Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/NND9D0QUuqRwWfk2FQ5TLL1ITvQ.roa
File:                     NND9D0QUuqRwWfk2FQ5TLL1ITvQ.roa (raw, json)
Hash identifier:          0qTVd2PVqOt1Nyg+T/NMU+GljS/P/2b6OvQkmBMunY8=
Subject key identifier:   34:D0:FD:0F:44:14:BA:A4:70:59:F9:36:15:0E:53:2C:BD:48:4E:F4
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019EAD6AB373D695E97C5DFAD0D89F524666
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/NND9D0QUuqRwWfk2FQ5TLL1ITvQ.roa
Signing time:             Tue 09 Jun 2026 17:25:11 +0000
ROA not before:           Tue 09 Jun 2026 17:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204048
IP address blocks:        189.74.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:6a:b3:73:d6:95:e9:7c:5d:fa:d0:d8:9f:52:46:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: Jun  9 17:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34d0fd0f4414baa47059f936150e532cbd484ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dc:40:41:a9:71:fd:67:58:37:c3:12:63:6f:
                    62:1d:b7:27:3e:2e:3e:52:66:2f:2f:0c:a2:c3:25:
                    d8:ec:21:b3:f3:22:a0:83:67:59:a0:d9:d3:88:95:
                    4a:d9:e5:f5:07:a4:c9:21:df:2b:cc:30:29:5d:fe:
                    5c:48:2d:2a:e2:49:90:e8:d0:da:79:42:3f:50:c1:
                    fe:bd:e4:cd:77:02:e5:76:0c:c1:d3:1e:64:37:f3:
                    4e:2e:70:f9:65:ee:9f:2a:51:54:10:a1:f6:15:a3:
                    c2:2c:d4:12:d9:07:33:99:8f:33:ce:7f:c3:76:ff:
                    b4:29:7d:fe:7d:c0:c7:a8:52:0a:5c:80:f9:38:86:
                    1f:43:3d:f5:2f:ef:03:c9:37:f6:3d:53:15:f4:2b:
                    3a:40:07:c7:2e:71:a6:49:7f:91:7d:2d:39:34:d5:
                    ac:96:b7:bc:6d:72:ba:d9:df:76:31:dd:02:4e:de:
                    29:ef:4c:54:5b:26:91:2d:ee:ba:9e:d2:43:56:17:
                    90:19:7c:94:5f:3c:ae:2e:1a:0e:62:b0:0b:a3:bd:
                    38:50:f0:cf:e9:d3:e1:8f:79:da:f2:58:fe:89:55:
                    c6:35:09:08:6d:6d:16:bc:1f:8d:43:5b:20:d7:6e:
                    5b:8a:31:3f:ac:ea:de:94:d4:ba:dd:7c:c8:23:d6:
                    c2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D0:FD:0F:44:14:BA:A4:70:59:F9:36:15:0E:53:2C:BD:48:4E:F4
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/NND9D0QUuqRwWfk2FQ5TLL1ITvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.74.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:bf:d5:e5:8a:43:4f:03:8d:9b:35:01:01:3e:73:7e:4a:6a:
         8b:27:58:16:8d:6a:7f:7f:e8:07:7e:ff:d0:e8:24:cb:6a:a0:
         ea:1c:0c:29:05:47:89:6e:04:34:ac:c6:28:18:8a:ac:07:c5:
         91:33:e6:9a:02:2d:da:d9:97:13:a5:2a:4a:7e:b8:b7:67:1c:
         b1:b9:f7:e5:2d:51:37:b6:86:ab:65:8b:a3:a5:55:ef:df:10:
         28:88:9a:89:59:fc:37:02:14:4b:02:fa:c6:0e:8e:2b:84:de:
         7b:3e:66:c9:c5:8d:16:23:a9:96:20:c1:26:5f:38:76:ca:80:
         5e:cc:e4:24:bf:b6:80:1c:79:07:8d:47:b0:c0:ea:76:88:e5:
         8f:52:56:b6:06:3e:4b:49:04:75:69:55:eb:b9:ff:fd:34:e0:
         19:7e:d8:86:40:7f:4d:b3:fe:84:e8:02:22:a9:a2:1b:f5:b4:
         49:1a:5f:99:36:5d:f2:f6:69:fe:94:e5:b4:52:c2:5d:01:d2:
         7d:7d:4d:b5:6f:f9:85:ad:7b:1b:e2:0b:9c:6e:95:88:6c:24:
         90:f4:57:e7:cc:67:d5:52:7f:cc:30:a8:9d:f0:25:cf:ab:03:
         e4:0c:ae:4d:56:c1:e0:d6:9d:d4:5d:b0:41:3b:a8:ba:8a:c6:
         3a:58:1d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6tarNz1pXpfF360NifUkZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNjA5MTcyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQwZmQwZjQ0MTRiYWE0NzA1OWY5MzYxNTBlNTMyY2JkNDg0ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltxAQalx/WdYN8MSY29iHbcnPi4+
UmYvLwyiwyXY7CGz8yKgg2dZoNnTiJVK2eX1B6TJId8rzDApXf5cSC0q4kmQ6NDa
eUI/UMH+veTNdwLldgzB0x5kN/NOLnD5Ze6fKlFUEKH2FaPCLNQS2QczmY8zzn/D
dv+0KX3+fcDHqFIKXID5OIYfQz31L+8DyTf2PVMV9Cs6QAfHLnGmSX+RfS05NNWs
lre8bXK62d92Md0CTt4p70xUWyaRLe66ntJDVheQGXyUXzyuLhoOYrALo704UPDP
6dPhj3na8lj+iVXGNQkIbW0WvB+NQ1sg125bijE/rOrelNS63XzII9bC+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTQ/Q9EFLqkcFn5NhUOUyy9SE70MB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvTk5EOUQwUVV1cVJ3V2ZrMkZRNVRMTDFJVHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvUp+MA0G
CSqGSIb3DQEBCwUAA4IBAQA3v9XlikNPA42bNQEBPnN+SmqLJ1gWjWp/f+gHfv/Q
6CTLaqDqHAwpBUeJbgQ0rMYoGIqsB8WRM+aaAi3a2ZcTpSpKfri3ZxyxufflLVE3
toarZYujpVXv3xAoiJqJWfw3AhRLAvrGDo4rhN57PmbJxY0WI6mWIMEmXzh2yoBe
zOQkv7aAHHkHjUewwOp2iOWPUla2Bj5LSQR1aVXruf/9NOAZftiGQH9Ns/6E6AIi
qaIb9bRJGl+ZNl3y9mn+lOW0UsJdAdJ9fU21b/mFrXsb4gucbpWIbCSQ9FfnzGfV
Un/MMKid8CXPqwPkDK5NVsHg1p3UXbBBO6i6isY6WB0U
-----END CERTIFICATE-----