Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/NnLh8TC21_I7aIxYqBVOxMDsYn8.roa
File:                     NnLh8TC21_I7aIxYqBVOxMDsYn8.roa (raw, json)
Hash identifier:          abZc4byKeRvjtv7jM3QRQhlxOH/1CVxvgCdUA7yEv1Y=
Subject key identifier:   36:72:E1:F1:30:B6:D7:F2:3B:68:8C:58:A8:15:4E:C4:C0:EC:62:7F
Certificate issuer:       /CN=53f8bacc3659dcb3389aa47e3664a5f8284e00af
Certificate serial:       019B7910C763AE6DF5805A29CB8772C69960
Authority key identifier: 53:F8:BA:CC:36:59:DC:B3:38:9A:A4:7E:36:64:A5:F8:28:4E:00:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/NnLh8TC21_I7aIxYqBVOxMDsYn8.roa
Signing time:             Thu 01 Jan 2026 10:18:21 +0000
ROA not before:           Thu 01 Jan 2026 10:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200924
IP address blocks:        194.30.186.0/24 maxlen: 24
                          2a10:3d80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:c7:63:ae:6d:f5:80:5a:29:cb:87:72:c6:99:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f8bacc3659dcb3389aa47e3664a5f8284e00af
        Validity
            Not Before: Jan  1 10:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3672e1f130b6d7f23b688c58a8154ec4c0ec627f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2a:8d:14:18:fe:fa:5b:81:df:34:fd:68:5a:
                    0c:03:43:71:9f:b5:55:1c:f6:82:07:ab:be:52:af:
                    88:e2:0d:32:a2:4e:62:55:66:30:da:b5:f2:f0:5a:
                    54:0c:cf:cb:64:12:e0:80:6a:2f:1f:d1:fc:11:8c:
                    6b:f5:66:c8:d4:97:9c:1b:46:7d:bb:b6:66:b3:52:
                    07:c6:cf:a5:78:71:69:06:20:d6:9a:8f:0a:45:8f:
                    73:57:37:3e:66:67:00:88:a5:23:20:a6:38:eb:f6:
                    76:45:03:34:5c:44:67:ea:c2:16:34:34:9a:30:99:
                    3d:43:0e:30:3a:de:9a:23:36:95:05:57:99:07:16:
                    cb:6d:a4:6c:f4:60:52:9b:9e:a4:5b:2a:78:1f:dd:
                    13:cd:ad:3a:6c:11:e9:89:48:ea:25:f3:05:6a:fa:
                    6c:d6:38:90:3e:51:4c:53:b5:bd:cb:d4:bf:de:8a:
                    bd:99:f1:e9:bb:da:72:b4:33:ad:99:12:c3:51:89:
                    95:bb:05:ae:84:0e:45:9d:51:3c:91:94:5c:25:73:
                    71:17:56:81:9a:0d:96:82:c5:26:e9:7a:d9:b2:9a:
                    0b:ee:a5:41:f3:d9:66:6a:f5:f1:08:29:33:16:cf:
                    2c:a2:80:df:70:42:a7:02:61:b2:b8:cb:7b:8f:8d:
                    1a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:72:E1:F1:30:B6:D7:F2:3B:68:8C:58:A8:15:4E:C4:C0:EC:62:7F
            X509v3 Authority Key Identifier:
                keyid:53:F8:BA:CC:36:59:DC:B3:38:9A:A4:7E:36:64:A5:F8:28:4E:00:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/NnLh8TC21_I7aIxYqBVOxMDsYn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b35d6a-8bd4-42bd-abdd-15107bca45b5/1/U_i6zDZZ3LM4mqR-NmSl-ChOAK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.186.0/24
                IPv6:
                  2a10:3d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:8a:80:b3:0c:05:b3:67:b9:80:7d:61:85:db:3a:fd:8a:33:
         99:6b:20:e7:4b:cf:a8:34:1e:d7:37:b9:6f:69:8f:b1:27:3c:
         2f:12:3e:c0:04:55:21:e4:b3:b3:21:20:be:41:0e:4b:c3:bc:
         2a:00:08:23:9d:67:8e:64:a9:ff:83:34:f7:2a:8b:8c:d2:83:
         22:6c:7e:6a:30:11:53:45:36:7e:e8:f8:db:ad:16:0d:8d:9d:
         00:6a:4e:cf:2b:e1:29:db:a5:27:8c:1d:fe:24:3d:29:57:2a:
         3f:98:c0:7e:22:5e:da:85:06:5f:ac:2c:ea:ee:f2:a1:db:eb:
         f5:30:b0:59:40:c8:6b:48:ce:69:df:41:d8:bc:1a:b9:82:1c:
         5e:88:11:dd:1a:59:74:a9:b9:00:1d:25:f9:0e:d0:1c:86:18:
         14:eb:7b:cb:78:d4:f5:75:a4:07:de:e9:d2:7b:2f:7d:23:19:
         cc:af:e5:e9:b1:d9:b7:64:27:bf:3f:c8:80:57:8e:65:00:44:
         c7:65:1d:5d:88:57:c5:60:72:c7:05:ff:f8:ac:d0:e6:04:94:
         ce:b6:ca:7b:e9:81:b5:1a:b1:a0:4a:84:ea:38:5c:92:6b:ed:
         3f:60:24:e3:50:e7:6c:61:80:a0:87:e9:a6:29:58:5f:a9:d2:
         59:04:81:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5EMdjrm31gFopy4dyxplgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjhiYWNjMzY1OWRjYjMzODlhYTQ3ZTM2NjRhNWY4Mjg0
ZTAwYWYwHhcNMjYwMTAxMTAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjcyZTFmMTMwYjZkN2YyM2I2ODhjNThhODE1NGVjNGMwZWM2MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCqNFBj++luB3zT9aFoMA0Nxn7VV
HPaCB6u+Uq+I4g0yok5iVWYw2rXy8FpUDM/LZBLggGovH9H8EYxr9WbI1JecG0Z9
u7Zms1IHxs+leHFpBiDWmo8KRY9zVzc+ZmcAiKUjIKY46/Z2RQM0XERn6sIWNDSa
MJk9Qw4wOt6aIzaVBVeZBxbLbaRs9GBSm56kWyp4H90Tza06bBHpiUjqJfMFavps
1jiQPlFMU7W9y9S/3oq9mfHpu9pytDOtmRLDUYmVuwWuhA5FnVE8kZRcJXNxF1aB
mg2WgsUm6XrZspoL7qVB89lmavXxCCkzFs8sooDfcEKnAmGyuMt7j40a6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDZy4fEwttfyO2iMWKgVTsTA7GJ/MB8GA1UdIwQY
MBaAFFP4usw2WdyzOJqkfjZkpfgoTgCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9pNnpEWlozTE00bXFSLU5tU2wtQ2hPQUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9iMzVkNmEtOGJkNC00MmJkLWFiZGQt
MTUxMDdiY2E0NWI1LzEvTm5MaDhUQzIxX0k3YUl4WXFCVk94TURzWW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9iMzVkNmEtOGJkNC00MmJkLWFiZGQtMTUxMDdiY2E0NWI1
LzEvVV9pNnpEWlozTE00bXFSLU5tU2wtQ2hPQUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwh66MA0E
AgACMAcDBQMqED2AMA0GCSqGSIb3DQEBCwUAA4IBAQCfioCzDAWzZ7mAfWGF2zr9
ijOZayDnS8+oNB7XN7lvaY+xJzwvEj7ABFUh5LOzISC+QQ5Lw7wqAAgjnWeOZKn/
gzT3KouM0oMibH5qMBFTRTZ+6PjbrRYNjZ0Aak7PK+Ep26UnjB3+JD0pVyo/mMB+
Il7ahQZfrCzq7vKh2+v1MLBZQMhrSM5p30HYvBq5ghxeiBHdGll0qbkAHSX5DtAc
hhgU63vLeNT1daQH3unSey99IxnMr+Xpsdm3ZCe/P8iAV45lAETHZR1diFfFYHLH
Bf/4rNDmBJTOtsp76YG1GrGgSoTqOFySa+0/YCTjUOdsYYCgh+mmKVhfqdJZBIEu
-----END CERTIFICATE-----