Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nhIWPv2Z_GXMoLYssz2ZdACnRB4.roa
File:                     nhIWPv2Z_GXMoLYssz2ZdACnRB4.roa (raw, json)
Hash identifier:          MoUEsYyCsCwf05RCq9y2dJueho+FNTuwP3DzKhQQVKU=
Subject key identifier:   9E:12:16:3E:FD:99:FC:65:CC:A0:B6:2C:B3:3D:99:74:00:A7:44:1E
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D78BB1968E3ACD34474C524C8D7C983CF
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nhIWPv2Z_GXMoLYssz2ZdACnRB4.roa
Signing time:             Fri 10 Apr 2026 18:50:20 +0000
ROA not before:           Fri 10 Apr 2026 18:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215439
IP address blocks:        89.144.16.0/24 maxlen: 24
                          94.103.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 23:47:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:bb:19:68:e3:ac:d3:44:74:c5:24:c8:d7:c9:83:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 10 18:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e12163efd99fc65cca0b62cb33d997400a7441e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ed:2f:92:2c:05:f1:80:13:33:ba:98:ac:7b:
                    ac:8e:42:7d:59:b2:f2:5c:5d:71:01:e0:a2:16:7c:
                    7c:99:ef:08:18:02:35:19:07:4c:42:58:e6:f7:4b:
                    a8:43:c0:b6:8c:ef:e4:a8:9a:e3:0b:ba:9f:ae:0f:
                    4a:94:7d:61:55:c0:c7:8d:3b:b6:88:15:62:de:f7:
                    ec:45:d2:6f:61:58:07:62:53:50:3f:48:97:ae:7f:
                    ae:00:20:15:65:e5:11:32:2e:33:e7:0c:20:30:6c:
                    b1:3d:3f:fb:77:61:2f:12:88:ed:a4:16:06:c4:bc:
                    a7:cd:a3:14:36:80:fa:67:6d:4c:69:b6:d4:37:11:
                    e6:96:3c:93:7e:e8:06:fc:7e:15:d8:0b:d5:db:fd:
                    8c:18:15:49:37:c1:22:58:84:aa:86:77:1d:94:13:
                    ef:fc:3b:c5:c1:0c:cd:c8:fb:16:67:bc:0a:07:17:
                    c7:8b:20:0a:aa:4b:26:8c:04:af:6f:43:55:ec:8d:
                    a7:b3:43:52:d1:1c:73:25:0e:97:e6:ab:ba:8f:77:
                    22:0a:71:20:d1:64:fe:b5:40:e1:aa:38:b0:65:f4:
                    fa:ba:47:c2:e2:a4:66:24:02:58:ac:19:66:4c:64:
                    cd:5d:49:d7:e9:95:f6:d4:83:8c:cb:61:b2:bb:74:
                    a0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:12:16:3E:FD:99:FC:65:CC:A0:B6:2C:B3:3D:99:74:00:A7:44:1E
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/nhIWPv2Z_GXMoLYssz2ZdACnRB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.16.0/24
                  94.103.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:22:84:13:9b:15:dc:8a:49:cb:9c:75:73:44:31:fe:1f:78:
         40:19:7f:7f:5b:a7:0e:33:b5:80:34:16:8e:11:c0:01:3e:43:
         95:93:cb:ef:34:b3:a3:54:85:80:81:b1:e0:20:24:c8:72:74:
         49:ce:2d:95:f7:30:51:46:21:b3:0c:9c:01:e7:d1:3b:f8:e0:
         6f:e7:9d:98:43:7c:81:fe:d3:4b:e0:9e:6b:60:99:2c:5d:76:
         58:f6:c6:f7:2f:6b:a7:c7:21:22:23:b9:62:82:3b:33:2b:37:
         14:1b:15:c2:83:f3:8a:71:3f:31:ac:88:93:11:3d:ab:68:17:
         fe:52:f8:f0:c4:b2:9c:38:25:fd:a9:1d:13:c1:65:45:93:1c:
         93:97:d7:79:9d:c4:2b:d3:86:f5:39:f3:66:fe:a4:12:77:0c:
         61:d8:a5:32:9f:fc:79:ad:54:c6:f5:a7:85:2b:a9:e8:32:b7:
         36:49:6c:f3:9b:98:ff:d9:1e:d7:72:9b:9d:3b:ce:6b:a8:73:
         08:eb:0b:98:26:b4:77:ac:12:5f:01:ba:3e:89:59:62:a0:bf:
         2c:95:8b:d5:ed:7d:3f:9c:70:aa:19:b4:ba:61:f2:96:da:33:
         b8:c6:28:5d:6a:d4:de:d1:c2:36:ab:f5:15:28:b0:d7:ab:06:
         4b:aa:c8:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ14uxlo46zTRHTFJMjXyYPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDEwMTg1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTEyMTYzZWZkOTlmYzY1Y2NhMGI2MmNiMzNkOTk3NDAwYTc0NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+0vkiwF8YATM7qYrHusjkJ9WbLy
XF1xAeCiFnx8me8IGAI1GQdMQljm90uoQ8C2jO/kqJrjC7qfrg9KlH1hVcDHjTu2
iBVi3vfsRdJvYVgHYlNQP0iXrn+uACAVZeURMi4z5wwgMGyxPT/7d2EvEojtpBYG
xLynzaMUNoD6Z21MabbUNxHmljyTfugG/H4V2AvV2/2MGBVJN8EiWISqhncdlBPv
/DvFwQzNyPsWZ7wKBxfHiyAKqksmjASvb0NV7I2ns0NS0RxzJQ6X5qu6j3ciCnEg
0WT+tUDhqjiwZfT6ukfC4qRmJAJYrBlmTGTNXUnX6ZX21IOMy2Gyu3SghwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ4SFj79mfxlzKC2LLM9mXQAp0QeMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbmhJV1B2MlpfR1hNb0xZc3N6MlpkQUNuUkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWZAQAwQA
XmepMA0GCSqGSIb3DQEBCwUAA4IBAQAQIoQTmxXciknLnHVzRDH+H3hAGX9/W6cO
M7WANBaOEcABPkOVk8vvNLOjVIWAgbHgICTIcnRJzi2V9zBRRiGzDJwB59E7+OBv
552YQ3yB/tNL4J5rYJksXXZY9sb3L2unxyEiI7ligjszKzcUGxXCg/OKcT8xrIiT
ET2raBf+UvjwxLKcOCX9qR0TwWVFkxyTl9d5ncQr04b1OfNm/qQSdwxh2KUyn/x5
rVTG9aeFK6noMrc2SWzzm5j/2R7XcpudO85rqHMI6wuYJrR3rBJfAbo+iVlioL8s
lYvV7X0/nHCqGbS6YfKW2jO4xihdatTe0cI2q/UVKLDXqwZLqsiX
-----END CERTIFICATE-----