Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NrsjuxzJmCdko2Xcm4MqJ_qsLPU.roa
File:                     NrsjuxzJmCdko2Xcm4MqJ_qsLPU.roa (raw, json)
Hash identifier:          rNhXJ6A57+NdLGp9emX2FDoFlKHd3QW4qBX1bRHCSf4=
Subject key identifier:   36:BB:23:BB:1C:C9:98:27:64:A3:65:DC:9B:83:2A:27:FA:AC:2C:F5
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019D77534B9D8097AEF03F3E9036CC7244FD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NrsjuxzJmCdko2Xcm4MqJ_qsLPU.roa
Signing time:             Fri 10 Apr 2026 12:17:20 +0000
ROA not before:           Fri 10 Apr 2026 12:17:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        194.87.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:53:4b:9d:80:97:ae:f0:3f:3e:90:36:cc:72:44:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 10 12:17:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36bb23bb1cc9982764a365dc9b832a27faac2cf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:45:3b:84:97:4c:44:2c:8a:d8:44:92:83:4f:
                    33:f2:c6:6c:25:62:18:62:2a:91:69:a7:fa:11:e2:
                    65:ce:f4:ce:d0:ba:9c:29:28:58:37:11:1a:3a:fb:
                    e8:ff:0e:bf:1c:c8:b6:d4:5b:fd:f8:27:4c:32:8b:
                    85:c1:84:94:8a:8c:a0:08:14:45:9f:d7:e4:ff:4b:
                    d1:b4:5b:37:7e:fc:3a:80:3d:42:37:35:93:0e:09:
                    d9:fa:69:b0:b0:9e:99:7d:b7:a6:a1:93:9b:2f:c7:
                    ed:e2:76:26:db:a0:41:7b:95:e3:27:2d:c6:f4:2d:
                    b3:73:92:a8:ee:d3:a0:dd:13:2b:08:48:37:0a:cb:
                    d4:7f:b7:e0:94:e4:c7:f7:eb:ae:21:65:4f:92:c9:
                    68:27:84:43:e3:05:a6:cf:3e:a4:f0:94:5a:8e:22:
                    b8:08:88:f7:bd:7f:29:9d:94:22:10:80:c5:1a:29:
                    fc:aa:10:97:8d:49:c5:d2:68:42:94:01:ec:af:fa:
                    44:e3:d4:cb:84:d2:b9:57:47:e0:a9:af:2f:6a:9e:
                    1d:b2:93:e2:ec:48:0e:4f:98:ca:fe:5a:e1:a6:c5:
                    91:73:7b:46:c6:46:2c:c0:73:7a:da:f1:dc:84:f8:
                    ef:b7:a1:09:8c:f7:3d:48:ed:c2:fc:7f:dd:5f:8c:
                    75:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:BB:23:BB:1C:C9:98:27:64:A3:65:DC:9B:83:2A:27:FA:AC:2C:F5
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NrsjuxzJmCdko2Xcm4MqJ_qsLPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a4:4f:6b:52:23:a2:68:0d:54:5a:9e:5d:99:8d:76:4e:9a:
         8b:cb:88:e1:37:1b:91:9b:b3:bf:8f:b6:d5:a6:f0:a7:74:64:
         9e:c0:64:73:83:fc:22:32:66:d5:6b:33:08:52:89:69:39:d9:
         ec:0c:cb:27:71:e6:79:9b:c3:5e:37:38:76:95:dd:e7:3c:19:
         fb:e2:13:0d:55:6b:b1:be:4d:9c:eb:b9:d7:7a:18:b8:dc:1b:
         17:fa:bb:21:61:49:7a:52:dd:8b:d9:8c:3e:02:b5:d9:80:05:
         fb:06:25:3a:2f:fc:2b:89:ad:4b:7d:ed:a3:ec:97:3a:c2:08:
         43:16:75:fe:5c:2e:21:82:b6:b0:36:94:65:6c:35:b4:cf:ec:
         e4:58:17:b2:8d:ee:f8:10:fc:89:fe:6f:0a:6d:30:d5:7d:33:
         38:65:d4:58:8a:33:f5:86:2e:19:1c:2e:f4:25:73:9e:6b:69:
         46:19:2f:27:d1:80:f8:e3:55:42:b0:25:a6:39:ed:9c:e0:d1:
         a1:7b:49:92:88:98:b6:c6:c6:19:c3:31:18:24:0b:0a:d9:a4:
         58:ac:cb:8c:7e:05:90:bf:4b:38:35:56:fe:d3:e4:de:9f:58:
         16:ad:db:f9:0c:2f:50:f6:e0:75:7e:dd:86:11:19:d0:35:6c:
         e9:45:15:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ13U0udgJeu8D8+kDbMckT9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNDEwMTIxNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmJiMjNiYjFjYzk5ODI3NjRhMzY1ZGM5YjgzMmEyN2ZhYWMyY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEU7hJdMRCyK2ESSg08z8sZsJWIY
YiqRaaf6EeJlzvTO0LqcKShYNxEaOvvo/w6/HMi21Fv9+CdMMouFwYSUioygCBRF
n9fk/0vRtFs3fvw6gD1CNzWTDgnZ+mmwsJ6ZfbemoZObL8ft4nYm26BBe5XjJy3G
9C2zc5Ko7tOg3RMrCEg3CsvUf7fglOTH9+uuIWVPksloJ4RD4wWmzz6k8JRajiK4
CIj3vX8pnZQiEIDFGin8qhCXjUnF0mhClAHsr/pE49TLhNK5V0fgqa8vap4dspPi
7EgOT5jK/lrhpsWRc3tGxkYswHN62vHchPjvt6EJjPc9SO3C/H/dX4x1EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDa7I7scyZgnZKNl3JuDKif6rCz1MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTnJzanV4ekptQ2RrbzJYY200TXFKX3FzTFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfkMA0G
CSqGSIb3DQEBCwUAA4IBAQBmpE9rUiOiaA1UWp5dmY12TpqLy4jhNxuRm7O/j7bV
pvCndGSewGRzg/wiMmbVazMIUolpOdnsDMsnceZ5m8NeNzh2ld3nPBn74hMNVWux
vk2c67nXehi43BsX+rshYUl6Ut2L2Yw+ArXZgAX7BiU6L/wria1Lfe2j7Jc6wghD
FnX+XC4hgrawNpRlbDW0z+zkWBeyje74EPyJ/m8KbTDVfTM4ZdRYijP1hi4ZHC70
JXOea2lGGS8n0YD441VCsCWmOe2c4NGhe0mSiJi2xsYZwzEYJAsK2aRYrMuMfgWQ
v0s4NVb+0+Ten1gWrdv5DC9Q9uB1ft2GERnQNWzpRRW4
-----END CERTIFICATE-----