Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/jeFbySBpHorY8gy4g9NbImjbiPQ.roa
File:                     jeFbySBpHorY8gy4g9NbImjbiPQ.roa (raw, json)
Hash identifier:          GEOrr5v0RnlYw8g2F/mQmGieOFOFv4tArrEv9TEQxlM=
Subject key identifier:   8D:E1:5B:C9:20:69:1E:8A:D8:F2:0C:B8:83:D3:5B:22:68:DB:88:F4
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019D0CFC3A2E1035E08CA000C8BEE500CF14
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/jeFbySBpHorY8gy4g9NbImjbiPQ.roa
Signing time:             Fri 20 Mar 2026 20:42:29 +0000
ROA not before:           Fri 20 Mar 2026 20:42:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.102.39.0/24 maxlen: 24
                          195.222.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0c:fc:3a:2e:10:35:e0:8c:a0:00:c8:be:e5:00:cf:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Mar 20 20:42:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8de15bc920691e8ad8f20cb883d35b2268db88f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e6:58:3d:ed:01:78:6f:43:7f:ea:b5:f5:0d:
                    08:7a:a9:14:5f:73:05:ea:85:f3:4c:29:ab:dc:c0:
                    ee:48:45:eb:ab:81:63:d1:da:29:e5:c6:63:0a:4d:
                    fd:ce:2d:11:58:2b:e3:c2:ec:6c:f3:c5:9b:d1:5e:
                    dd:c2:fc:9b:6c:21:93:69:b9:9f:9d:a6:73:12:66:
                    90:e7:8b:0d:bb:a5:b9:e0:8e:58:f5:a4:47:71:2a:
                    37:54:2b:80:ba:de:42:cc:72:90:c0:6e:13:12:e4:
                    07:3b:e4:41:0b:00:e2:55:4c:56:31:7e:6a:cd:65:
                    f4:1c:ca:5a:a3:56:24:d3:dd:b8:00:d0:11:75:a8:
                    a7:05:53:de:ff:24:dd:69:31:d2:4b:e2:0d:1f:49:
                    0e:39:72:9e:ac:be:e2:e2:ba:e5:19:ba:23:41:6a:
                    87:a7:44:04:fe:11:30:52:36:3c:1a:30:fb:25:f6:
                    9a:d1:b6:1f:ab:94:24:b7:d8:e0:ce:84:67:2d:59:
                    b9:84:be:46:d4:78:c5:45:69:03:15:1d:ce:02:1c:
                    63:a4:10:55:23:02:80:a1:8c:10:b6:9a:4b:61:fe:
                    83:de:bb:a3:bd:bc:43:c0:ff:8a:af:35:4e:8e:2d:
                    a2:b9:6d:0d:54:f0:53:b3:da:12:ed:c9:81:ab:36:
                    01:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E1:5B:C9:20:69:1E:8A:D8:F2:0C:B8:83:D3:5B:22:68:DB:88:F4
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/jeFbySBpHorY8gy4g9NbImjbiPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.39.0/24
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c3:b8:18:67:cb:43:8a:42:9a:1f:73:66:90:7e:53:83:4c:
         e1:ee:29:90:18:b3:4e:d6:8e:20:64:af:37:fb:8d:5d:cb:4f:
         ee:fa:99:ea:af:b8:97:58:7a:33:ce:a4:8c:04:6c:df:23:b0:
         c7:75:22:3e:fc:2b:c1:1f:6b:99:ee:0f:e6:4a:7f:b7:47:3b:
         30:06:a8:18:4f:4a:a8:8f:6a:c3:fa:16:38:dd:c0:66:33:03:
         28:ab:5a:62:2c:bd:4f:21:01:ff:47:3f:4f:a6:ef:c1:e3:e2:
         7e:3c:bf:50:aa:ce:6d:08:f3:55:f5:41:28:24:02:87:6f:fd:
         37:9d:68:05:b4:71:cf:24:63:41:b8:70:95:33:b8:73:1f:49:
         3a:13:b0:5f:1b:04:e4:c8:50:2c:57:0c:60:d7:71:48:a8:44:
         7b:52:a5:91:f9:ce:89:d2:c9:36:72:62:91:67:b5:cc:3b:a5:
         20:ff:16:33:87:ef:7a:a9:ed:09:f5:59:34:63:f0:66:68:6e:
         98:6a:ae:ff:38:9d:26:43:26:06:87:16:63:c3:78:e3:43:be:
         14:ff:57:75:9e:8e:dd:09:40:09:9f:3f:92:c2:0a:1b:f7:3a:
         00:17:9b:c3:16:54:bb:4a:89:bc:db:14:eb:2e:ac:ef:c7:b8:
         30:ba:a0:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0M/DouEDXgjKAAyL7lAM8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwMzIwMjA0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGUxNWJjOTIwNjkxZThhZDhmMjBjYjg4M2QzNWIyMjY4ZGI4OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOZYPe0BeG9Df+q19Q0IeqkUX3MF
6oXzTCmr3MDuSEXrq4Fj0dop5cZjCk39zi0RWCvjwuxs88Wb0V7dwvybbCGTabmf
naZzEmaQ54sNu6W54I5Y9aRHcSo3VCuAut5CzHKQwG4TEuQHO+RBCwDiVUxWMX5q
zWX0HMpao1Yk0924ANARdainBVPe/yTdaTHSS+INH0kOOXKerL7i4rrlGbojQWqH
p0QE/hEwUjY8GjD7Jfaa0bYfq5Qkt9jgzoRnLVm5hL5G1HjFRWkDFR3OAhxjpBBV
IwKAoYwQtppLYf6D3rujvbxDwP+KrzVOji2iuW0NVPBTs9oS7cmBqzYB1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI3hW8kgaR6K2PIMuIPTWyJo24j0MB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvamVGYnlTQnBIb3JZOGd5NGc5TmJJbWpiaVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABWYnAwQA
w95/MA0GCSqGSIb3DQEBCwUAA4IBAQBiw7gYZ8tDikKaH3NmkH5Tg0zh7imQGLNO
1o4gZK83+41dy0/u+pnqr7iXWHozzqSMBGzfI7DHdSI+/CvBH2uZ7g/mSn+3Rzsw
BqgYT0qoj2rD+hY43cBmMwMoq1piLL1PIQH/Rz9Ppu/B4+J+PL9Qqs5tCPNV9UEo
JAKHb/03nWgFtHHPJGNBuHCVM7hzH0k6E7BfGwTkyFAsVwxg13FIqER7UqWR+c6J
0sk2cmKRZ7XMO6Ug/xYzh+96qe0J9Vk0Y/BmaG6Yaq7/OJ0mQyYGhxZjw3jjQ74U
/1d1no7dCUAJnz+Swgob9zoAF5vDFlS7Som82xTrLqzvx7gwuqAp
-----END CERTIFICATE-----