Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JETyinHSMyhF0Hog9bGcAScD8f4.roa
File:                     JETyinHSMyhF0Hog9bGcAScD8f4.roa (raw, json)
Hash identifier:          4Kj2mKrLtmxI7TYeJK0U9jCZOBxMuJe62xxVGf6ezuM=
Subject key identifier:   24:44:F2:8A:71:D2:33:28:45:D0:7A:20:F5:B1:9C:01:27:03:F1:FE
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DF3B5C6E9566162C209FE16E16F30B0CC
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JETyinHSMyhF0Hog9bGcAScD8f4.roa
Signing time:             Mon 04 May 2026 15:57:49 +0000
ROA not before:           Mon 04 May 2026 15:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        84.21.188.0/24 maxlen: 24
                          2a10:7500::/29 maxlen: 29
                          2a13:8c85::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:35:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:b5:c6:e9:56:61:62:c2:09:fe:16:e1:6f:30:b0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  4 15:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2444f28a71d2332845d07a20f5b19c012703f1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a3:81:bb:31:ab:9a:a4:cf:0f:32:d8:5a:20:
                    b1:2e:9a:9c:0d:93:5c:98:19:3d:a3:78:40:a1:91:
                    7b:1d:9a:b3:2c:6b:cc:b7:2a:bf:aa:e3:ad:6b:09:
                    29:db:63:c4:4a:44:80:f6:56:5b:49:46:b4:43:06:
                    dc:a6:f7:f0:12:bd:51:dc:1b:e4:21:df:f6:74:fc:
                    c3:9d:de:1f:fb:36:77:c8:bc:eb:01:8f:87:68:92:
                    39:e4:37:64:a3:a7:9c:ed:3f:cc:53:07:23:6e:fc:
                    93:4c:42:45:67:f5:c1:b0:e0:b9:9b:ef:65:c9:c8:
                    07:b3:7c:83:a8:e7:13:dc:2f:6d:41:11:49:d5:60:
                    72:17:9a:0a:52:56:bc:9e:2a:75:77:10:5b:8b:9b:
                    74:a0:38:58:b0:15:e2:e2:53:de:60:17:2d:7b:92:
                    07:d6:fe:de:10:53:6c:d3:f4:b2:86:4f:8e:7e:9f:
                    0e:7d:1d:52:09:13:e2:0c:d9:8f:42:ff:bb:ae:a5:
                    13:8c:33:01:d1:d2:c1:e3:93:71:62:d1:f0:d8:f2:
                    db:31:b9:1b:43:98:43:70:bb:07:1c:c5:17:b3:80:
                    45:a9:52:ef:3d:d6:9e:54:31:81:2d:2c:d3:5d:8a:
                    b4:7f:5b:d2:de:6c:f9:c2:ac:33:39:bd:15:ad:a7:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:44:F2:8A:71:D2:33:28:45:D0:7A:20:F5:B1:9C:01:27:03:F1:FE
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JETyinHSMyhF0Hog9bGcAScD8f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.188.0/24
                IPv6:
                  2a10:7500::/29
                  2a13:8c85::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:a1:ea:8e:b7:67:80:12:b3:a1:3f:60:8a:62:e7:bb:aa:06:
         db:6d:1e:88:d0:c3:39:34:37:b6:a3:ed:61:e5:15:8f:58:01:
         40:6a:65:7d:0f:3e:77:3c:e3:72:58:de:34:9e:08:86:8d:98:
         9b:ab:bd:ab:f5:6d:db:19:8a:a6:a2:c8:70:b7:28:32:a8:4c:
         64:7b:49:c9:7b:a5:d3:6a:09:8b:76:4c:91:16:09:4e:f5:fc:
         b1:30:34:25:db:b1:13:3c:61:ec:0d:73:86:51:33:c6:14:56:
         20:dd:cd:f2:b8:24:e1:2b:0f:1d:ab:42:b3:c7:13:8d:5c:18:
         a4:b1:5c:a2:57:75:71:4b:c2:60:70:77:fc:16:65:a0:90:6d:
         56:7a:d0:91:1c:97:2b:14:8b:11:16:5f:82:a0:68:71:4b:24:
         18:85:d8:0d:36:dd:d1:17:de:50:8a:f2:8e:9c:fd:a9:f6:3b:
         c2:2d:3a:b7:f2:16:4b:d0:36:43:ec:67:20:ef:f2:28:a1:d9:
         ab:93:0b:93:64:34:37:7c:b6:0d:58:98:6d:f6:53:6d:8f:1f:
         d5:0d:b6:75:34:80:ef:58:26:bd:67:73:89:47:c6:93:b0:70:
         fd:b9:9b:20:54:93:c8:0a:a4:e9:53:a7:c4:09:7e:86:67:a9:
         b5:ca:91:19
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZ3ztcbpVmFiwgn+FuFvMLDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTA0MTU1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQ0ZjI4YTcxZDIzMzI4NDVkMDdhMjBmNWIxOWMwMTI3MDNmMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6OBuzGrmqTPDzLYWiCxLpqcDZNc
mBk9o3hAoZF7HZqzLGvMtyq/quOtawkp22PESkSA9lZbSUa0QwbcpvfwEr1R3Bvk
Id/2dPzDnd4f+zZ3yLzrAY+HaJI55Ddko6ec7T/MUwcjbvyTTEJFZ/XBsOC5m+9l
ycgHs3yDqOcT3C9tQRFJ1WByF5oKUla8nip1dxBbi5t0oDhYsBXi4lPeYBcte5IH
1v7eEFNs0/Syhk+Ofp8OfR1SCRPiDNmPQv+7rqUTjDMB0dLB45NxYtHw2PLbMbkb
Q5hDcLsHHMUXs4BFqVLvPdaeVDGBLSzTXYq0f1vS3mz5wqwzOb0VrafB0QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCRE8opx0jMoRdB6IPWxnAEnA/H+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSkVUeWluSFNNeWhGMEhvZzliR2NBU2NEOGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAVBW8MBQE
AgACMA4DBQMqEHUAAwUAKhOMhTANBgkqhkiG9w0BAQsFAAOCAQEAGqHqjrdngBKz
oT9gimLnu6oG220eiNDDOTQ3tqPtYeUVj1gBQGplfQ8+dzzjcljeNJ4Iho2Ym6u9
q/Vt2xmKpqLIcLcoMqhMZHtJyXul02oJi3ZMkRYJTvX8sTA0JduxEzxh7A1zhlEz
xhRWIN3N8rgk4SsPHatCs8cTjVwYpLFcold1cUvCYHB3/BZloJBtVnrQkRyXKxSL
ERZfgqBocUskGIXYDTbd0RfeUIryjpz9qfY7wi06t/IWS9A2Q+xnIO/yKKHZq5ML
k2Q0N3y2DViYbfZTbY8f1Q22dTSA71gmvWdziUfGk7Bw/bmbIFSTyAqk6VOnxAl+
hmeptcqRGQ==
-----END CERTIFICATE-----