Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKs8I2rNG5kJY3dtGddn_s47VJs.roa
File:                     NKs8I2rNG5kJY3dtGddn_s47VJs.roa (raw, json)
Hash identifier:          h22KPECTxSXn4FRhDHzw/ftbWus0jdGTFCKn/o99Ts0=
Subject key identifier:   34:AB:3C:23:6A:CD:1B:99:09:63:77:6D:19:D7:67:FE:CE:3B:54:9B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019D7871DA704EED7A0C9D38379F71BEDC28
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKs8I2rNG5kJY3dtGddn_s47VJs.roa
Signing time:             Fri 10 Apr 2026 17:30:20 +0000
ROA not before:           Fri 10 Apr 2026 17:30:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3561
IP address blocks:        130.193.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:71:da:70:4e:ed:7a:0c:9d:38:37:9f:71:be:dc:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr 10 17:30:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34ab3c236acd1b990963776d19d767fece3b549b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:22:93:cd:e9:a6:6e:06:09:92:47:6d:fd:bb:
                    1a:f8:00:12:08:30:4b:be:94:3b:5c:13:58:3b:a4:
                    5f:63:04:ec:b2:99:4d:ed:f0:53:dd:d2:cb:02:f4:
                    e4:e5:b3:c5:54:f4:fc:3f:08:9f:6c:f5:6b:da:18:
                    74:bb:8e:77:07:dd:5a:e7:e8:8e:8e:00:0d:07:fb:
                    df:a0:ff:93:24:f0:e4:72:44:21:75:be:f5:d6:f0:
                    2b:af:95:cc:3c:33:02:1f:2a:18:4f:a3:7c:2f:c5:
                    fb:fc:a8:5e:a0:ad:d7:8b:ec:5e:4d:a9:9e:6c:59:
                    36:11:45:75:12:7a:b5:12:a6:72:da:ad:bf:3c:31:
                    79:64:4b:78:4e:7d:f5:5f:c0:b5:90:16:03:66:6d:
                    b4:ce:21:5b:8c:bb:c9:73:ef:7a:5a:25:a4:81:a2:
                    33:42:a0:24:79:dc:39:93:b0:d5:f6:27:7c:c3:3a:
                    43:11:9a:c6:3b:b5:b0:74:44:04:87:20:28:8b:17:
                    ab:08:ff:0e:6e:b7:43:ba:26:3f:e0:a9:f8:38:ee:
                    c0:f9:40:54:ed:fe:6c:61:4f:08:a1:c6:01:f7:c5:
                    d5:bd:d7:f2:22:a6:45:db:2d:a1:a0:29:d9:8d:ff:
                    f9:37:9b:ef:9c:ca:60:2d:6a:ea:da:ae:5d:e0:78:
                    3e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AB:3C:23:6A:CD:1B:99:09:63:77:6D:19:D7:67:FE:CE:3B:54:9B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKs8I2rNG5kJY3dtGddn_s47VJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e0:a3:db:6a:ae:ea:af:7a:9b:a2:1a:4f:73:07:6a:cf:c2:
         2e:e5:b2:a9:78:fb:dc:ac:8d:af:b2:cd:8d:a8:ec:26:8c:44:
         4c:c4:2f:e5:2d:da:4e:0f:b6:ed:13:39:e3:f5:81:d7:65:35:
         0c:9f:23:ac:8a:8e:bc:ec:ea:00:e3:0a:60:3d:d8:24:98:c7:
         c8:e5:ca:93:aa:64:c2:eb:42:b8:0d:ea:fb:8c:c9:ec:73:d2:
         51:a2:e4:d2:0e:13:b7:1c:21:9d:11:13:9a:44:55:22:2e:a1:
         cb:1d:26:c0:9d:37:7f:9c:29:7e:8a:9c:2d:f9:fa:c2:fe:9f:
         8d:30:30:66:ce:06:be:ea:d8:40:5a:9a:07:4b:91:60:32:6c:
         24:eb:d3:2b:e3:67:68:a7:8e:5e:2f:ef:91:3b:bb:46:64:3c:
         80:77:ea:9a:54:b3:ae:37:8f:b4:af:3a:f6:9b:4b:06:fd:06:
         ef:66:e7:16:72:a0:c2:62:bb:f6:e0:fe:7d:67:84:d4:42:d8:
         9e:56:6a:b2:1d:ba:2c:c9:3b:95:3d:0b:5b:2c:02:e6:4c:4f:
         fd:64:2b:ef:bd:41:ac:bd:c3:7c:44:7d:ba:18:4b:62:52:94:
         1e:ec:06:86:50:39:71:fd:ee:5c:00:34:e3:09:87:0f:5f:72:
         c2:ae:ee:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14cdpwTu16DJ04N59xvtwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwNDEwMTczMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFiM2MyMzZhY2QxYjk5MDk2Mzc3NmQxOWQ3NjdmZWNlM2I1NDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSKTzemmbgYJkkdt/bsa+AASCDBL
vpQ7XBNYO6RfYwTssplN7fBT3dLLAvTk5bPFVPT8PwifbPVr2hh0u453B91a5+iO
jgANB/vfoP+TJPDkckQhdb711vArr5XMPDMCHyoYT6N8L8X7/KheoK3Xi+xeTame
bFk2EUV1Enq1EqZy2q2/PDF5ZEt4Tn31X8C1kBYDZm20ziFbjLvJc+96WiWkgaIz
QqAkedw5k7DV9id8wzpDEZrGO7WwdEQEhyAoixerCP8ObrdDuiY/4Kn4OO7A+UBU
7f5sYU8IocYB98XVvdfyIqZF2y2hoCnZjf/5N5vvnMpgLWrq2q5d4Hg+5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSrPCNqzRuZCWN3bRnXZ/7OO1SbMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTktzOEkyck5HNWtKWTNkdEdkZG5fczQ3VkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsEDMA0G
CSqGSIb3DQEBCwUAA4IBAQBb4KPbaq7qr3qbohpPcwdqz8Iu5bKpePvcrI2vss2N
qOwmjERMxC/lLdpOD7btEznj9YHXZTUMnyOsio687OoA4wpgPdgkmMfI5cqTqmTC
60K4Der7jMnsc9JRouTSDhO3HCGdEROaRFUiLqHLHSbAnTd/nCl+ipwt+frC/p+N
MDBmzga+6thAWpoHS5FgMmwk69Mr42dop45eL++RO7tGZDyAd+qaVLOuN4+0rzr2
m0sG/QbvZucWcqDCYrv24P59Z4TUQtieVmqyHbosyTuVPQtbLALmTE/9ZCvvvUGs
vcN8RH26GEtiUpQe7AaGUDlx/e5cADTjCYcPX3LCru7L
-----END CERTIFICATE-----