Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/jrpa6ffgl6ZLg25PBip0s0JQIn4.roa
File:                     jrpa6ffgl6ZLg25PBip0s0JQIn4.roa (raw, json)
Hash identifier:          V9w3w4fEjx0PYusw02oT6lMuGBaV9qjr55iLXhK3FqQ=
Subject key identifier:   8E:BA:5A:E9:F7:E0:97:A6:4B:83:6E:4F:06:2A:74:B3:42:50:22:7E
Certificate issuer:       /CN=aa15972cfbb76fa76a9a33da797c6733c348b4fe
Certificate serial:       019D1CFA9C2C5A16123C755A7C4A971392E3
Authority key identifier: AA:15:97:2C:FB:B7:6F:A7:6A:9A:33:DA:79:7C:67:33:C3:48:B4:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qhWXLPu3b6dqmjPaeXxnM8NItP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/jrpa6ffgl6ZLg25PBip0s0JQIn4.roa
Signing time:             Mon 23 Mar 2026 23:14:39 +0000
ROA not before:           Mon 23 Mar 2026 23:14:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199924
IP address blocks:        46.235.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/qhWXLPu3b6dqmjPaeXxnM8NItP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/qhWXLPu3b6dqmjPaeXxnM8NItP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qhWXLPu3b6dqmjPaeXxnM8NItP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:fa:9c:2c:5a:16:12:3c:75:5a:7c:4a:97:13:92:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa15972cfbb76fa76a9a33da797c6733c348b4fe
        Validity
            Not Before: Mar 23 23:14:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8eba5ae9f7e097a64b836e4f062a74b34250227e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e2:e5:91:40:a9:4f:25:ba:2b:93:5c:07:27:
                    03:93:c8:cd:79:6e:06:e5:dc:07:f0:ea:1e:09:23:
                    0b:2e:97:75:47:52:5f:a9:41:ee:be:19:74:6b:6b:
                    e3:ea:49:af:56:c1:bb:79:8b:24:f6:bf:3b:27:2d:
                    ea:fd:52:1a:94:76:40:ee:55:06:a9:d4:6f:88:20:
                    12:d4:6c:83:07:c4:b5:32:cb:2e:c0:9a:a3:c2:04:
                    a3:53:cf:76:bf:31:06:03:ed:0c:60:71:ce:4e:d5:
                    8a:ee:a0:71:3f:53:4b:9d:f4:55:e0:29:8a:52:7f:
                    50:be:df:4f:26:96:0a:ab:a7:b8:cb:62:1f:de:97:
                    a5:4b:ae:b8:27:0a:c5:86:f4:dd:b6:92:7b:bc:ba:
                    4b:c6:d1:ba:d9:bd:1e:85:89:9d:03:51:c8:be:cb:
                    23:03:9f:32:fa:4a:0e:72:86:f4:17:d9:8c:ef:46:
                    f4:47:bb:6d:f3:6d:e1:64:e8:05:fe:a6:4c:fd:6f:
                    25:00:94:4c:4a:18:05:fb:f2:8b:a0:dc:ef:10:eb:
                    27:f6:c8:e3:fd:5c:62:38:75:ea:ed:49:14:9a:3f:
                    e2:b3:34:c5:d4:c6:88:68:a8:9f:2f:06:77:9b:ae:
                    6b:64:c6:77:7a:df:7d:22:24:97:14:a4:99:26:66:
                    41:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BA:5A:E9:F7:E0:97:A6:4B:83:6E:4F:06:2A:74:B3:42:50:22:7E
            X509v3 Authority Key Identifier:
                keyid:AA:15:97:2C:FB:B7:6F:A7:6A:9A:33:DA:79:7C:67:33:C3:48:B4:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qhWXLPu3b6dqmjPaeXxnM8NItP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/jrpa6ffgl6ZLg25PBip0s0JQIn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a82835-123b-4532-aba6-d60d5127825d/1/qhWXLPu3b6dqmjPaeXxnM8NItP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:71:64:ee:27:63:28:7c:38:a7:5f:5a:30:8a:e3:ae:99:f2:
         68:54:0c:69:a1:a7:b0:be:e4:3b:a8:98:e7:a6:58:59:a6:40:
         5f:d0:47:39:31:e8:df:4a:6f:55:06:02:21:f4:17:30:a4:85:
         4b:89:59:a7:68:e8:ef:75:88:8d:b6:97:a4:d6:e7:54:7e:05:
         16:84:cb:a3:5a:31:f7:57:f1:d0:f2:97:95:96:20:99:c7:49:
         59:05:34:5c:1e:0f:6f:1b:f5:19:53:c7:85:db:0a:e1:da:3a:
         40:65:ff:75:9c:03:84:2e:98:28:cc:7a:ca:a0:b6:f0:46:f3:
         f0:64:ed:e4:c9:32:20:6c:8f:e5:43:77:98:e1:3a:1f:1e:10:
         a6:c3:df:ce:00:5f:27:42:61:28:7d:7b:19:c3:0c:02:3f:aa:
         1b:0e:4e:fd:cc:8b:65:ac:69:7e:04:cf:51:ee:0f:56:82:b0:
         19:4f:b5:91:57:c6:ed:e8:94:58:18:a9:97:82:3d:f0:7d:1a:
         3c:84:ec:2b:93:b7:0f:05:77:94:e9:02:11:38:ae:48:f4:99:
         ca:a3:fc:21:f3:0b:2a:6f:8e:a9:39:ae:5c:3d:97:ea:90:96:
         df:13:d6:42:dc:60:e8:c0:58:a3:6f:db:1c:5e:2b:78:72:21:
         24:72:dd:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0c+pwsWhYSPHVafEqXE5LjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMTU5NzJjZmJiNzZmYTc2YTlhMzNkYTc5N2M2NzMzYzM0
OGI0ZmUwHhcNMjYwMzIzMjMxNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJhNWFlOWY3ZTA5N2E2NGI4MzZlNGYwNjJhNzRiMzQyNTAyMjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOLlkUCpTyW6K5NcBycDk8jNeW4G
5dwH8OoeCSMLLpd1R1JfqUHuvhl0a2vj6kmvVsG7eYsk9r87Jy3q/VIalHZA7lUG
qdRviCAS1GyDB8S1MssuwJqjwgSjU892vzEGA+0MYHHOTtWK7qBxP1NLnfRV4CmK
Un9Qvt9PJpYKq6e4y2If3pelS664JwrFhvTdtpJ7vLpLxtG62b0ehYmdA1HIvssj
A58y+koOcob0F9mM70b0R7tt823hZOgF/qZM/W8lAJRMShgF+/KLoNzvEOsn9sjj
/VxiOHXq7UkUmj/iszTF1MaIaKifLwZ3m65rZMZ3et99IiSXFKSZJmZBewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI66Wun34JemS4NuTwYqdLNCUCJ+MB8GA1UdIwQY
MBaAFKoVlyz7t2+napoz2nl8ZzPDSLT+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWhXWExQdTNiNmRxbWpQYWVYeG5NOE5JdFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODI4MzUtMTIzYi00NTMyLWFiYTYt
ZDYwZDUxMjc4MjVkLzEvanJwYTZmZmdsNlpMZzI1UEJpcDBzMEpRSW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODI4MzUtMTIzYi00NTMyLWFiYTYtZDYwZDUxMjc4MjVk
LzEvcWhXWExQdTNiNmRxbWpQYWVYeG5NOE5JdFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALusPMA0G
CSqGSIb3DQEBCwUAA4IBAQATcWTuJ2MofDinX1owiuOumfJoVAxpoaewvuQ7qJjn
plhZpkBf0Ec5MejfSm9VBgIh9BcwpIVLiVmnaOjvdYiNtpek1udUfgUWhMujWjH3
V/HQ8peVliCZx0lZBTRcHg9vG/UZU8eF2wrh2jpAZf91nAOELpgozHrKoLbwRvPw
ZO3kyTIgbI/lQ3eY4TofHhCmw9/OAF8nQmEofXsZwwwCP6obDk79zItlrGl+BM9R
7g9WgrAZT7WRV8bt6JRYGKmXgj3wfRo8hOwrk7cPBXeU6QIROK5I9JnKo/wh8wsq
b46pOa5cPZfqkJbfE9ZC3GDowFijb9scXit4ciEkct0Y
-----END CERTIFICATE-----