Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/nhnAoI7njIH6xYxCA5fwfo4HPKU.roa
File:                     nhnAoI7njIH6xYxCA5fwfo4HPKU.roa (raw, json)
Hash identifier:          Cy5nsxKi/IjoTCyLrXrDmFreBrmeghR5fR9TOP9/eoI=
Subject key identifier:   9E:19:C0:A0:8E:E7:8C:81:FA:C5:8C:42:03:97:F0:7E:8E:07:3C:A5
Certificate issuer:       /CN=01c38a06a39b20b8da40009237d76acdd28e71a5
Certificate serial:       019E26F8C1068CD0C50104805AC82FB21D2B
Authority key identifier: 01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/nhnAoI7njIH6xYxCA5fwfo4HPKU.roa
Signing time:             Thu 14 May 2026 14:51:36 +0000
ROA not before:           Thu 14 May 2026 14:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397182
IP address blocks:        148.139.128.0/22 maxlen: 24
                          148.139.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:26:f8:c1:06:8c:d0:c5:01:04:80:5a:c8:2f:b2:1d:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01c38a06a39b20b8da40009237d76acdd28e71a5
        Validity
            Not Before: May 14 14:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e19c0a08ee78c81fac58c420397f07e8e073ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:7b:4a:bc:8e:12:7a:f3:be:4c:73:9e:a0:df:
                    2a:47:56:4c:44:13:c5:9a:54:f6:5e:dd:43:0b:d9:
                    2b:6c:09:f1:72:8d:25:0c:16:e1:91:df:1b:16:20:
                    a5:e9:1f:dc:c7:f1:47:5e:f4:ab:9b:1a:69:b8:c8:
                    15:83:a8:e6:85:43:6c:11:ad:08:b0:57:f1:50:a9:
                    f2:3a:08:b9:aa:01:e7:c8:57:24:21:f8:61:ed:77:
                    2b:1e:9b:93:42:21:04:3c:57:dd:dd:77:eb:ce:28:
                    c0:4f:0b:d9:f0:a0:ed:be:75:ac:62:d1:21:0a:e5:
                    ed:79:11:bc:5d:47:95:2c:66:fb:0f:2e:7e:49:2c:
                    75:48:74:11:70:de:e8:bb:29:1e:e2:34:bd:83:ce:
                    2d:cc:01:b7:15:b8:b7:0d:69:27:e6:df:26:4c:a0:
                    81:ad:be:aa:14:2b:71:98:93:b7:fd:69:a1:e9:fd:
                    40:73:5a:ea:e3:eb:98:3f:0b:31:7b:a9:94:0b:7a:
                    88:87:98:a7:65:55:7b:ad:3f:a3:26:bc:45:fa:83:
                    dc:45:e9:1c:f7:ea:2a:26:98:03:0b:84:83:8b:90:
                    38:78:2e:5f:0b:25:c6:b7:43:f9:6f:03:22:21:e5:
                    0d:9e:04:0f:c4:3c:63:e5:47:d9:98:a5:db:d3:23:
                    94:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:19:C0:A0:8E:E7:8C:81:FA:C5:8C:42:03:97:F0:7E:8E:07:3C:A5
            X509v3 Authority Key Identifier:
                keyid:01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/nhnAoI7njIH6xYxCA5fwfo4HPKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.139.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:89:7b:80:65:44:92:f6:83:a1:06:c7:74:ff:e8:e4:f8:b9:
         d9:ae:78:81:8e:ff:b1:23:57:29:7c:af:64:3d:cf:c9:ef:b2:
         97:f6:e4:04:db:b7:7d:64:7a:4d:5d:a5:7a:4a:96:97:7c:af:
         bf:ab:b4:dd:a1:b7:42:38:92:e5:09:4b:f2:13:e0:dd:52:86:
         3a:58:db:6e:c6:d4:17:15:77:ba:c8:32:dd:0b:6b:02:1b:fa:
         ec:82:26:e7:03:cc:43:e7:08:0e:5d:b4:62:32:e6:d4:bd:29:
         dc:a4:b6:02:26:4d:3e:2f:6c:2a:65:83:f9:16:46:c4:6d:c4:
         3d:40:66:ef:1f:0a:92:f1:23:0f:c5:35:9c:a1:00:12:63:64:
         3f:e8:1d:33:47:e4:63:7a:b0:df:ed:a9:25:56:0a:78:3f:12:
         c2:52:ab:b1:c3:d6:04:cb:47:89:80:6e:cc:a6:56:57:7b:43:
         aa:6c:76:e0:75:8f:f6:af:69:5e:c7:e3:f0:f2:51:74:30:c8:
         36:07:b5:a5:b6:b9:18:3e:ee:37:7c:4f:65:23:75:5f:6e:83:
         22:31:0d:2f:2b:1e:b5:ea:2c:51:3c:49:d9:46:79:7c:43:c5:
         a1:f8:6e:cf:67:39:33:75:4b:84:ec:9d:76:c9:79:e5:c2:77:
         a7:8e:04:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4m+MEGjNDFAQSAWsgvsh0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYzM4YTA2YTM5YjIwYjhkYTQwMDA5MjM3ZDc2YWNkZDI4
ZTcxYTUwHhcNMjYwNTE0MTQ1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE5YzBhMDhlZTc4YzgxZmFjNThjNDIwMzk3ZjA3ZThlMDczY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XtKvI4SevO+THOeoN8qR1ZMRBPF
mlT2Xt1DC9krbAnxco0lDBbhkd8bFiCl6R/cx/FHXvSrmxppuMgVg6jmhUNsEa0I
sFfxUKnyOgi5qgHnyFckIfhh7XcrHpuTQiEEPFfd3XfrzijATwvZ8KDtvnWsYtEh
CuXteRG8XUeVLGb7Dy5+SSx1SHQRcN7ouyke4jS9g84tzAG3Fbi3DWkn5t8mTKCB
rb6qFCtxmJO3/Wmh6f1Ac1rq4+uYPwsxe6mUC3qIh5inZVV7rT+jJrxF+oPcRekc
9+oqJpgDC4SDi5A4eC5fCyXGt0P5bwMiIeUNngQPxDxj5UfZmKXb0yOU3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4ZwKCO54yB+sWMQgOX8H6OBzylMB8GA1UdIwQY
MBaAFAHDigajmyC42kAAkjfXas3SjnGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAt
YjI5ZjEwY2MwMzI4LzEvbmhuQW9JN25qSUg2eFl4Q0E1ZndmbzRIUEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAtYjI5ZjEwY2MwMzI4
LzEvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDlIuAMA0G
CSqGSIb3DQEBCwUAA4IBAQCIiXuAZUSS9oOhBsd0/+jk+LnZrniBjv+xI1cpfK9k
Pc/J77KX9uQE27d9ZHpNXaV6SpaXfK+/q7TdobdCOJLlCUvyE+DdUoY6WNtuxtQX
FXe6yDLdC2sCG/rsgibnA8xD5wgOXbRiMubUvSncpLYCJk0+L2wqZYP5FkbEbcQ9
QGbvHwqS8SMPxTWcoQASY2Q/6B0zR+RjerDf7aklVgp4PxLCUquxw9YEy0eJgG7M
plZXe0OqbHbgdY/2r2lex+Pw8lF0MMg2B7WltrkYPu43fE9lI3VfboMiMQ0vKx61
6ixRPEnZRnl8Q8Wh+G7PZzkzdUuE7J12yXnlwnenjgQW
-----END CERTIFICATE-----