Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/nSQSUiEOU-zHAWMn8ZKwogzTrM8.roa
File:                     nSQSUiEOU-zHAWMn8ZKwogzTrM8.roa (raw, json)
Hash identifier:          AC48o16lY1gJTiGIXk1jqfPVhEWM02EA+wJRG7sg7HY=
Subject key identifier:   9D:24:12:52:21:0E:53:EC:C7:01:63:27:F1:92:B0:A2:0C:D3:AC:CF
Certificate issuer:       /CN=e79ef19c273deded19cef6b36839b3ceb01edefd
Certificate serial:       019B7AC8E7007F76BBE430E83C24E911FA37
Authority key identifier: E7:9E:F1:9C:27:3D:ED:ED:19:CE:F6:B3:68:39:B3:CE:B0:1E:DE:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/nSQSUiEOU-zHAWMn8ZKwogzTrM8.roa
Signing time:             Thu 01 Jan 2026 18:19:05 +0000
ROA not before:           Thu 01 Jan 2026 18:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209232
IP address blocks:        2.56.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:e7:00:7f:76:bb:e4:30:e8:3c:24:e9:11:fa:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e79ef19c273deded19cef6b36839b3ceb01edefd
        Validity
            Not Before: Jan  1 18:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d241252210e53ecc7016327f192b0a20cd3accf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b4:44:cd:09:1a:d6:37:9b:59:4b:ba:4a:91:
                    29:e7:ad:5a:d0:21:a3:12:27:1d:f4:af:b8:34:7b:
                    19:b8:34:3c:9b:76:7d:08:3f:9d:ad:54:4c:28:9e:
                    88:ed:38:99:11:ae:3d:d6:14:cd:32:a9:18:c8:6f:
                    94:a4:b5:77:34:7c:5c:04:ea:db:c2:f5:62:5d:0e:
                    48:06:54:d9:20:34:4f:3b:4d:dc:46:ef:80:9b:86:
                    cc:46:05:9d:c7:9a:e2:e6:e2:b9:43:26:6d:16:2e:
                    8e:80:b8:bb:b3:8f:34:6e:f1:4c:ab:44:dc:81:29:
                    d6:92:08:8c:50:00:bb:23:1d:4a:72:5a:4c:49:f7:
                    24:da:53:b3:3d:8f:31:37:84:12:1a:9d:00:de:11:
                    14:cb:50:dd:4f:f9:30:21:36:70:73:b5:c8:59:ae:
                    61:d8:c0:18:09:ac:e2:d7:cf:38:36:47:f9:2c:99:
                    2b:84:72:28:d7:9c:a1:99:b3:f5:fb:97:be:8d:19:
                    08:87:b2:c2:5d:ac:fd:8c:bc:52:59:fe:a7:2f:7f:
                    67:a4:1f:14:2c:ae:3d:ee:6e:1e:51:f3:09:c7:59:
                    98:a8:3f:f6:44:a6:32:58:e8:0e:2a:91:d6:74:02:
                    20:ef:8c:9b:d0:41:4c:61:7a:ca:52:37:64:69:53:
                    31:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:24:12:52:21:0E:53:EC:C7:01:63:27:F1:92:B0:A2:0C:D3:AC:CF
            X509v3 Authority Key Identifier:
                keyid:E7:9E:F1:9C:27:3D:ED:ED:19:CE:F6:B3:68:39:B3:CE:B0:1E:DE:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/557xnCc97e0ZzvazaDmzzrAe3v0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/nSQSUiEOU-zHAWMn8ZKwogzTrM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3dde8d-bc09-47eb-8b5e-d9b72ed7cb4d/1/557xnCc97e0ZzvazaDmzzrAe3v0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:1c:73:31:b1:93:ae:73:05:e4:c6:ff:cc:d1:8f:b0:4a:30:
         d0:5c:ec:72:3d:87:47:1b:94:2a:98:c0:15:eb:cc:19:cc:54:
         49:71:2a:41:a4:7d:ed:8b:36:25:ab:1f:bd:c6:b6:52:08:7c:
         9b:c9:b2:e4:07:8b:84:f5:67:0b:92:99:a4:96:af:c6:7c:3a:
         b8:49:62:1a:44:ce:b3:cc:aa:2a:20:9c:cb:45:78:58:b4:f8:
         db:dc:d2:d8:f7:f1:e6:13:54:92:88:b8:28:b0:89:e0:c3:b4:
         02:69:85:97:5c:19:77:26:fe:25:82:9d:86:06:db:83:f1:0a:
         fd:fa:13:b2:e7:44:e4:f0:d1:01:55:c4:5f:ee:45:aa:95:0f:
         98:c0:2d:a1:57:b3:0a:80:45:65:83:32:53:b5:cd:26:89:e0:
         01:6d:0a:f6:0a:7a:7f:e8:0f:c2:92:55:a8:b9:8d:99:b0:58:
         28:26:76:6d:c9:49:3e:66:0b:0c:5b:be:db:6c:6f:2f:87:54:
         40:68:43:44:f1:d2:e4:95:35:fa:64:49:be:34:66:9e:e4:87:
         c1:0d:98:b9:80:ed:c2:c7:8b:a1:bc:06:db:fc:ea:b4:6a:65:
         4f:03:fa:3f:6f:f4:c6:14:7c:dd:3c:23:85:ef:9b:e6:ac:eb:
         4b:0a:3b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yOcAf3a75DDoPCTpEfo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OWVmMTljMjczZGVkZWQxOWNlZjZiMzY4MzliM2NlYjAx
ZWRlZmQwHhcNMjYwMTAxMTgxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDI0MTI1MjIxMGU1M2VjYzcwMTYzMjdmMTkyYjBhMjBjZDNhY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubREzQka1jebWUu6SpEp561a0CGj
Eicd9K+4NHsZuDQ8m3Z9CD+drVRMKJ6I7TiZEa491hTNMqkYyG+UpLV3NHxcBOrb
wvViXQ5IBlTZIDRPO03cRu+Am4bMRgWdx5ri5uK5QyZtFi6OgLi7s480bvFMq0Tc
gSnWkgiMUAC7Ix1KclpMSfck2lOzPY8xN4QSGp0A3hEUy1DdT/kwITZwc7XIWa5h
2MAYCazi1884Nkf5LJkrhHIo15yhmbP1+5e+jRkIh7LCXaz9jLxSWf6nL39npB8U
LK497m4eUfMJx1mYqD/2RKYyWOgOKpHWdAIg74yb0EFMYXrKUjdkaVMxzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0kElIhDlPsxwFjJ/GSsKIM06zPMB8GA1UdIwQY
MBaAFOee8ZwnPe3tGc72s2g5s86wHt79MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTU3eG5DYzk3ZTBaenZhemFEbXp6ckFlM3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zZGRlOGQtYmMwOS00N2ViLThiNWUt
ZDliNzJlZDdjYjRkLzEvblNRU1VpRU9VLXpIQVdNbjhaS3dvZ3pUck04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zZGRlOGQtYmMwOS00N2ViLThiNWUtZDliNzJlZDdjYjRk
LzEvNTU3eG5DYzk3ZTBaenZhemFEbXp6ckFlM3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjiEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmHHMxsZOucwXkxv/M0Y+wSjDQXOxyPYdHG5QqmMAV
68wZzFRJcSpBpH3tizYlqx+9xrZSCHybybLkB4uE9WcLkpmklq/GfDq4SWIaRM6z
zKoqIJzLRXhYtPjb3NLY9/HmE1SSiLgosIngw7QCaYWXXBl3Jv4lgp2GBtuD8Qr9
+hOy50Tk8NEBVcRf7kWqlQ+YwC2hV7MKgEVlgzJTtc0mieABbQr2Cnp/6A/CklWo
uY2ZsFgoJnZtyUk+ZgsMW77bbG8vh1RAaENE8dLklTX6ZEm+NGae5IfBDZi5gO3C
x4uhvAbb/Oq0amVPA/o/b/TGFHzdPCOF75vmrOtLCjtD
-----END CERTIFICATE-----