Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Nn3zUJ51MvljRGZUCANsuFxobLs.roa
File:                     Nn3zUJ51MvljRGZUCANsuFxobLs.roa (raw, json)
Hash identifier:          LQQy9c9P03J1Z8RS2F5VsLFEyXdHr1CahLP2RpLISRc=
Subject key identifier:   36:7D:F3:50:9E:75:32:F9:63:44:66:54:08:03:6C:B8:5C:68:6C:BB
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019D953918A67008D0FE379BE015D67B04DE
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Nn3zUJ51MvljRGZUCANsuFxobLs.roa
Signing time:             Thu 16 Apr 2026 07:37:20 +0000
ROA not before:           Thu 16 Apr 2026 07:37:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        185.87.58.0/24 maxlen: 24
                          188.246.209.0/24 maxlen: 24
                          188.246.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:39:18:a6:70:08:d0:fe:37:9b:e0:15:d6:7b:04:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Apr 16 07:37:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=367df3509e7532f96344665408036cb85c686cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0a:25:b1:09:b8:7b:81:50:70:c6:45:f8:f7:
                    04:f6:29:79:52:02:34:d0:1a:f2:b0:6b:82:98:c8:
                    b6:1d:74:38:52:f6:31:26:fb:b8:02:cd:13:61:14:
                    26:65:82:5d:0b:83:98:07:95:12:0a:80:0b:44:88:
                    df:39:1a:6f:91:8f:5a:b2:6f:0a:19:28:22:eb:fa:
                    1b:8a:84:56:fa:01:20:69:a4:d8:13:0c:51:dc:bd:
                    46:23:21:b5:7e:a2:9f:0f:72:36:da:17:70:91:a8:
                    a4:04:b1:80:d1:8b:41:77:a2:37:4c:4d:36:b2:3e:
                    b0:05:1b:47:93:4b:4f:70:f6:8b:54:93:24:10:1c:
                    57:be:e0:af:b8:14:e2:88:38:05:65:c2:47:f4:be:
                    4d:5e:ed:55:58:87:84:f4:7c:cf:e1:79:5b:9e:a3:
                    c5:aa:77:f8:63:64:83:f3:e3:05:2a:45:95:7e:3f:
                    35:d0:db:6a:6d:4f:7e:b7:56:3e:c0:64:35:64:53:
                    75:a4:61:34:4b:df:f4:54:3f:6d:9e:73:4f:cd:c5:
                    7a:09:b1:0c:5d:75:86:fc:10:cd:9d:86:88:04:b6:
                    c4:2e:a2:f9:0a:74:b1:15:fb:13:73:d4:f6:c1:e4:
                    86:6c:84:7b:38:ab:c5:ad:3f:4a:ef:a5:0f:ae:6d:
                    58:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7D:F3:50:9E:75:32:F9:63:44:66:54:08:03:6C:B8:5C:68:6C:BB
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Nn3zUJ51MvljRGZUCANsuFxobLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.58.0/24
                  188.246.209.0/24
                  188.246.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:cc:c4:3e:e5:6e:6d:95:1f:d3:04:d8:8c:21:22:a6:4b:a7:
         5e:81:b4:36:59:ef:85:28:d4:aa:c1:04:96:d2:48:70:86:4d:
         45:63:c7:cf:89:5a:48:89:b7:9f:55:2d:c1:9e:14:f7:ac:4c:
         26:c9:1c:24:17:ae:c8:58:a9:6f:a8:47:60:43:13:e4:3b:6e:
         e2:cf:e2:64:27:30:a8:59:8f:84:74:98:48:ee:dd:18:7f:7c:
         9d:30:b6:56:c5:bf:71:8f:e8:91:68:5c:6c:42:84:cf:bd:4f:
         a0:48:9b:f2:6b:a1:17:dd:f1:d8:f4:49:47:ab:ce:ab:f9:23:
         4c:51:8d:0c:26:31:c6:4b:45:22:0a:63:f4:83:7b:e6:2b:d2:
         12:32:d1:7e:ad:1b:05:a2:a0:93:a2:4a:09:de:71:7d:75:86:
         a6:5b:23:67:da:51:4b:38:0e:6a:2a:6a:8b:a0:68:da:c1:2d:
         be:9d:f4:3c:b9:0e:97:12:73:f0:5f:bf:e1:68:e6:b3:ba:ad:
         3e:c1:ad:9c:44:1e:c2:5f:79:a2:26:23:af:82:44:1f:f3:10:
         3a:6c:e5:9b:43:93:0f:a9:ed:21:18:dd:12:8d:e5:65:39:6f:
         c6:74:ef:79:07:d4:a9:02:13:7a:b3:b7:83:16:24:6c:f2:ad:
         8f:99:c4:8b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2VORimcAjQ/jeb4BXWewTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNDE2MDczNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdkZjM1MDllNzUzMmY5NjM0NDY2NTQwODAzNmNiODVjNjg2Y2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAolsQm4e4FQcMZF+PcE9il5UgI0
0BrysGuCmMi2HXQ4UvYxJvu4As0TYRQmZYJdC4OYB5USCoALRIjfORpvkY9asm8K
GSgi6/obioRW+gEgaaTYEwxR3L1GIyG1fqKfD3I22hdwkaikBLGA0YtBd6I3TE02
sj6wBRtHk0tPcPaLVJMkEBxXvuCvuBTiiDgFZcJH9L5NXu1VWIeE9HzP4XlbnqPF
qnf4Y2SD8+MFKkWVfj810NtqbU9+t1Y+wGQ1ZFN1pGE0S9/0VD9tnnNPzcV6CbEM
XXWG/BDNnYaIBLbELqL5CnSxFfsTc9T2weSGbIR7OKvFrT9K76UPrm1Y5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDZ981CedTL5Y0RmVAgDbLhcaGy7MB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvTm4zelVKNTFNdmxqUkdaVUNBTnN1RnhvYkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuVc6AwQA
vPbRAwQAvPbUMA0GCSqGSIb3DQEBCwUAA4IBAQCTzMQ+5W5tlR/TBNiMISKmS6de
gbQ2We+FKNSqwQSW0khwhk1FY8fPiVpIibefVS3BnhT3rEwmyRwkF67IWKlvqEdg
QxPkO27iz+JkJzCoWY+EdJhI7t0Yf3ydMLZWxb9xj+iRaFxsQoTPvU+gSJvya6EX
3fHY9ElHq86r+SNMUY0MJjHGS0UiCmP0g3vmK9ISMtF+rRsFoqCTokoJ3nF9dYam
WyNn2lFLOA5qKmqLoGjawS2+nfQ8uQ6XEnPwX7/haOazuq0+wa2cRB7CX3miJiOv
gkQf8xA6bOWbQ5MPqe0hGN0SjeVlOW/GdO95B9SpAhN6s7eDFiRs8q2PmcSL
-----END CERTIFICATE-----