Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/nIqaEfepRP75O-FDqMsxRqrNlcw.roa
File:                     nIqaEfepRP75O-FDqMsxRqrNlcw.roa (raw, json)
Hash identifier:          c5Y7MFJKKPQL2NHxR/9fHChMoo5Om7veAWCfhGUpBLc=
Subject key identifier:   9C:8A:9A:11:F7:A9:44:FE:F9:3B:E1:43:A8:CB:31:46:AA:CD:95:CC
Certificate issuer:       /CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
Certificate serial:       019B7C123352770CE4E0803FC3FB79698213
Authority key identifier: 36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/nIqaEfepRP75O-FDqMsxRqrNlcw.roa
Signing time:             Fri 02 Jan 2026 00:18:46 +0000
ROA not before:           Fri 02 Jan 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205093
IP address blocks:        185.230.236.0/24 maxlen: 24
                          185.230.237.0/24 maxlen: 24
                          185.230.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:33:52:77:0c:e4:e0:80:3f:c3:fb:79:69:82:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
        Validity
            Not Before: Jan  2 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c8a9a11f7a944fef93be143a8cb3146aacd95cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ff:ef:d1:fd:de:64:e7:42:6c:9c:42:6c:46:
                    cb:91:19:9d:3d:b4:0f:6b:7b:43:14:a4:68:f7:19:
                    fc:e9:16:70:4d:be:d3:60:93:f7:47:fd:6b:00:86:
                    cb:a5:9b:bc:1b:6f:86:c3:9f:fa:fb:ff:7f:33:a5:
                    d9:74:56:d4:53:61:8c:84:93:d2:5c:3d:b7:8d:64:
                    70:c1:09:ca:65:5c:4e:cf:ff:ad:ef:f9:6e:d5:24:
                    8e:f9:ed:7d:c6:f1:27:d8:3d:86:24:11:34:8f:0e:
                    2e:9a:2f:07:03:a9:4a:88:d4:a9:0b:80:7d:c0:db:
                    7c:e4:94:6e:30:af:94:97:93:b8:0a:b8:46:fd:5b:
                    d3:12:1f:1b:f5:c0:ca:3a:f6:7b:fa:89:a9:68:ad:
                    7c:57:ab:5e:0b:15:bd:96:cd:b4:9c:67:08:dd:39:
                    0c:d8:b0:d5:c0:a8:f4:49:7d:c5:2d:58:5e:8d:ea:
                    5c:5f:a2:30:d4:d9:87:9e:c7:d6:09:a3:89:c8:16:
                    fd:4f:28:a8:e0:d6:2c:4a:20:17:37:6a:77:9c:d0:
                    59:0b:a1:e4:af:a0:eb:c0:b3:25:f3:82:aa:fe:6a:
                    ec:6d:07:f3:ad:ff:66:9c:ff:69:bc:1c:a7:b1:da:
                    3c:b6:38:3e:d6:d3:f0:04:57:33:9a:d6:4b:e1:bc:
                    b5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8A:9A:11:F7:A9:44:FE:F9:3B:E1:43:A8:CB:31:46:AA:CD:95:CC
            X509v3 Authority Key Identifier:
                keyid:36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/nIqaEfepRP75O-FDqMsxRqrNlcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.236.0-185.230.238.255

    Signature Algorithm: sha256WithRSAEncryption
         91:76:60:d4:d9:67:4b:d7:3f:5c:89:5d:25:8f:2c:02:65:2e:
         6c:39:54:cb:70:5d:d7:53:fc:2b:ff:4c:c5:19:e7:e0:5a:ae:
         9f:13:d0:6c:d0:cc:2a:37:6c:90:38:a0:47:bc:44:2f:ee:07:
         ee:d1:e0:37:05:57:c1:f1:3e:93:b3:ec:5c:bf:4b:f4:1c:39:
         81:67:9c:7a:51:65:33:a6:f8:a7:8e:97:d7:90:56:e3:f6:04:
         4c:b5:03:07:df:5e:0c:41:9a:34:ff:7e:61:a9:37:66:55:d8:
         20:7d:e9:15:92:63:70:73:40:e8:c9:bb:23:52:de:9e:06:0b:
         d7:23:ca:b7:cc:54:a7:a8:15:90:6e:e3:94:83:a2:43:ab:5c:
         a8:56:9f:fc:1f:6f:f8:39:47:be:85:20:11:ee:59:51:e5:16:
         eb:5d:af:e8:f8:19:04:46:a9:51:58:fc:d3:63:0f:fb:26:d0:
         c6:23:31:ca:26:20:19:d6:84:91:ef:c3:70:29:74:f7:33:41:
         19:22:d5:fb:14:fc:43:b6:68:42:14:c9:4d:dc:ea:8c:53:46:
         df:0d:ed:8f:dc:a4:12:53:37:00:80:3b:b5:8a:1f:8f:21:eb:
         73:c6:56:9c:5f:53:60:c3:5d:ef:59:84:a3:ef:e9:dd:a1:e2:
         41:cd:ae:a9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt8EjNSdwzk4IA/w/t5aYITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Zjc2MjExZjNjNThmNmM5OGFmOTljZjY1YTZmMWU4ZmY3
YzQzYmEwHhcNMjYwMTAyMDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzhhOWExMWY3YTk0NGZlZjkzYmUxNDNhOGNiMzE0NmFhY2Q5NWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf/v0f3eZOdCbJxCbEbLkRmdPbQP
a3tDFKRo9xn86RZwTb7TYJP3R/1rAIbLpZu8G2+Gw5/6+/9/M6XZdFbUU2GMhJPS
XD23jWRwwQnKZVxOz/+t7/lu1SSO+e19xvEn2D2GJBE0jw4umi8HA6lKiNSpC4B9
wNt85JRuMK+Ul5O4CrhG/VvTEh8b9cDKOvZ7+ompaK18V6teCxW9ls20nGcI3TkM
2LDVwKj0SX3FLVhejepcX6Iw1NmHnsfWCaOJyBb9Tyio4NYsSiAXN2p3nNBZC6Hk
r6DrwLMl84Kq/mrsbQfzrf9mnP9pvBynsdo8tjg+1tPwBFczmtZL4by1OQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJyKmhH3qUT++TvhQ6jLMUaqzZXMMB8GA1UdIwQY
MBaAFDb3YhHzxY9smK+Zz2Wm8ej/fEO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUt
MmZjZjM5NjI1M2I4LzEvbklxYUVmZXBSUDc1Ty1GRHFNc3hScXJObGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUtMmZjZjM5NjI1M2I4
LzEvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK55uwD
BAC55u4wDQYJKoZIhvcNAQELBQADggEBAJF2YNTZZ0vXP1yJXSWPLAJlLmw5VMtw
XddT/Cv/TMUZ5+Barp8T0GzQzCo3bJA4oEe8RC/uB+7R4DcFV8HxPpOz7Fy/S/Qc
OYFnnHpRZTOm+KeOl9eQVuP2BEy1AwffXgxBmjT/fmGpN2ZV2CB96RWSY3BzQOjJ
uyNS3p4GC9cjyrfMVKeoFZBu45SDokOrXKhWn/wfb/g5R76FIBHuWVHlFutdr+j4
GQRGqVFY/NNjD/sm0MYjMcomIBnWhJHvw3ApdPczQRki1fsU/EO2aEIUyU3c6oxT
Rt8N7Y/cpBJTNwCAO7WKH48h63PGVpxfU2DDXe9ZhKPv6d2h4kHNrqk=
-----END CERTIFICATE-----