Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/NdxMow94TNhxlzIzMI_r48W5M8A.roa
File:                     NdxMow94TNhxlzIzMI_r48W5M8A.roa (raw, json)
Hash identifier:          1nuZTI+erTKNkNC0wnIV7yjz0eGXOFGrHb4Av8qGq00=
Subject key identifier:   35:DC:4C:A3:0F:78:4C:D8:71:97:32:33:30:8F:EB:E3:C5:B9:33:C0
Certificate issuer:       /CN=1534838bb317b8186699f0a4485db6d9da1908d2
Certificate serial:       019E9259F750358BC9D322AE0ADAE15E3EE7
Authority key identifier: 15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/NdxMow94TNhxlzIzMI_r48W5M8A.roa
Signing time:             Thu 04 Jun 2026 11:17:09 +0000
ROA not before:           Thu 04 Jun 2026 11:17:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210834
IP address blocks:        185.149.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:59:f7:50:35:8b:c9:d3:22:ae:0a:da:e1:5e:3e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1534838bb317b8186699f0a4485db6d9da1908d2
        Validity
            Not Before: Jun  4 11:17:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35dc4ca30f784cd871973233308febe3c5b933c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:66:68:18:f0:1e:e3:73:f1:9e:2f:9e:95:58:
                    ca:62:29:06:c4:2c:43:86:7f:3c:f8:b2:15:ba:6d:
                    aa:97:c2:d7:d7:df:fe:ac:4d:9d:3a:fb:45:53:96:
                    83:06:df:d6:9f:3f:7f:bf:ef:4b:67:90:3e:8a:f9:
                    fd:af:61:6b:37:c0:92:13:f1:af:49:d6:fc:fa:0f:
                    04:84:ff:be:be:e2:5d:35:cc:0c:17:83:d6:62:20:
                    da:7f:4c:f7:4e:5c:a6:5a:03:a7:7c:7a:4c:89:28:
                    68:87:f4:6f:2a:70:d6:6c:f8:e2:b6:81:b5:7c:11:
                    76:62:07:d5:f0:7f:0b:74:36:ef:a2:6e:a1:a2:57:
                    c9:41:63:34:c8:0f:df:a0:77:c3:40:95:44:2b:19:
                    9c:b5:c6:70:6f:14:c1:66:b2:d6:59:7a:f7:6c:ea:
                    0a:97:ba:67:bd:f9:63:5e:c8:cd:d8:47:e2:f6:c8:
                    97:1e:1d:dd:f8:a2:bd:cc:31:cf:d7:8c:b4:8f:74:
                    92:8c:d4:89:72:a2:14:95:e1:51:6b:fe:1a:74:4c:
                    6a:2e:6f:51:cd:66:05:4d:ad:f3:c2:ab:a3:31:ac:
                    3d:88:39:04:40:7d:a6:0f:b9:68:cd:eb:59:7e:7c:
                    de:ce:bb:52:2a:69:e1:82:d8:0c:f8:d8:43:69:f2:
                    f1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DC:4C:A3:0F:78:4C:D8:71:97:32:33:30:8F:EB:E3:C5:B9:33:C0
            X509v3 Authority Key Identifier:
                keyid:15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/NdxMow94TNhxlzIzMI_r48W5M8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:30:e0:5f:e2:e3:7c:fb:d5:9e:27:df:42:23:5e:24:64:b4:
         cd:5c:fd:f9:0a:d5:b9:75:7e:0b:b0:b7:53:56:78:bc:6e:45:
         1b:20:25:8f:34:af:5c:c7:b4:3a:71:ff:65:5e:5d:76:c2:64:
         e8:d1:c8:40:74:ec:ce:5c:23:e1:17:8e:91:b8:54:50:cb:f9:
         33:61:2e:52:c3:ff:02:33:f4:dd:58:28:15:fe:99:f9:c4:d9:
         4e:98:5f:6c:24:7d:cd:9f:19:e9:46:45:14:3c:26:86:9d:e7:
         3f:dc:07:e8:29:f4:66:bf:67:06:e4:85:91:96:95:4f:f4:43:
         85:c0:2b:a2:84:d9:e2:01:37:12:4c:cc:04:62:bb:3a:af:ba:
         39:18:99:d0:16:f1:83:87:09:89:24:99:d8:68:5e:d4:6d:d2:
         af:e3:3b:38:58:7e:d0:75:a7:8c:01:3d:98:1c:84:0c:67:7e:
         5c:d7:28:4b:51:13:3b:f1:f7:9d:41:5a:03:14:d6:39:91:55:
         8f:2f:71:57:c8:d7:99:c3:5d:0b:6d:c4:e0:72:16:85:0f:a7:
         ed:0c:67:e6:be:0d:e0:ab:d6:4f:45:e6:7a:73:33:49:5e:24:
         eb:86:9d:50:36:7b:b8:12:bb:7e:b1:a1:f4:55:41:1b:f2:ca:
         1b:11:81:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SWfdQNYvJ0yKuCtrhXj7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MzQ4MzhiYjMxN2I4MTg2Njk5ZjBhNDQ4NWRiNmQ5ZGEx
OTA4ZDIwHhcNMjYwNjA0MTExNzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWRjNGNhMzBmNzg0Y2Q4NzE5NzMyMzMzMDhmZWJlM2M1YjkzM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGZoGPAe43Pxni+elVjKYikGxCxD
hn88+LIVum2ql8LX19/+rE2dOvtFU5aDBt/Wnz9/v+9LZ5A+ivn9r2FrN8CSE/Gv
Sdb8+g8EhP++vuJdNcwMF4PWYiDaf0z3TlymWgOnfHpMiShoh/RvKnDWbPjitoG1
fBF2YgfV8H8LdDbvom6holfJQWM0yA/foHfDQJVEKxmctcZwbxTBZrLWWXr3bOoK
l7pnvfljXsjN2Efi9siXHh3d+KK9zDHP14y0j3SSjNSJcqIUleFRa/4adExqLm9R
zWYFTa3zwqujMaw9iDkEQH2mD7lozetZfnzezrtSKmnhgtgM+NhDafLxrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXcTKMPeEzYcZcyMzCP6+PFuTPAMB8GA1UdIwQY
MBaAFBU0g4uzF7gYZpnwpEhdttnaGQjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUt
M2ExNDRjNzBlMGIwLzEvTmR4TW93OTRUTmh4bHpJek1JX3I0OFc1TThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUtM2ExNDRjNzBlMGIw
LzEvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZWIMA0G
CSqGSIb3DQEBCwUAA4IBAQAqMOBf4uN8+9WeJ99CI14kZLTNXP35CtW5dX4LsLdT
Vni8bkUbICWPNK9cx7Q6cf9lXl12wmTo0chAdOzOXCPhF46RuFRQy/kzYS5Sw/8C
M/TdWCgV/pn5xNlOmF9sJH3NnxnpRkUUPCaGnec/3AfoKfRmv2cG5IWRlpVP9EOF
wCuihNniATcSTMwEYrs6r7o5GJnQFvGDhwmJJJnYaF7UbdKv4zs4WH7QdaeMAT2Y
HIQMZ35c1yhLURM78fedQVoDFNY5kVWPL3FXyNeZw10LbcTgchaFD6ftDGfmvg3g
q9ZPReZ6czNJXiTrhp1QNnu4Ert+saH0VUEb8sobEYHq
-----END CERTIFICATE-----