Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/NU0cGjRVpPRghvrftP7NKEqaYpE.roa
File:                     NU0cGjRVpPRghvrftP7NKEqaYpE.roa (raw, json)
Hash identifier:          OQpewaLDtT6aP1Ts9cf7FFERM+J53ay0SxaVxOPiWcM=
Subject key identifier:   35:4D:1C:1A:34:55:A4:F4:60:86:FA:DF:B4:FE:CD:28:4A:9A:62:91
Certificate issuer:       /CN=e733b2eab7e234687be97f8c35d6e6cc3e2dfcba
Certificate serial:       019E6398C61BFC61484319696DE7350D5929
Authority key identifier: E7:33:B2:EA:B7:E2:34:68:7B:E9:7F:8C:35:D6:E6:CC:3E:2D:FC:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zOy6rfiNGh76X-MNdbmzD4t_Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/NU0cGjRVpPRghvrftP7NKEqaYpE.roa
Signing time:             Tue 26 May 2026 09:23:37 +0000
ROA not before:           Tue 26 May 2026 09:23:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204621
IP address blocks:        89.30.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/5zOy6rfiNGh76X-MNdbmzD4t_Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/5zOy6rfiNGh76X-MNdbmzD4t_Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zOy6rfiNGh76X-MNdbmzD4t_Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:98:c6:1b:fc:61:48:43:19:69:6d:e7:35:0d:59:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e733b2eab7e234687be97f8c35d6e6cc3e2dfcba
        Validity
            Not Before: May 26 09:23:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=354d1c1a3455a4f46086fadfb4fecd284a9a6291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:90:1e:73:1c:f3:e6:1a:36:1d:3a:fc:41:2d:
                    43:b3:9e:7c:ff:23:b8:32:98:93:05:6f:c6:86:d2:
                    37:ad:13:a6:b0:b4:7e:25:a9:db:c5:08:f8:e3:d5:
                    3c:8a:f4:6a:75:71:c4:8c:4d:22:29:48:4f:30:72:
                    be:15:46:76:eb:34:00:61:1e:d3:7f:6b:b1:1f:b1:
                    fa:8e:ff:02:48:3f:dd:ff:f8:36:94:70:53:2d:75:
                    37:10:4f:1a:cc:b7:34:2c:5c:16:bb:e6:18:4c:49:
                    ab:d2:9a:4c:5f:f5:32:aa:35:c3:c3:a3:6a:c2:ba:
                    8e:b0:21:7c:a4:f7:17:48:5d:08:af:38:55:d8:5c:
                    20:f7:79:60:60:53:49:12:87:c1:a9:1f:27:86:2c:
                    4c:49:18:a2:de:b6:fd:32:7b:21:32:ac:94:bb:3f:
                    0d:21:33:64:4c:88:d1:9d:bf:12:21:8c:36:27:c1:
                    2b:09:37:b6:30:ab:91:7d:12:e0:a2:56:4e:58:e4:
                    2a:4c:dd:1c:f3:fb:f5:97:01:36:42:1b:8d:74:10:
                    be:80:fd:0a:fb:be:94:22:c5:80:78:45:10:cf:94:
                    21:07:67:07:7d:c5:00:58:e4:bd:33:6c:a9:ce:94:
                    55:44:16:95:c2:67:94:2c:09:a5:b6:9f:48:5f:9d:
                    4c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4D:1C:1A:34:55:A4:F4:60:86:FA:DF:B4:FE:CD:28:4A:9A:62:91
            X509v3 Authority Key Identifier:
                keyid:E7:33:B2:EA:B7:E2:34:68:7B:E9:7F:8C:35:D6:E6:CC:3E:2D:FC:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zOy6rfiNGh76X-MNdbmzD4t_Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/NU0cGjRVpPRghvrftP7NKEqaYpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9360f5-1deb-4b43-a32f-ac44bc569a78/1/5zOy6rfiNGh76X-MNdbmzD4t_Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:26:2c:11:b1:99:0f:e3:fc:fd:26:61:1f:01:02:18:38:e1:
         d3:db:de:ab:26:e7:bf:61:dc:fa:2c:2b:ed:a9:d4:0f:5e:79:
         80:aa:15:ec:ef:ce:96:96:6f:34:2f:27:1e:1e:4d:7d:a1:b9:
         36:68:90:c3:9a:00:4c:63:47:18:6f:18:09:61:18:7b:78:76:
         46:cc:0b:3c:4b:5f:f0:8e:44:1e:95:70:f8:e5:db:59:de:55:
         12:e6:30:70:2c:a0:df:e8:d2:45:75:dc:55:cf:22:b8:1d:fe:
         a7:fa:9d:f6:69:46:ef:79:e2:55:04:23:4f:1d:85:99:7d:b5:
         d6:6f:43:fa:bc:ff:05:f0:8e:f2:b5:79:d4:35:ac:0b:6e:27:
         e8:29:03:fe:3f:bf:ea:06:e5:c3:cb:0e:79:ee:8c:2d:82:22:
         0d:6a:e8:ed:1f:07:83:90:b4:f1:7e:dc:6b:57:6b:50:73:42:
         3d:a9:29:a4:9b:78:67:b5:cf:c0:fb:aa:82:4f:dc:fb:39:16:
         2a:95:c4:d7:b9:1b:06:b7:06:6e:c3:ff:ca:0b:82:77:60:38:
         68:c1:47:f6:77:01:d5:1e:d9:29:4d:8d:69:cd:f4:10:3e:ca:
         bb:d7:d1:23:71:5a:34:44:a4:f9:40:ef:d0:66:9e:96:c4:55:
         f9:34:87:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jmMYb/GFIQxlpbec1DVkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzNiMmVhYjdlMjM0Njg3YmU5N2Y4YzM1ZDZlNmNjM2Uy
ZGZjYmEwHhcNMjYwNTI2MDkyMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRkMWMxYTM0NTVhNGY0NjA4NmZhZGZiNGZlY2QyODRhOWE2MjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpAecxzz5ho2HTr8QS1Ds558/yO4
MpiTBW/GhtI3rROmsLR+JanbxQj449U8ivRqdXHEjE0iKUhPMHK+FUZ26zQAYR7T
f2uxH7H6jv8CSD/d//g2lHBTLXU3EE8azLc0LFwWu+YYTEmr0ppMX/UyqjXDw6Nq
wrqOsCF8pPcXSF0IrzhV2Fwg93lgYFNJEofBqR8nhixMSRii3rb9MnshMqyUuz8N
ITNkTIjRnb8SIYw2J8ErCTe2MKuRfRLgolZOWOQqTN0c8/v1lwE2QhuNdBC+gP0K
+76UIsWAeEUQz5QhB2cHfcUAWOS9M2ypzpRVRBaVwmeULAmltp9IX51MIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVNHBo0VaT0YIb637T+zShKmmKRMB8GA1UdIwQY
MBaAFOczsuq34jRoe+l/jDXW5sw+Lfy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXpPeTZyZmlOR2g3NlgtTU5kYm16RDR0X0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85MzYwZjUtMWRlYi00YjQzLWEzMmYt
YWM0NGJjNTY5YTc4LzEvTlUwY0dqUlZwUFJnaHZyZnRQN05LRXFhWXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS85MzYwZjUtMWRlYi00YjQzLWEzMmYtYWM0NGJjNTY5YTc4
LzEvNXpPeTZyZmlOR2g3NlgtTU5kYm16RDR0X0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR7vMA0G
CSqGSIb3DQEBCwUAA4IBAQBNJiwRsZkP4/z9JmEfAQIYOOHT296rJue/Ydz6LCvt
qdQPXnmAqhXs786Wlm80LyceHk19obk2aJDDmgBMY0cYbxgJYRh7eHZGzAs8S1/w
jkQelXD45dtZ3lUS5jBwLKDf6NJFddxVzyK4Hf6n+p32aUbveeJVBCNPHYWZfbXW
b0P6vP8F8I7ytXnUNawLbifoKQP+P7/qBuXDyw557owtgiINaujtHweDkLTxftxr
V2tQc0I9qSmkm3hntc/A+6qCT9z7ORYqlcTXuRsGtwZuw//KC4J3YDhowUf2dwHV
HtkpTY1pzfQQPsq719EjcVo0RKT5QO/QZp6WxFX5NIfH
-----END CERTIFICATE-----