Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/nNl6NGyF3T8vJ8AAtIkn4-0X5T8.roa
File:                     nNl6NGyF3T8vJ8AAtIkn4-0X5T8.roa (raw, json)
Hash identifier:          dpRxbGigIJULOJ37FZ/ZTlPFJRhup86+sQ8jgaZzcbo=
Subject key identifier:   9C:D9:7A:34:6C:85:DD:3F:2F:27:C0:00:B4:89:27:E3:ED:17:E5:3F
Certificate issuer:       /CN=8777b5b36f66e13c4388c9934da507856515d073
Certificate serial:       019C9ED247763C59931044FF4CD48E8B31E5
Authority key identifier: 87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/nNl6NGyF3T8vJ8AAtIkn4-0X5T8.roa
Signing time:             Fri 27 Feb 2026 11:18:26 +0000
ROA not before:           Fri 27 Feb 2026 11:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49964
IP address blocks:        37.19.8.0/21 maxlen: 24
                          185.185.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:d2:47:76:3c:59:93:10:44:ff:4c:d4:8e:8b:31:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8777b5b36f66e13c4388c9934da507856515d073
        Validity
            Not Before: Feb 27 11:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9cd97a346c85dd3f2f27c000b48927e3ed17e53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:42:c6:d3:e2:72:2e:b2:12:13:17:ac:10:68:
                    b1:c3:a4:af:21:78:48:68:92:cc:a4:58:03:bb:f3:
                    a9:f7:07:bb:57:54:03:48:1d:37:8a:65:94:86:5c:
                    71:59:c8:7b:a3:36:30:4f:25:c9:b4:c3:d0:2e:46:
                    25:e2:36:95:5c:19:2b:ea:c2:35:7b:b2:7b:c8:9a:
                    8b:21:11:a5:fe:37:34:37:0a:29:ae:c7:9b:27:f1:
                    fe:14:c3:4a:6c:14:96:b0:73:75:98:3c:ff:02:5f:
                    4c:0c:7e:4c:7f:e0:1d:ce:46:0c:58:35:d3:fb:2f:
                    3f:a9:bd:2b:65:4e:a3:b3:c0:0c:e2:b3:f5:8d:31:
                    6b:24:58:48:cb:4c:06:7d:32:37:3c:d4:76:3f:16:
                    d9:dc:24:5d:9e:a3:26:bd:ad:80:40:be:7d:72:ca:
                    b8:15:e4:58:46:f1:2c:61:69:e2:9c:ce:c4:95:0f:
                    0d:6b:dc:a5:6c:bf:73:83:72:bf:68:a4:d3:65:ee:
                    ff:b2:a8:92:66:4f:f0:59:f2:d6:91:40:fb:7c:83:
                    85:c9:6f:f7:5e:d9:09:34:ba:5f:29:e2:00:d3:b3:
                    49:7f:10:ea:63:17:6a:82:fc:b4:b7:cd:ac:15:b5:
                    1a:a2:55:7b:90:75:5b:a5:c7:b3:68:39:78:65:20:
                    55:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D9:7A:34:6C:85:DD:3F:2F:27:C0:00:B4:89:27:E3:ED:17:E5:3F
            X509v3 Authority Key Identifier:
                keyid:87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/nNl6NGyF3T8vJ8AAtIkn4-0X5T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.8.0/21
                  185.185.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:be:86:86:0f:57:3e:aa:68:e3:e0:0f:8d:7d:50:5f:50:9a:
         68:5e:d8:a4:26:26:d9:b1:82:e0:ab:e1:b7:91:81:39:ac:6d:
         72:d5:82:fd:c1:c9:24:2e:b2:f6:30:ed:74:54:bb:e6:fe:eb:
         2c:e6:70:27:0a:bf:55:dc:8a:9c:23:d3:5d:6a:a5:1f:7f:3a:
         24:00:8c:48:9d:37:4f:f3:59:1b:ac:f7:8f:eb:88:fa:a6:8d:
         61:e8:87:2a:79:74:91:cb:39:6e:e2:9b:37:f9:6e:b3:80:79:
         a9:74:94:cc:17:5e:71:35:91:8c:17:0b:7d:84:4f:99:dd:ee:
         5d:f5:5b:60:ab:f7:6c:ac:13:f2:9f:50:d8:a1:7d:52:7b:3d:
         2b:df:05:70:40:51:54:dd:0a:df:81:92:6c:ef:fa:7c:a0:c6:
         bb:b2:8d:45:1c:76:8f:1c:7f:f6:c3:41:78:12:38:76:bc:2a:
         cc:31:96:8b:b2:b2:99:1b:8c:a0:07:bd:27:03:1a:57:28:ef:
         5e:57:43:6f:c6:d6:e7:78:08:93:c7:9b:d2:0c:90:66:fc:df:
         92:5a:3e:48:5d:0e:f0:32:9d:c3:8b:09:20:9d:cc:42:a3:09:
         29:c3:72:72:39:8d:93:ef:96:45:ef:bb:ff:59:ed:39:d8:9b:
         f6:60:d3:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZye0kd2PFmTEET/TNSOizHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzdiNWIzNmY2NmUxM2M0Mzg4Yzk5MzRkYTUwNzg1NjUx
NWQwNzMwHhcNMjYwMjI3MTExODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q5N2EzNDZjODVkZDNmMmYyN2MwMDBiNDg5MjdlM2VkMTdlNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0LG0+JyLrISExesEGixw6SvIXhI
aJLMpFgDu/Op9we7V1QDSB03imWUhlxxWch7ozYwTyXJtMPQLkYl4jaVXBkr6sI1
e7J7yJqLIRGl/jc0NwoprsebJ/H+FMNKbBSWsHN1mDz/Al9MDH5Mf+AdzkYMWDXT
+y8/qb0rZU6js8AM4rP1jTFrJFhIy0wGfTI3PNR2PxbZ3CRdnqMmva2AQL59csq4
FeRYRvEsYWninM7ElQ8Na9ylbL9zg3K/aKTTZe7/sqiSZk/wWfLWkUD7fIOFyW/3
XtkJNLpfKeIA07NJfxDqYxdqgvy0t82sFbUaolV7kHVbpcezaDl4ZSBVRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJzZejRshd0/LyfAALSJJ+PtF+U/MB8GA1UdIwQY
MBaAFId3tbNvZuE8Q4jJk02lB4VlFdBzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNlMXMyOW00VHhEaU1tVFRhVUhoV1VWMEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mOTJlMmEtZTFlNC00ODdkLTlhY2Mt
ZWQxZjMwY2MxYzU3LzEvbk5sNk5HeUYzVDh2SjhBQXRJa240LTBYNVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mOTJlMmEtZTFlNC00ODdkLTlhY2MtZWQxZjMwY2MxYzU3
LzEvaDNlMXMyOW00VHhEaU1tVFRhVUhoV1VWMEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJRMIAwQA
ubnnMA0GCSqGSIb3DQEBCwUAA4IBAQCbvoaGD1c+qmjj4A+NfVBfUJpoXtikJibZ
sYLgq+G3kYE5rG1y1YL9wckkLrL2MO10VLvm/uss5nAnCr9V3IqcI9NdaqUffzok
AIxInTdP81kbrPeP64j6po1h6IcqeXSRyzlu4ps3+W6zgHmpdJTMF15xNZGMFwt9
hE+Z3e5d9Vtgq/dsrBPyn1DYoX1Sez0r3wVwQFFU3QrfgZJs7/p8oMa7so1FHHaP
HH/2w0F4Ejh2vCrMMZaLsrKZG4ygB70nAxpXKO9eV0NvxtbneAiTx5vSDJBm/N+S
Wj5IXQ7wMp3DiwkgncxCowkpw3JyOY2T75ZF77v/We052Jv2YNNY
-----END CERTIFICATE-----