Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/jdhRRSqw1KV-OBkZuUAJ-tCWDik.roa
File:                     jdhRRSqw1KV-OBkZuUAJ-tCWDik.roa (raw, json)
Hash identifier:          PZnlHT69L4VcU/X0HEwE+Wn3yCWoZ+g03Z4fHifOKPg=
Subject key identifier:   8D:D8:51:45:2A:B0:D4:A5:7E:38:19:19:B9:40:09:FA:D0:96:0E:29
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       019CC2B1EFDE3A1F3EEAA8A4C42C7DBC432C
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/jdhRRSqw1KV-OBkZuUAJ-tCWDik.roa
Signing time:             Fri 06 Mar 2026 10:29:26 +0000
ROA not before:           Fri 06 Mar 2026 10:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50220
IP address blocks:        89.39.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:b1:ef:de:3a:1f:3e:ea:a8:a4:c4:2c:7d:bc:43:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Mar  6 10:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8dd851452ab0d4a57e381919b94009fad0960e29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a8:0a:ae:4b:0a:9f:7c:14:28:78:0f:ad:eb:
                    2d:6d:d8:af:79:b7:be:19:14:ec:0a:4d:57:29:01:
                    b9:4f:d4:ce:5d:5d:02:c7:f5:58:20:9b:4b:3f:e5:
                    ff:4b:0d:f9:41:5b:af:e6:02:e0:2d:40:ff:34:52:
                    75:8d:f1:48:56:ec:57:06:72:23:66:91:38:01:a7:
                    7f:22:1a:b4:eb:ae:69:a9:9d:4b:4a:91:54:da:90:
                    d2:a0:18:d0:51:7e:80:21:0b:64:f7:73:53:12:13:
                    e2:70:f1:80:4e:a1:4e:35:49:2f:6c:89:9c:88:c6:
                    0d:42:62:b4:a9:25:54:a5:a0:0f:db:b8:f7:68:53:
                    a4:35:d1:70:d2:84:27:c3:a8:38:db:01:7e:9e:8e:
                    53:35:d6:61:35:e7:af:45:0b:07:c6:fb:8b:93:a4:
                    96:0b:62:18:00:55:f0:72:4b:5c:0f:38:b2:85:5e:
                    26:b4:d2:e8:69:63:0a:d5:dc:ee:75:f1:0a:75:c5:
                    24:c3:11:29:30:d0:09:1a:90:bf:d4:6b:9e:57:bd:
                    1b:47:88:77:73:53:e6:33:0e:d1:b4:3c:83:62:e6:
                    ca:89:ae:4e:01:32:b2:21:3c:3b:41:ad:18:b2:5e:
                    d2:26:b2:3c:a2:f2:bf:4b:db:d6:95:8b:99:53:0c:
                    e6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D8:51:45:2A:B0:D4:A5:7E:38:19:19:B9:40:09:FA:D0:96:0E:29
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/jdhRRSqw1KV-OBkZuUAJ-tCWDik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b5:b3:21:88:d3:68:eb:e5:cc:d0:32:28:77:eb:be:12:28:
         50:0b:ee:ac:a6:ee:c2:4c:0b:0a:b4:e7:e2:4a:71:ca:8d:52:
         6d:67:42:02:26:d4:ad:4d:e1:49:ba:94:e9:0d:80:d8:21:19:
         b9:a8:07:61:e6:73:87:82:b7:65:8a:97:4a:c1:87:50:9f:4f:
         13:57:bb:9d:1b:6d:47:da:4f:c1:86:ec:d0:6b:a7:96:2c:1e:
         eb:25:e5:d9:58:33:08:d4:ef:61:07:50:a6:d1:8b:1e:99:a8:
         2e:c9:38:ac:36:19:93:23:6d:b8:5b:02:ce:56:25:5f:8a:72:
         fa:fa:3a:6f:a3:22:a8:0e:6f:03:f4:8c:ea:37:09:02:76:0a:
         61:61:ad:27:cf:68:2d:04:62:ba:79:88:7e:de:29:dd:e3:a4:
         1d:12:6f:ad:6b:b7:a7:0f:d2:47:4a:b9:25:d4:e8:bd:7c:40:
         f9:32:10:ef:c5:0c:8c:ec:9f:e7:46:0a:04:88:68:db:29:d2:
         b8:fc:a1:fd:ca:89:77:b2:88:b1:cd:3f:49:15:98:b0:f8:df:
         e4:f7:32:23:8b:97:0c:ab:d1:57:cb:e1:b6:db:62:b0:bb:02:
         d2:bb:ba:3b:e7:84:b0:35:8b:01:1a:7a:9e:6d:bd:0d:b0:d2:
         47:63:6a:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCse/eOh8+6qikxCx9vEMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjYwMzA2MTAyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ4NTE0NTJhYjBkNGE1N2UzODE5MTliOTQwMDlmYWQwOTYwZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKgKrksKn3wUKHgPrestbdivebe+
GRTsCk1XKQG5T9TOXV0Cx/VYIJtLP+X/Sw35QVuv5gLgLUD/NFJ1jfFIVuxXBnIj
ZpE4Aad/Ihq0665pqZ1LSpFU2pDSoBjQUX6AIQtk93NTEhPicPGATqFONUkvbImc
iMYNQmK0qSVUpaAP27j3aFOkNdFw0oQnw6g42wF+no5TNdZhNeevRQsHxvuLk6SW
C2IYAFXwcktcDziyhV4mtNLoaWMK1dzudfEKdcUkwxEpMNAJGpC/1GueV70bR4h3
c1PmMw7RtDyDYubKia5OATKyITw7Qa0Ysl7SJrI8ovK/S9vWlYuZUwzmuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3YUUUqsNSlfjgZGblACfrQlg4pMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvamRoUlJTcXcxS1YtT0JrWnVVQUotdENXRGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSdYMA0G
CSqGSIb3DQEBCwUAA4IBAQBxtbMhiNNo6+XM0DIod+u+EihQC+6spu7CTAsKtOfi
SnHKjVJtZ0ICJtStTeFJupTpDYDYIRm5qAdh5nOHgrdlipdKwYdQn08TV7udG21H
2k/BhuzQa6eWLB7rJeXZWDMI1O9hB1Cm0YsemaguyTisNhmTI224WwLOViVfinL6
+jpvoyKoDm8D9IzqNwkCdgphYa0nz2gtBGK6eYh+3ind46QdEm+ta7enD9JHSrkl
1Oi9fED5MhDvxQyM7J/nRgoEiGjbKdK4/KH9yol3soixzT9JFZiw+N/k9zIji5cM
q9FXy+G222KwuwLSu7o754SwNYsBGnqebb0NsNJHY2q/
-----END CERTIFICATE-----