Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/nmKKjuvrKpu6Q_V0_c5Z74FUduw.roa
File:                     nmKKjuvrKpu6Q_V0_c5Z74FUduw.roa (raw, json)
Hash identifier:          jrXk8p4lSqYPTjIdM+K2z4RnJA6RydCcUOEGFn8KQoo=
Subject key identifier:   9E:62:8A:8E:EB:EB:2A:9B:BA:43:F5:74:FD:CE:59:EF:81:54:76:EC
Certificate issuer:       /CN=810cd50db437c789464cb64dfabfe405ca981b1a
Certificate serial:       019E3AF2E23D389E090F8092C1F738E269F7
Authority key identifier: 81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/nmKKjuvrKpu6Q_V0_c5Z74FUduw.roa
Signing time:             Mon 18 May 2026 11:57:36 +0000
ROA not before:           Mon 18 May 2026 11:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8641
IP address blocks:        185.110.208.0/22 maxlen: 22
                          188.94.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:f2:e2:3d:38:9e:09:0f:80:92:c1:f7:38:e2:69:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810cd50db437c789464cb64dfabfe405ca981b1a
        Validity
            Not Before: May 18 11:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e628a8eebeb2a9bba43f574fdce59ef815476ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ae:07:d9:d7:ee:94:33:aa:37:5e:9e:85:a2:
                    47:c3:7e:d5:31:f2:2c:13:36:ee:56:c3:f2:74:8b:
                    79:c3:21:b2:f5:b1:f3:1f:06:3d:14:5e:96:2f:42:
                    2d:33:bf:57:14:7d:9a:79:19:57:aa:16:e5:2c:a6:
                    62:4c:ab:c7:fa:91:52:1c:58:31:8b:97:15:b9:1c:
                    e0:28:08:8a:7e:5b:52:8c:b3:cb:bf:9a:a8:36:5d:
                    9f:b9:5e:91:8b:7a:c0:3a:89:d4:5b:e2:0b:16:05:
                    88:5b:d7:64:15:67:38:30:9e:cd:f1:2d:fd:a0:a6:
                    27:7a:89:a4:41:e9:23:78:bd:60:98:78:28:1f:b9:
                    85:d4:c8:21:af:2f:57:85:19:63:73:bd:d2:a6:b4:
                    5a:b7:d5:6d:6f:d5:fe:18:5c:9c:d4:75:e0:c1:87:
                    b7:2c:56:c9:62:5e:a7:e7:fa:73:28:53:11:44:26:
                    d9:90:ed:9b:0f:bf:44:6e:4b:42:1c:ec:41:fe:28:
                    35:f1:9d:d3:ca:53:48:6f:2d:f5:48:ee:26:1b:35:
                    71:19:01:5f:ca:05:4a:51:97:09:d9:55:31:ae:5e:
                    d4:cf:22:6c:62:72:f5:24:fa:18:3f:8d:17:84:28:
                    d0:ae:76:49:2b:fb:dd:1e:ff:47:47:1b:86:fa:72:
                    b1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:62:8A:8E:EB:EB:2A:9B:BA:43:F5:74:FD:CE:59:EF:81:54:76:EC
            X509v3 Authority Key Identifier:
                keyid:81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/nmKKjuvrKpu6Q_V0_c5Z74FUduw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.208.0/22
                  188.94.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         16:96:94:c2:60:45:03:67:72:2f:9a:94:53:a5:28:6a:10:29:
         af:b8:c8:d2:06:ad:39:39:57:10:73:03:59:21:33:1a:3c:90:
         6b:be:79:4d:a7:c3:49:9e:3d:4f:8e:f3:25:ef:be:7b:3c:5e:
         6a:62:35:ab:d0:ad:87:0d:13:e2:4b:50:7e:4c:2c:70:26:fd:
         d2:d6:e5:09:c3:b8:0c:bb:80:73:1f:8f:8b:d4:1b:f0:41:6b:
         e1:ca:53:a5:f1:9d:89:da:c0:1c:21:af:97:3c:86:c2:95:04:
         d3:5c:5d:37:65:b0:18:0c:2a:67:7a:61:9a:b5:d0:10:f4:b1:
         c6:6a:22:33:39:86:09:96:ed:e6:d4:a3:fe:b2:60:78:e8:95:
         3d:51:20:77:33:12:a5:23:e6:49:62:e4:81:a6:64:d1:49:78:
         4f:08:42:2f:d9:61:ae:84:60:6a:84:3a:a1:83:3a:ae:89:ca:
         4b:f3:f3:75:af:c8:aa:c5:9b:0c:e8:0e:8f:99:9c:8b:84:c7:
         6c:34:48:be:df:20:3e:b3:f7:2e:a5:26:ff:6f:11:9a:35:72:
         80:5f:36:ac:c5:b2:21:61:02:66:08:ca:0d:fc:c5:ff:73:40:
         45:07:02:d4:06:ec:fe:cc:00:af:dd:94:94:27:85:69:13:14:
         5c:27:0a:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ468uI9OJ4JD4CSwfc44mn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGNkNTBkYjQzN2M3ODk0NjRjYjY0ZGZhYmZlNDA1Y2E5
ODFiMWEwHhcNMjYwNTE4MTE1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTYyOGE4ZWViZWIyYTliYmE0M2Y1NzRmZGNlNTllZjgxNTQ3NmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq4H2dfulDOqN16ehaJHw37VMfIs
EzbuVsPydIt5wyGy9bHzHwY9FF6WL0ItM79XFH2aeRlXqhblLKZiTKvH+pFSHFgx
i5cVuRzgKAiKfltSjLPLv5qoNl2fuV6Ri3rAOonUW+ILFgWIW9dkFWc4MJ7N8S39
oKYneomkQekjeL1gmHgoH7mF1Mghry9XhRljc73SprRat9Vtb9X+GFyc1HXgwYe3
LFbJYl6n5/pzKFMRRCbZkO2bD79EbktCHOxB/ig18Z3TylNIby31SO4mGzVxGQFf
ygVKUZcJ2VUxrl7UzyJsYnL1JPoYP40XhCjQrnZJK/vdHv9HRxuG+nKxZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ5iio7r6yqbukP1dP3OWe+BVHbsMB8GA1UdIwQY
MBaAFIEM1Q20N8eJRky2Tfq/5AXKmBsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2Yt
NmI3NTk5ZmNkYzMzLzEvbm1LS2p1dnJLcHU2UV9WMF9jNVo3NEZVZHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2YtNmI3NTk5ZmNkYzMz
LzEvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuW7QAwQD
vF7gMA0GCSqGSIb3DQEBCwUAA4IBAQAWlpTCYEUDZ3IvmpRTpShqECmvuMjSBq05
OVcQcwNZITMaPJBrvnlNp8NJnj1PjvMl7757PF5qYjWr0K2HDRPiS1B+TCxwJv3S
1uUJw7gMu4BzH4+L1BvwQWvhylOl8Z2J2sAcIa+XPIbClQTTXF03ZbAYDCpnemGa
tdAQ9LHGaiIzOYYJlu3m1KP+smB46JU9USB3MxKlI+ZJYuSBpmTRSXhPCEIv2WGu
hGBqhDqhgzquicpL8/N1r8iqxZsM6A6PmZyLhMdsNEi+3yA+s/cupSb/bxGaNXKA
XzasxbIhYQJmCMoN/MX/c0BFBwLUBuz+zACv3ZSUJ4VpExRcJwob
-----END CERTIFICATE-----