Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/NnZ8ek-GU_RB9E9iPUKzuWfkUig.roa
File:                     NnZ8ek-GU_RB9E9iPUKzuWfkUig.roa (raw, json)
Hash identifier:          y9Oj0T4upgAlO6II3KGdhRSOHdKTzATHCfQXkHfJiSo=
Subject key identifier:   36:76:7C:7A:4F:86:53:F4:41:F4:4F:62:3D:42:B3:B9:67:E4:52:28
Certificate issuer:       /CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
Certificate serial:       019C9CA862CB2D0F1F21BD31E753AF161C68
Authority key identifier: 54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/NnZ8ek-GU_RB9E9iPUKzuWfkUig.roa
Signing time:             Fri 27 Feb 2026 01:13:26 +0000
ROA not before:           Fri 27 Feb 2026 01:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200823
IP address blocks:        95.85.236.0/24 maxlen: 24
                          95.85.237.0/24 maxlen: 24
                          95.85.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9c:a8:62:cb:2d:0f:1f:21:bd:31:e7:53:af:16:1c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
        Validity
            Not Before: Feb 27 01:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36767c7a4f8653f441f44f623d42b3b967e45228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4e:5e:e9:7f:22:7e:1b:6a:db:2c:a7:b7:ec:
                    f9:40:72:6d:9b:80:a6:71:de:f2:ed:8f:db:77:e5:
                    a6:0d:34:df:97:5b:20:29:35:bf:ce:df:41:21:d7:
                    d6:7c:02:a2:c6:3f:b4:60:ef:0c:10:d2:40:31:5b:
                    97:64:e0:e1:92:6e:6d:84:13:b0:5e:aa:98:50:dd:
                    52:24:56:c1:12:e0:31:0e:78:4d:ca:94:80:15:de:
                    70:e9:25:be:2f:e8:44:54:f9:a4:03:7a:e7:a3:31:
                    b4:5c:9b:b1:42:a4:84:03:a3:ce:dc:33:3c:33:7b:
                    15:bc:15:6f:cb:ba:97:be:b7:52:15:c5:b0:f6:61:
                    47:00:2c:60:8d:d6:a9:f4:57:86:63:56:ed:39:00:
                    fe:cc:e0:d6:57:82:53:be:e4:65:72:02:c3:17:6e:
                    a8:70:69:e3:2e:65:19:9c:9c:fc:09:a8:23:45:d8:
                    42:64:14:64:c2:8a:52:9b:8c:41:54:b0:f1:dc:16:
                    2d:5f:ac:f8:18:9d:30:db:de:3b:39:9d:6b:d1:82:
                    dc:65:dc:90:47:c9:93:d4:b2:15:42:82:8d:60:06:
                    85:b9:b1:fd:56:15:89:1b:ab:1e:17:44:a9:92:8e:
                    3e:18:bb:39:86:51:2e:95:05:31:ec:f5:f3:24:e2:
                    cc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:76:7C:7A:4F:86:53:F4:41:F4:4F:62:3D:42:B3:B9:67:E4:52:28
            X509v3 Authority Key Identifier:
                keyid:54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/NnZ8ek-GU_RB9E9iPUKzuWfkUig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.236.0/23
                  95.85.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:e0:5b:b0:aa:49:45:0b:26:7c:68:9d:c5:19:1d:70:b0:75:
         00:02:b1:ab:fd:e2:6f:fe:54:11:8c:11:46:05:7c:29:96:fa:
         de:94:bd:c7:d7:90:4a:87:09:8d:0e:28:35:59:f0:62:39:be:
         52:00:9e:b6:05:3e:22:97:de:82:03:a3:1b:44:70:37:4f:90:
         0c:d5:34:3d:d6:1d:9b:6c:18:9f:93:28:00:6a:41:ea:f0:64:
         3b:2f:e7:fc:54:0a:21:86:e4:9b:82:82:8b:c3:3c:03:a7:16:
         c8:10:90:5f:9f:7a:ce:59:b2:38:d6:48:ea:88:cc:70:e2:4c:
         22:0c:a9:9a:c5:0c:a9:45:e5:32:b1:5e:da:3e:99:a3:5f:b9:
         66:31:d1:2b:a1:64:33:e9:65:0e:d2:4b:cf:ee:06:93:ca:34:
         80:18:8c:44:14:ed:4e:83:8b:e2:f9:cc:d7:61:e5:a7:d1:60:
         dd:63:72:e9:db:cb:6c:c2:01:05:26:36:1a:56:91:c9:36:66:
         fb:3e:7a:3c:30:27:f5:f2:d8:8b:2c:6b:6d:7c:7d:59:46:ac:
         b8:55:70:ff:0a:d8:7c:4f:c7:98:09:e5:be:46:99:70:70:ac:
         7d:3d:6b:ce:aa:8c:0a:98:36:6c:0c:a7:fa:a8:68:9e:35:09:
         2b:33:9c:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZycqGLLLQ8fIb0x51OvFhxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjBiZWM4ZjU4ZGIwY2U1YjkxZjM0NTA1Mjc3ZTQwYmZk
M2FlMTEwHhcNMjYwMjI3MDExMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjc2N2M3YTRmODY1M2Y0NDFmNDRmNjIzZDQyYjNiOTY3ZTQ1MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE5e6X8ifhtq2yynt+z5QHJtm4Cm
cd7y7Y/bd+WmDTTfl1sgKTW/zt9BIdfWfAKixj+0YO8MENJAMVuXZODhkm5thBOw
XqqYUN1SJFbBEuAxDnhNypSAFd5w6SW+L+hEVPmkA3rnozG0XJuxQqSEA6PO3DM8
M3sVvBVvy7qXvrdSFcWw9mFHACxgjdap9FeGY1btOQD+zODWV4JTvuRlcgLDF26o
cGnjLmUZnJz8CagjRdhCZBRkwopSm4xBVLDx3BYtX6z4GJ0w2947OZ1r0YLcZdyQ
R8mT1LIVQoKNYAaFubH9VhWJG6seF0Spko4+GLs5hlEulQUx7PXzJOLMNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZ2fHpPhlP0QfRPYj1Cs7ln5FIoMB8GA1UdIwQY
MBaAFFSwvsj1jbDOW5HzRQUnfkC/064RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUt
MGY0ZGJiODkwYmQwLzEvTm5aOGVrLUdVX1JCOUU5aVBVS3p1V2ZrVWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUtMGY0ZGJiODkwYmQw
LzEvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBX1XsAwQA
X1XvMA0GCSqGSIb3DQEBCwUAA4IBAQCZ4FuwqklFCyZ8aJ3FGR1wsHUAArGr/eJv
/lQRjBFGBXwplvrelL3H15BKhwmNDig1WfBiOb5SAJ62BT4il96CA6MbRHA3T5AM
1TQ91h2bbBifkygAakHq8GQ7L+f8VAohhuSbgoKLwzwDpxbIEJBfn3rOWbI41kjq
iMxw4kwiDKmaxQypReUysV7aPpmjX7lmMdEroWQz6WUO0kvP7gaTyjSAGIxEFO1O
g4vi+czXYeWn0WDdY3Lp28tswgEFJjYaVpHJNmb7Pno8MCf18tiLLGttfH1ZRqy4
VXD/Cth8T8eYCeW+RplwcKx9PWvOqowKmDZsDKf6qGieNQkrM5xW
-----END CERTIFICATE-----