8IovKHe43LZbGA3PCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/NYzSZ8VKP8IovKHe43LZbGA3PCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NYzSZ8VKP8IovKHe43LZbGA3PCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:be:c9:74:03:cc:1b:fb:a2:e8:b9:b7:9b:ce:73:c5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=358cd267c54a3fc228bca1dee372d96c60373c27
        Validity
            Not Before: Apr 24 09:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=272efa135abb7434c27a35ed3da7c9b114844bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3c:12:54:f6:9d:89:cb:46:3e:77:e5:31:84:
                    6f:50:b5:5f:54:32:6f:38:71:56:0b:1a:e7:71:8d:
                    1b:7b:60:88:19:5c:d3:5d:b7:07:c4:e7:22:ca:8a:
                    bf:d7:f3:3d:3d:87:92:5e:df:78:64:ac:20:0c:54:
                    3c:3a:b9:e1:b9:4d:1d:89:b5:7c:25:e8:8a:99:25:
                    44:51:a9:78:00:49:c4:37:28:35:ed:2a:73:1e:0d:
                    48:ac:fc:31:ca:cb:9a:0d:d0:eb:c0:fc:61:c7:76:
                    f3:d4:53:8b:0e:c7:86:66:5f:7a:48:d2:72:91:5d:
                    f6:71:84:21:f1:b2:92:56:db:1c:bb:8e:f2:83:38:
                    e7:93:4d:45:de:7f:6c:a6:2a:16:9f:35:8e:04:ed:
                    49:cd:2c:80:0d:b5:56:d0:be:26:1e:08:8e:93:3b:
                    c3:c9:60:8f:41:a9:74:9d:1c:92:32:6f:30:8b:77:
                    69:8b:9c:7d:1b:45:76:a1:d2:4e:21:a3:69:b3:08:
                    f4:b0:f7:3e:9a:a9:a0:d6:1c:82:19:75:29:ff:b3:
                    de:11:6b:65:8d:5b:6e:89:fb:b5:c0:02:cd:d7:7c:
                    6a:33:20:60:60:5b:eb:23:64:48:54:60:0a:9c:7e:
                    46:31:25:d4:e8:9e:a0:bf:5d:4b:8f:e2:db:de:59:
                    bf:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2E:FA:13:5A:BB:74:34:C2:7A:35:ED:3D:A7:C9:B1:14:84:4B:C6
            X509v3 Authority Key Identifier:
                keyid:35:8C:D2:67:C5:4A:3F:C2:28:BC:A1:DE:E3:72:D9:6C:60:37:3C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NYzSZ8VKP8IovKHe43LZbGA3PCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/Jy76E1q7dDTCejXtPafJsRSES8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/84a1b5-1aad-4edf-ab9b-8a2e9a46819b/1/NYzSZ8VKP8IovKHe43LZbGA3PCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.223.0/24
                IPv6:
                  2a0c:3b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:17:15:9b:13:16:33:71:5b:6a:9f:fa:3a:68:6e:6f:6a:91:
         68:0e:f6:72:20:86:7c:01:48:50:d3:a7:39:72:69:07:da:f2:
         b2:59:e0:23:03:b6:f5:7f:f1:d9:43:5b:b7:f2:3f:a5:9b:a1:
         c5:e4:85:81:6d:a1:92:4a:5a:d9:b9:29:d8:83:ba:53:b3:c5:
         67:44:f9:21:39:39:c6:74:7e:5b:06:17:8b:80:62:46:8e:fd:
         78:d9:3d:af:e3:d5:5a:51:a5:bb:9a:10:50:37:32:7b:eb:f7:
         1c:e5:f3:7c:fd:25:b0:1c:43:2d:2a:30:13:61:b3:63:a5:13:
         f3:ab:91:03:ee:18:5d:a5:cb:2c:00:f9:57:f9:c2:4b:1a:d4:
         62:44:e9:00:03:5c:e0:82:ef:83:3a:e2:c7:76:5c:90:71:c8:
         d2:0d:aa:a1:92:8a:3c:4e:91:93:7b:d2:a7:4c:b7:4a:4b:ef:
         4a:a3:d2:9b:bd:19:e9:5a:ae:99:49:f3:7c:28:2a:b7:50:73:
         fc:a5:69:0a:22:47:42:9f:b4:95:40:a0:80:0b:79:7f:d4:0a:
         fe:ec:15:47:3c:40:c0:5f:41:5b:f4:8a:85:39:5a:cf:82:7d:
         03:57:29:01:d6:40:0e:35:c4:50:45:5d:c6:66:15:45:b2:0b:
         82:43:00:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2+yXQDzBv7oui5t5vOc8XJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OGNkMjY3YzU0YTNmYzIyOGJjYTFkZWUzNzJkOTZjNjAz
NzNjMjcwHhcNMjYwNDI0MDkxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJlZmExMzVhYmI3NDM0YzI3YTM1ZWQzZGE3YzliMTE0ODQ0YmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjwSVPadictGPnflMYRvULVfVDJv
OHFWCxrncY0be2CIGVzTXbcHxOciyoq/1/M9PYeSXt94ZKwgDFQ8OrnhuU0dibV8
JeiKmSVEUal4AEnENyg17SpzHg1IrPwxysuaDdDrwPxhx3bz1FOLDseGZl96SNJy
kV32cYQh8bKSVtscu47ygzjnk01F3n9spioWnzWOBO1JzSyADbVW0L4mHgiOkzvD
yWCPQal0nRySMm8wi3dpi5x9G0V2odJOIaNpswj0sPc+mqmg1hyCGXUp/7PeEWtl
jVtuifu1wALN13xqMyBgYFvrI2RIVGAKnH5GMSXU6J6gv11Lj+Lb3lm/5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCcu+hNau3Q0wno17T2nybEUhEvGMB8GA1UdIwQY
MBaAFDWM0mfFSj/CKLyh3uNy2WxgNzwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTll6U1o4VktQOElvdktIZTQzTFpiR0EzUENjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi84NGExYjUtMWFhZC00ZWRmLWFiOWIt
OGEyZTlhNDY4MTliLzEvSnk3NkUxcTdkRFRDZWpYdFBhZkpzUlNFUzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi84NGExYjUtMWFhZC00ZWRmLWFiOWItOGEyZTlhNDY4MTli
LzEvTll6U1o4VktQOElvdktIZTQzTFpiR0EzUENjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwfLfMA0E
AgACMAcDBQMqDDtAMA0GCSqGSIb3DQEBCwUAA4IBAQAoFxWbExYzcVtqn/o6aG5v
apFoDvZyIIZ8AUhQ06c5cmkH2vKyWeAjA7b1f/HZQ1u38j+lm6HF5IWBbaGSSlrZ
uSnYg7pTs8VnRPkhOTnGdH5bBheLgGJGjv142T2v49VaUaW7mhBQNzJ76/cc5fN8
/SWwHEMtKjATYbNjpRPzq5ED7hhdpcssAPlX+cJLGtRiROkAA1zggu+DOuLHdlyQ
ccjSDaqhkoo8TpGTe9KnTLdKS+9Ko9KbvRnpWq6ZSfN8KCq3UHP8pWkKIkdCn7SV
QKCAC3l/1Ar+7BVHPEDAX0Fb9IqFOVrPgn0DVykB1kAONcRQRV3GZhVFsguCQwDW
-----END CERTIFICATE-----