Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NnBrljJdUuy0ZKji4Ux0Sfw3hiU.roa
File:                     NnBrljJdUuy0ZKji4Ux0Sfw3hiU.roa (raw, json)
Hash identifier:          xj2XgF22KysHNqpcSlw+03e65FeCviHN1Ca/kD6Dfc4=
Subject key identifier:   36:70:6B:96:32:5D:52:EC:B4:64:A8:E2:E1:4C:74:49:FC:37:86:25
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E820B73536D8E4BFD2913B10E7051E770
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NnBrljJdUuy0ZKji4Ux0Sfw3hiU.roa
Signing time:             Mon 01 Jun 2026 07:17:28 +0000
ROA not before:           Mon 01 Jun 2026 07:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197234
IP address blocks:        82.152.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:0b:73:53:6d:8e:4b:fd:29:13:b1:0e:70:51:e7:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  1 07:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36706b96325d52ecb464a8e2e14c7449fc378625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:17:97:ef:13:68:c0:92:2e:0d:30:c2:20:
                    06:8d:d2:75:20:ed:07:35:02:0d:95:e6:29:30:1b:
                    41:6c:e6:1c:2d:4d:40:63:c6:b1:0a:51:b7:68:85:
                    13:09:0c:29:aa:26:07:f2:5d:1e:2f:df:cd:45:4c:
                    80:82:e1:25:38:1d:e6:df:db:b7:9d:80:91:44:78:
                    5b:80:58:e1:b8:22:8c:19:8d:27:60:d7:02:9d:0b:
                    97:9f:a6:42:79:e8:e4:4f:ed:35:64:38:9f:67:23:
                    15:7e:ad:10:52:3f:fa:e1:05:1e:1c:74:81:e6:86:
                    02:e7:5d:46:eb:79:e1:c2:fc:dd:fe:2f:6a:23:65:
                    9a:06:05:f8:0c:8b:2a:ae:1a:0c:4f:f9:20:d8:e0:
                    9d:6b:ed:51:03:a4:8c:69:0f:4d:50:17:35:fb:1b:
                    66:61:f0:cc:d1:b3:2a:46:05:41:b4:ef:a8:fe:30:
                    59:56:6b:f2:02:70:5a:8d:b8:c6:18:eb:f9:54:c0:
                    7e:5f:ca:84:d3:ae:82:81:52:81:7a:56:61:92:7e:
                    57:d2:72:3c:02:75:36:ea:69:e3:ce:7c:d5:9c:8c:
                    41:26:81:87:44:43:86:e9:da:57:f0:c2:9c:47:7a:
                    52:8d:94:66:a7:0f:d0:1e:eb:75:60:8a:37:c7:9e:
                    7b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:70:6B:96:32:5D:52:EC:B4:64:A8:E2:E1:4C:74:49:FC:37:86:25
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NnBrljJdUuy0ZKji4Ux0Sfw3hiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:70:81:40:51:1d:a8:f6:2b:39:d6:ef:2b:52:04:63:e8:65:
         7e:2d:1d:18:e4:03:90:37:a2:ae:0e:bc:1a:0f:9c:4f:e8:41:
         e2:4f:67:6a:d9:3f:81:c5:90:5d:b9:fd:08:3a:50:70:a8:21:
         1f:f7:48:1f:32:69:a5:19:42:20:1f:c2:87:12:bf:65:25:df:
         39:73:49:35:e6:68:de:11:fb:4a:c1:c9:09:7d:28:00:bc:3d:
         f6:b4:13:26:79:2b:33:ab:27:d8:dc:39:07:53:ab:ba:0b:03:
         f8:95:a3:27:b3:62:31:1d:4f:ab:65:5d:f3:d5:1b:ba:00:54:
         54:1f:eb:f9:cc:99:a6:78:ca:86:07:a9:ee:fe:6b:14:b1:00:
         27:42:24:f7:19:db:92:a0:57:02:db:16:22:39:37:ba:c5:af:
         d8:20:e5:90:70:04:41:c4:ed:ea:80:46:90:d4:4e:c8:1a:b3:
         43:c0:d0:a3:76:b8:ba:a6:be:63:4e:4b:e8:77:bc:20:8e:a6:
         36:73:5a:bc:93:63:44:62:1c:3c:c3:19:40:0e:b5:de:d2:88:
         4d:45:1f:65:5d:4b:69:93:66:a7:87:b6:d9:36:6b:84:3f:ab:
         59:0e:64:e8:0e:45:59:90:a2:f8:44:ed:0c:03:15:50:c3:e2:
         2b:5d:24:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6CC3NTbY5L/SkTsQ5wUedwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMDcxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjcwNmI5NjMyNWQ1MmVjYjQ2NGE4ZTJlMTRjNzQ0OWZjMzc4NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxwXl+8TaMCSLg0wwiAGjdJ1IO0H
NQINleYpMBtBbOYcLU1AY8axClG3aIUTCQwpqiYH8l0eL9/NRUyAguElOB3m39u3
nYCRRHhbgFjhuCKMGY0nYNcCnQuXn6ZCeejkT+01ZDifZyMVfq0QUj/64QUeHHSB
5oYC511G63nhwvzd/i9qI2WaBgX4DIsqrhoMT/kg2OCda+1RA6SMaQ9NUBc1+xtm
YfDM0bMqRgVBtO+o/jBZVmvyAnBajbjGGOv5VMB+X8qE066CgVKBelZhkn5X0nI8
AnU26mnjznzVnIxBJoGHREOG6dpX8MKcR3pSjZRmpw/QHut1YIo3x557uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZwa5YyXVLstGSo4uFMdEn8N4YlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTm5CcmxqSmRVdXkwWktqaTRVeDBTZnczaGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpheMA0G
CSqGSIb3DQEBCwUAA4IBAQBFcIFAUR2o9is51u8rUgRj6GV+LR0Y5AOQN6KuDrwa
D5xP6EHiT2dq2T+BxZBduf0IOlBwqCEf90gfMmmlGUIgH8KHEr9lJd85c0k15mje
EftKwckJfSgAvD32tBMmeSszqyfY3DkHU6u6CwP4laMns2IxHU+rZV3z1Ru6AFRU
H+v5zJmmeMqGB6nu/msUsQAnQiT3GduSoFcC2xYiOTe6xa/YIOWQcARBxO3qgEaQ
1E7IGrNDwNCjdri6pr5jTkvod7wgjqY2c1q8k2NEYhw8wxlADrXe0ohNRR9lXUtp
k2anh7bZNmuEP6tZDmToDkVZkKL4RO0MAxVQw+IrXSS4
-----END CERTIFICATE-----