Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/J2u-WNebQOND5pQrDIUacy8j8l8.roa
File:                     J2u-WNebQOND5pQrDIUacy8j8l8.roa (raw, json)
Hash identifier:          Vvd0TjXjR9FhkBvtO2YJqbWdHXAU/GB3ZQoXK3zVnls=
Subject key identifier:   27:6B:BE:58:D7:9B:40:E3:43:E6:94:2B:0C:85:1A:73:2F:23:F2:5F
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       01997FA5EA8A1C11C7A3107F9A3488A63004
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/J2u-WNebQOND5pQrDIUacy8j8l8.roa
Signing time:             Thu 25 Sep 2025 06:53:23 +0000
ROA not before:           Thu 25 Sep 2025 06:53:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        87.246.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7f:a5:ea:8a:1c:11:c7:a3:10:7f:9a:34:88:a6:30:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Sep 25 06:53:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=276bbe58d79b40e343e6942b0c851a732f23f25f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:dc:01:34:ee:91:8e:37:bd:b2:5b:eb:fa:23:
                    84:fb:b9:f0:48:7d:4c:37:f1:6c:fd:06:72:cb:4e:
                    8a:30:63:53:fc:6b:5b:82:26:27:cb:d6:90:2d:19:
                    b2:5d:71:a5:a4:44:99:c1:52:80:96:e4:37:2f:30:
                    af:d2:1c:ba:75:78:19:31:4a:79:d9:d9:53:a3:6e:
                    f3:99:ce:0b:20:1b:94:02:df:e0:50:fe:41:32:89:
                    f0:17:67:c6:93:72:aa:48:73:2d:68:25:2c:34:d7:
                    65:bb:27:c6:6a:c2:dd:43:8f:4f:f7:14:c2:86:42:
                    81:05:d2:64:e8:ea:9f:13:f3:d1:aa:74:4e:5c:08:
                    6d:da:65:98:40:54:94:93:8d:7d:59:c1:c2:f9:2d:
                    41:42:33:17:00:b9:93:99:d7:03:5c:8c:fc:5a:48:
                    87:80:76:84:1d:70:6b:3e:58:02:0d:0d:d6:5d:d6:
                    89:0d:2b:ae:9c:62:99:ef:69:85:6d:a1:bf:e0:a9:
                    9d:3d:5b:f5:2c:9b:25:64:af:47:f9:58:06:6b:01:
                    c9:60:d6:6b:ca:33:d8:dc:c5:6b:4c:2b:97:f5:24:
                    2e:4e:6a:3e:c0:a1:a5:11:09:37:8a:59:e7:f2:ac:
                    0b:6b:af:10:64:51:ee:17:d0:5e:7a:4f:bc:d3:f5:
                    16:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6B:BE:58:D7:9B:40:E3:43:E6:94:2B:0C:85:1A:73:2F:23:F2:5F
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/J2u-WNebQOND5pQrDIUacy8j8l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:4f:03:32:ba:3a:81:0e:34:d9:de:ae:61:03:03:91:b7:89:
         5f:b3:44:2d:d3:a8:ac:fc:2c:11:2e:5d:49:2c:2a:ab:ef:be:
         96:51:e7:a0:b7:42:c0:15:34:bb:51:c3:08:05:3a:45:3e:b9:
         d0:8e:61:a9:cb:13:8b:62:d1:b6:8e:e5:7f:7e:06:12:1d:3d:
         b5:59:ee:3f:89:44:0f:24:64:ff:55:01:71:8f:6b:16:8f:cb:
         18:fa:e9:d9:14:a4:c0:56:9c:02:e7:6b:4f:30:d7:a3:39:c2:
         d7:28:c7:1a:3d:93:92:df:b2:65:7f:f6:4e:18:23:0d:55:65:
         84:15:5d:a5:3e:b6:a4:98:14:6e:e4:1c:c8:32:68:70:5c:21:
         bd:99:8a:c5:f9:01:db:e7:f1:1a:fd:32:5e:4b:cd:34:6a:c4:
         a7:8b:34:e8:78:8d:4a:f8:6f:8d:b0:73:6b:88:67:95:2e:39:
         6a:34:fb:85:f8:b6:c5:6c:b2:3c:eb:29:65:4a:9f:dd:c3:95:
         eb:b9:87:5c:65:fe:0b:35:77:de:22:aa:b5:5b:fa:b0:29:d5:
         2b:bb:e4:cf:4f:4b:61:00:fc:9a:05:a1:da:28:84:69:ef:09:
         46:78:a7:35:12:f1:7e:4e:fd:3a:cc:40:ad:5e:90:93:f4:d4:
         6d:c7:53:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl/peqKHBHHoxB/mjSIpjAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjUwOTI1MDY1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZiYmU1OGQ3OWI0MGUzNDNlNjk0MmIwYzg1MWE3MzJmMjNmMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9wBNO6Rjje9slvr+iOE+7nwSH1M
N/Fs/QZyy06KMGNT/GtbgiYny9aQLRmyXXGlpESZwVKAluQ3LzCv0hy6dXgZMUp5
2dlTo27zmc4LIBuUAt/gUP5BMonwF2fGk3KqSHMtaCUsNNdluyfGasLdQ49P9xTC
hkKBBdJk6OqfE/PRqnROXAht2mWYQFSUk419WcHC+S1BQjMXALmTmdcDXIz8WkiH
gHaEHXBrPlgCDQ3WXdaJDSuunGKZ72mFbaG/4KmdPVv1LJslZK9H+VgGawHJYNZr
yjPY3MVrTCuX9SQuTmo+wKGlEQk3ilnn8qwLa68QZFHuF9Beek+80/UWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdrvljXm0DjQ+aUKwyFGnMvI/JfMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvSjJ1LVdOZWJRT05ENXBRckRJVWFjeThqOGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV/YIMA0G
CSqGSIb3DQEBCwUAA4IBAQBBTwMyujqBDjTZ3q5hAwORt4lfs0Qt06is/CwRLl1J
LCqr776WUeegt0LAFTS7UcMIBTpFPrnQjmGpyxOLYtG2juV/fgYSHT21We4/iUQP
JGT/VQFxj2sWj8sY+unZFKTAVpwC52tPMNejOcLXKMcaPZOS37Jlf/ZOGCMNVWWE
FV2lPrakmBRu5BzIMmhwXCG9mYrF+QHb5/Ea/TJeS800asSnizToeI1K+G+NsHNr
iGeVLjlqNPuF+LbFbLI86yllSp/dw5XruYdcZf4LNXfeIqq1W/qwKdUru+TPT0th
APyaBaHaKIRp7wlGeKc1EvF+Tv06zECtXpCT9NRtx1PA
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:59 2025 by rpki-client