Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/nqWDXagxBzxrBVWBHaYrt9rKNS8.roa
File:                     nqWDXagxBzxrBVWBHaYrt9rKNS8.roa (raw, json)
Hash identifier:          7+e+M3EfBs7lbbCHfGGIHb2Ur/53QLZjVcPqXQmzk1Y=
Subject key identifier:   9E:A5:83:5D:A8:31:07:3C:6B:05:55:81:1D:A6:2B:B7:DA:CA:35:2F
Certificate issuer:       /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial:       019D92C50AE255281CEB1FBC92179A959B86
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/nqWDXagxBzxrBVWBHaYrt9rKNS8.roa
Signing time:             Wed 15 Apr 2026 20:11:20 +0000
ROA not before:           Wed 15 Apr 2026 20:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15924
IP address blocks:        93.186.112.0/24 maxlen: 24
                          93.186.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:92:c5:0a:e2:55:28:1c:eb:1f:bc:92:17:9a:95:9b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
        Validity
            Not Before: Apr 15 20:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ea5835da831073c6b0555811da62bb7daca352f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7e:82:b3:27:e2:ce:14:c8:07:62:4d:27:66:
                    41:ad:62:1f:bb:47:fe:cc:e8:b4:ca:c4:9d:b4:f4:
                    cf:e0:9a:2d:44:b3:bf:b3:f3:dc:01:f0:28:8f:2f:
                    53:df:7b:71:ad:58:b6:49:57:bb:9f:39:0a:4e:9f:
                    a8:be:73:ed:b4:0f:d5:10:a0:f3:8a:36:5c:86:0c:
                    9b:df:69:05:5d:9c:90:7c:34:9a:b2:48:ec:f6:fb:
                    43:18:b2:5f:31:98:d1:bd:78:1a:7d:ce:f6:83:3e:
                    e6:30:f3:1c:d4:dd:5e:02:d7:24:3a:d1:da:74:d2:
                    25:19:ad:1f:a2:1a:a5:44:2b:3d:aa:26:de:2a:4a:
                    fd:c5:2b:69:d0:72:b7:26:7e:61:1e:78:b2:58:fa:
                    7d:28:62:3c:39:26:3a:72:84:9b:da:05:4d:05:2d:
                    83:44:31:b0:d0:6f:d3:c5:a7:5e:f7:38:05:5d:4e:
                    1b:c6:7a:f2:59:87:22:59:87:f9:74:f7:b1:55:38:
                    bc:94:3f:47:dc:8d:ea:60:dd:3a:e8:c5:1f:fa:72:
                    cc:9a:99:06:8b:6f:66:fb:a0:a8:91:0b:2b:4c:05:
                    3d:90:05:30:a1:1e:a5:30:a9:3e:11:c8:fb:58:2e:
                    82:f0:91:43:f1:eb:91:e8:ee:f5:de:d1:ae:ec:da:
                    fc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A5:83:5D:A8:31:07:3C:6B:05:55:81:1D:A6:2B:B7:DA:CA:35:2F
            X509v3 Authority Key Identifier:
                keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/nqWDXagxBzxrBVWBHaYrt9rKNS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.186.112.0/24
                  93.186.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:64:72:bc:96:3c:20:f6:7e:3e:40:07:2d:e6:3f:5b:c9:0f:
         62:c9:c9:80:48:ce:00:32:d5:98:12:cc:2a:dd:70:84:67:17:
         8c:47:72:6d:5e:d3:3e:96:38:00:9f:cd:1c:87:14:e2:59:ac:
         88:0b:f7:8c:7b:0a:f3:11:00:63:17:22:7c:d0:1b:b6:34:bd:
         f5:aa:08:a8:fa:63:c1:b7:ce:6e:3a:d5:b1:77:d6:45:08:5a:
         65:44:6c:ce:ce:2f:a6:09:24:1d:2c:36:64:73:a7:96:75:9c:
         61:30:62:d0:90:ed:b6:5b:c8:19:76:c7:4d:91:56:1e:a4:9f:
         fc:33:6f:e9:38:d0:5f:01:70:49:43:95:3d:3c:ca:b4:7a:95:
         41:aa:1e:8e:1c:2b:76:da:95:2b:1d:04:de:ee:cc:c2:ac:5a:
         ae:fe:66:67:b5:e8:6e:c4:a0:ef:59:51:95:6a:28:56:e3:b4:
         4f:ae:3d:57:5d:c3:6f:e6:8b:61:c0:70:3b:3c:79:3c:75:d3:
         71:f8:98:10:83:1e:8e:9e:f3:21:16:07:81:01:6c:45:cc:c8:
         ca:14:8a:db:40:55:c3:3b:e4:e9:f3:52:c1:a3:0b:d2:dc:3b:
         57:93:db:35:96:eb:86:e1:51:3b:c9:23:f1:c3:92:51:b7:0b:
         ab:fc:0b:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2SxQriVSgc6x+8khealZuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjYwNDE1MjAxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE1ODM1ZGE4MzEwNzNjNmIwNTU1ODExZGE2MmJiN2RhY2EzNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun6CsyfizhTIB2JNJ2ZBrWIfu0f+
zOi0ysSdtPTP4JotRLO/s/PcAfAojy9T33txrVi2SVe7nzkKTp+ovnPttA/VEKDz
ijZchgyb32kFXZyQfDSaskjs9vtDGLJfMZjRvXgafc72gz7mMPMc1N1eAtckOtHa
dNIlGa0fohqlRCs9qibeKkr9xStp0HK3Jn5hHniyWPp9KGI8OSY6coSb2gVNBS2D
RDGw0G/Txade9zgFXU4bxnryWYciWYf5dPexVTi8lD9H3I3qYN066MUf+nLMmpkG
i29m+6CokQsrTAU9kAUwoR6lMKk+Ecj7WC6C8JFD8euR6O713tGu7Nr85wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ6lg12oMQc8awVVgR2mK7fayjUvMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEvbnFXRFhhZ3hCenhyQlZXQkhhWXJ0OXJLTlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXbpwAwQA
XbpyMA0GCSqGSIb3DQEBCwUAA4IBAQCnZHK8ljwg9n4+QAct5j9byQ9iycmASM4A
MtWYEswq3XCEZxeMR3JtXtM+ljgAn80chxTiWayIC/eMewrzEQBjFyJ80Bu2NL31
qgio+mPBt85uOtWxd9ZFCFplRGzOzi+mCSQdLDZkc6eWdZxhMGLQkO22W8gZdsdN
kVYepJ/8M2/pONBfAXBJQ5U9PMq0epVBqh6OHCt22pUrHQTe7szCrFqu/mZntehu
xKDvWVGVaihW47RPrj1XXcNv5othwHA7PHk8ddNx+JgQgx6OnvMhFgeBAWxFzMjK
FIrbQFXDO+Tp81LBowvS3DtXk9s1luuG4VE7ySPxw5JRtwur/AtS
-----END CERTIFICATE-----