Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nBM3NbMGV7Y4I_4InDt4eaTXLXI.roa
File:                     nBM3NbMGV7Y4I_4InDt4eaTXLXI.roa (raw, json)
Hash identifier:          +sbe+Gkyc3VaFBw5WBdytrs/kGLdZ3zYmeFq3TX87tg=
Subject key identifier:   9C:13:37:35:B3:06:57:B6:38:23:FE:08:9C:3B:78:79:A4:D7:2D:72
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C504E9789E5F88B1F31FB33391BD89C2F
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nBM3NbMGV7Y4I_4InDt4eaTXLXI.roa
Signing time:             Thu 12 Feb 2026 05:24:13 +0000
ROA not before:           Thu 12 Feb 2026 05:24:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147186
IP address blocks:        85.93.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:50:4e:97:89:e5:f8:8b:1f:31:fb:33:39:1b:d8:9c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 12 05:24:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c133735b30657b63823fe089c3b7879a4d72d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:27:61:2d:eb:38:b0:7f:e2:b3:66:8d:b2:87:
                    b3:3d:cc:35:a3:65:27:32:6e:2d:aa:5e:c3:cb:3c:
                    ba:99:87:ae:1f:89:89:4a:28:a6:8f:8b:99:7a:81:
                    b5:08:d5:af:0f:75:76:b9:87:e5:aa:63:b3:37:bb:
                    d4:c2:fe:7f:aa:14:17:8e:a0:a0:f1:2b:20:c7:01:
                    50:8d:df:a1:d8:fb:b8:86:d5:c0:4a:c1:d9:fd:60:
                    5d:d4:79:b7:c7:6a:09:0c:dc:e3:7e:7f:37:06:8a:
                    0d:8a:84:b3:26:21:c0:07:32:bd:49:8d:c0:e4:60:
                    24:4d:8a:f1:4b:88:bd:99:b3:4a:47:6d:3f:7b:91:
                    95:e7:1e:76:f6:20:32:77:4f:e2:a4:13:0b:c9:3f:
                    31:f6:08:27:53:77:2d:d7:e7:a9:bd:1d:f2:b5:d9:
                    27:f3:dc:ad:a8:2e:fb:52:7c:5f:3a:ca:22:16:9a:
                    cd:3e:2e:69:f4:e2:61:d9:34:2a:bd:a9:67:42:d3:
                    56:5f:bc:1b:8c:5c:54:c6:bb:04:7e:10:c7:2f:77:
                    68:6b:3e:14:04:9e:33:27:39:b2:7b:ec:c0:28:95:
                    c9:08:5a:03:cf:c5:ac:2e:9c:ce:31:68:c0:75:12:
                    d4:85:11:e9:94:40:f0:08:cb:11:0c:2d:11:f0:e8:
                    fa:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:13:37:35:B3:06:57:B6:38:23:FE:08:9C:3B:78:79:A4:D7:2D:72
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nBM3NbMGV7Y4I_4InDt4eaTXLXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.93.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:59:9b:80:12:fb:34:49:7d:11:c7:d5:68:e6:7b:be:c7:e1:
         ea:9a:42:f2:ea:42:d6:5e:64:01:bf:5d:e4:b8:d7:61:2f:5f:
         12:42:f4:c2:d7:f8:d3:0c:34:93:64:09:dc:a2:ca:0d:41:a9:
         9e:65:f7:c0:de:4c:48:2f:d6:2c:19:24:51:ca:ea:a9:c4:76:
         92:10:c6:28:c6:14:dc:db:09:61:f7:9f:df:c5:f6:81:fc:5d:
         bf:5f:a3:53:3e:11:de:1b:52:d3:28:2c:ab:86:e9:ea:87:88:
         56:af:3a:0f:9b:81:19:52:6c:52:b1:be:cb:6f:5d:b5:41:50:
         43:cc:70:0a:b8:71:0f:a7:9a:d1:f8:73:59:a0:5e:ac:d2:37:
         fd:c6:29:db:c8:a4:30:8d:7f:03:28:ca:df:6f:8e:04:bf:5b:
         bc:5f:99:16:4d:20:05:3f:bb:99:9c:f5:e2:b0:01:16:1f:9e:
         29:6d:88:2a:16:a8:cf:4b:96:3e:81:e5:38:c6:6b:18:1f:af:
         63:ce:c2:48:5f:5c:6f:fa:72:c0:6e:c6:46:c0:83:ed:23:cf:
         86:0e:be:af:9d:10:1b:2d:68:61:c5:b0:ee:f3:f2:5a:77:c5:
         3d:f6:63:71:7f:58:6c:a0:db:c2:e7:53:25:60:4f:a3:1b:89:
         67:a8:64:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxQTpeJ5fiLHzH7Mzkb2JwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjEyMDUyNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzEzMzczNWIzMDY1N2I2MzgyM2ZlMDg5YzNiNzg3OWE0ZDcyZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvydhLes4sH/is2aNsoezPcw1o2Un
Mm4tql7Dyzy6mYeuH4mJSiimj4uZeoG1CNWvD3V2uYflqmOzN7vUwv5/qhQXjqCg
8SsgxwFQjd+h2Pu4htXASsHZ/WBd1Hm3x2oJDNzjfn83BooNioSzJiHABzK9SY3A
5GAkTYrxS4i9mbNKR20/e5GV5x529iAyd0/ipBMLyT8x9ggnU3ct1+epvR3ytdkn
89ytqC77UnxfOsoiFprNPi5p9OJh2TQqvalnQtNWX7wbjFxUxrsEfhDHL3doaz4U
BJ4zJzmye+zAKJXJCFoDz8WsLpzOMWjAdRLUhRHplEDwCMsRDC0R8Oj6SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwTNzWzBle2OCP+CJw7eHmk1y1yMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbkJNM05iTUdWN1k0SV80SW5EdDRlYVRYTFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV0VMA0G
CSqGSIb3DQEBCwUAA4IBAQCPWZuAEvs0SX0Rx9Vo5nu+x+HqmkLy6kLWXmQBv13k
uNdhL18SQvTC1/jTDDSTZAncosoNQameZffA3kxIL9YsGSRRyuqpxHaSEMYoxhTc
2wlh95/fxfaB/F2/X6NTPhHeG1LTKCyrhunqh4hWrzoPm4EZUmxSsb7Lb121QVBD
zHAKuHEPp5rR+HNZoF6s0jf9xinbyKQwjX8DKMrfb44Ev1u8X5kWTSAFP7uZnPXi
sAEWH54pbYgqFqjPS5Y+geU4xmsYH69jzsJIX1xv+nLAbsZGwIPtI8+GDr6vnRAb
LWhhxbDu8/Jad8U99mNxf1hsoNvC51MlYE+jG4lnqGSx
-----END CERTIFICATE-----