Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/NRslGXwzqXLsPOGISDrIoXtcmqY.roa
File:                     NRslGXwzqXLsPOGISDrIoXtcmqY.roa (raw, json)
Hash identifier:          DEaiL5GBQA1ssRMigPA8Fc7/Qa4ewlIX8LGF5gSXnqI=
Subject key identifier:   35:1B:25:19:7C:33:A9:72:EC:3C:E1:88:48:3A:C8:A1:7B:5C:9A:A6
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019D62AD1DFBF1AA92E10D8B3F1C6A86FC4A
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/NRslGXwzqXLsPOGISDrIoXtcmqY.roa
Signing time:             Mon 06 Apr 2026 12:03:25 +0000
ROA not before:           Mon 06 Apr 2026 12:03:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        89.44.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:ad:1d:fb:f1:aa:92:e1:0d:8b:3f:1c:6a:86:fc:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr  6 12:03:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=351b25197c33a972ec3ce188483ac8a17b5c9aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:40:a9:13:64:89:e1:42:ab:a4:46:50:3e:3e:
                    80:03:77:ef:9a:cd:7c:da:54:14:a0:b2:8f:e4:dc:
                    53:fa:6a:fd:02:24:ea:2a:bf:dc:40:a3:c0:4a:84:
                    c0:72:63:65:1b:00:8a:98:bd:bb:c0:2a:cd:11:bf:
                    ec:04:bc:eb:d7:ea:ee:07:12:19:05:02:6c:17:b8:
                    78:75:36:6e:5d:56:db:07:de:3c:ef:5a:b4:70:ba:
                    a5:ff:39:93:3d:87:0b:3d:4f:a6:c1:42:e0:31:ed:
                    8b:04:76:3d:7c:14:1c:df:3b:8f:ec:06:9a:e0:ff:
                    26:ff:96:0d:42:61:c3:7c:00:9d:10:c6:17:76:e3:
                    9d:b7:28:3a:0b:b4:85:94:78:a7:2d:f3:7e:8d:02:
                    f3:4d:bc:b7:89:0b:bd:39:8d:05:5c:e3:33:b5:bf:
                    07:db:c7:16:c1:52:59:3b:70:f5:17:ba:fa:90:98:
                    ab:e8:1f:1c:e6:78:84:c8:cd:a8:ee:c8:4d:21:5f:
                    53:38:e5:f1:03:67:f2:0d:fe:34:3b:1a:55:a2:bb:
                    93:37:65:a3:06:24:47:13:f4:a5:10:17:86:f4:47:
                    b4:44:97:2a:e2:24:d3:4a:d6:4e:21:22:07:9c:c2:
                    59:89:0f:3a:3b:e6:af:b4:62:c9:31:9c:21:e6:9f:
                    f2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:1B:25:19:7C:33:A9:72:EC:3C:E1:88:48:3A:C8:A1:7B:5C:9A:A6
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/NRslGXwzqXLsPOGISDrIoXtcmqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:70:21:8a:8f:37:59:3b:48:43:f4:88:e9:35:f6:0d:b3:11:
         f2:59:4e:49:9a:aa:ca:89:ac:28:33:ec:f6:34:f7:2c:05:82:
         65:ab:a1:17:b7:55:55:d5:78:b7:0f:c3:62:12:c9:3e:69:bb:
         0b:e3:89:50:ae:a1:fe:63:9a:c7:bd:d7:6f:25:20:80:7b:33:
         f3:52:48:a5:36:3a:47:7b:39:97:9f:bf:e3:be:36:12:15:dc:
         70:89:ae:7b:00:29:08:a6:e0:4f:d2:39:3c:36:60:21:22:91:
         6c:14:05:d3:12:26:1c:ed:55:e1:c2:f6:16:03:d1:97:98:98:
         58:46:e7:68:a5:42:66:e6:da:78:8f:4e:dd:18:66:51:9d:ca:
         90:f5:22:a5:f5:0f:de:8a:8c:73:cd:65:85:10:c9:dc:8e:43:
         27:ab:df:a7:7b:40:1e:1d:dd:d1:7b:fa:76:3e:cd:1d:1c:1a:
         4f:34:58:b5:af:6f:1c:a2:6a:32:5a:d0:b2:93:fb:d1:c7:03:
         94:c9:bc:20:d6:a9:6b:de:a4:da:96:d5:76:a3:bc:89:50:7c:
         2f:d5:ae:85:10:16:38:97:5d:89:3f:51:fe:e8:96:2b:bc:62:
         6c:6d:ff:e3:b9:6b:f2:0b:e1:0d:12:46:ae:28:be:72:87:0e:
         67:f7:42:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1irR378aqS4Q2LPxxqhvxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNDA2MTIwMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTFiMjUxOTdjMzNhOTcyZWMzY2UxODg0ODNhYzhhMTdiNWM5YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UCpE2SJ4UKrpEZQPj6AA3fvms18
2lQUoLKP5NxT+mr9AiTqKr/cQKPASoTAcmNlGwCKmL27wCrNEb/sBLzr1+ruBxIZ
BQJsF7h4dTZuXVbbB94871q0cLql/zmTPYcLPU+mwULgMe2LBHY9fBQc3zuP7Aaa
4P8m/5YNQmHDfACdEMYXduOdtyg6C7SFlHinLfN+jQLzTby3iQu9OY0FXOMztb8H
28cWwVJZO3D1F7r6kJir6B8c5niEyM2o7shNIV9TOOXxA2fyDf40OxpVoruTN2Wj
BiRHE/SlEBeG9Ee0RJcq4iTTStZOISIHnMJZiQ86O+avtGLJMZwh5p/ySwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUbJRl8M6ly7DzhiEg6yKF7XJqmMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvTlJzbEdYd3pxWExzUE9HSVNEcklvWHRjbXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCAcCGKjzdZO0hD9IjpNfYNsxHyWU5JmqrKiawoM+z2
NPcsBYJlq6EXt1VV1Xi3D8NiEsk+absL44lQrqH+Y5rHvddvJSCAezPzUkilNjpH
ezmXn7/jvjYSFdxwia57ACkIpuBP0jk8NmAhIpFsFAXTEiYc7VXhwvYWA9GXmJhY
RudopUJm5tp4j07dGGZRncqQ9SKl9Q/eioxzzWWFEMncjkMnq9+ne0AeHd3Re/p2
Ps0dHBpPNFi1r28comoyWtCyk/vRxwOUybwg1qlr3qTaltV2o7yJUHwv1a6FEBY4
l12JP1H+6JYrvGJsbf/juWvyC+ENEkauKL5yhw5n90IC
-----END CERTIFICATE-----