Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/nZDMDILCeZBaSe8pGgkQFEMoBB8.roa
File:                     nZDMDILCeZBaSe8pGgkQFEMoBB8.roa (raw, json)
Hash identifier:          XlYgESaX6EJLoA/4185eSc5A384E8E++jev4s9MD0rI=
Subject key identifier:   9D:90:CC:0C:82:C2:79:90:5A:49:EF:29:1A:09:10:14:43:28:04:1F
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       019B78A2B24587D57CD17E0D5D5D52850AFD
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/nZDMDILCeZBaSe8pGgkQFEMoBB8.roa
Signing time:             Thu 01 Jan 2026 08:18:06 +0000
ROA not before:           Thu 01 Jan 2026 08:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44922
IP address blocks:        37.247.116.0/24 maxlen: 24
                          37.247.117.0/24 maxlen: 24
                          2a03:400::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 19:57:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:b2:45:87:d5:7c:d1:7e:0d:5d:5d:52:85:0a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  1 08:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d90cc0c82c279905a49ef291a0910144328041f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:69:ff:d6:37:c3:7c:21:35:01:00:33:6d:5e:
                    ee:98:23:36:0c:1b:5e:4b:4e:4a:1b:a3:aa:c4:ce:
                    a2:d4:7f:60:98:b1:c0:95:fe:2c:c3:05:fe:5e:cc:
                    06:d6:0e:1a:92:c1:9e:78:21:22:c6:58:c7:8c:a4:
                    7e:80:f8:ed:5c:6e:78:ad:28:bf:72:31:29:6a:0f:
                    2f:42:c3:81:15:d3:40:1b:27:5d:4f:80:49:ed:16:
                    61:c4:8f:9f:45:58:29:02:f6:d8:8a:94:88:f7:29:
                    8e:7a:6e:91:c8:16:85:c4:bd:56:89:3e:5e:dc:2b:
                    e5:27:b4:c8:01:be:54:fe:14:10:bf:db:97:45:bf:
                    0a:5c:af:52:36:86:07:3b:97:4c:19:46:ea:d4:d0:
                    47:89:4c:5d:21:0e:b0:cb:c1:f9:36:ea:c9:99:2f:
                    f7:de:b7:ce:48:39:66:f8:6c:7b:b0:4c:8a:a6:60:
                    88:04:11:42:9b:9b:75:73:12:cc:97:20:32:10:22:
                    e3:6c:5f:d6:25:07:d8:71:e8:72:b3:3a:ba:b5:7f:
                    7e:06:cf:ee:65:d5:e7:5d:5a:cd:3c:49:d0:62:09:
                    0b:cf:27:ef:82:26:10:44:87:7e:e6:49:06:ea:ac:
                    53:8f:dc:57:f4:03:41:cd:af:f7:79:68:0d:35:a5:
                    1e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:90:CC:0C:82:C2:79:90:5A:49:EF:29:1A:09:10:14:43:28:04:1F
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/nZDMDILCeZBaSe8pGgkQFEMoBB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.116.0/23
                IPv6:
                  2a03:400::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:61:35:f8:c4:70:be:5e:1a:c3:6c:88:8c:13:c0:20:f1:ef:
         0d:ca:d9:ac:28:c4:2b:3c:bd:e1:76:00:85:2a:c1:98:38:29:
         bf:7f:ee:86:75:9b:09:e6:6b:07:06:dd:eb:fe:cc:4e:b2:ee:
         2e:d4:a5:58:47:98:af:7c:4a:ef:bb:29:7e:d6:22:ef:8d:ee:
         f8:3b:47:36:4b:7f:1b:56:0e:94:f5:be:a2:af:60:0a:f2:b1:
         99:97:82:01:bd:24:17:bf:63:d7:1f:cc:0a:29:77:2c:a4:b1:
         87:37:bc:a1:0c:46:41:a7:f0:23:82:42:95:46:1a:8b:c4:9a:
         c9:75:81:b5:f9:59:51:70:32:e4:3d:16:00:83:c8:8e:11:c3:
         c8:1a:de:7a:70:1e:c0:34:ea:05:3e:c8:ca:10:94:3c:bb:3c:
         6c:e6:de:39:9c:a0:58:b6:3c:94:d6:45:f9:7d:4f:64:1b:5a:
         dc:57:17:d6:3d:d5:5c:96:f4:14:49:36:60:e4:7b:49:74:60:
         42:70:f4:8a:f9:3b:1c:be:b5:21:a1:7d:02:4b:fe:a9:87:c5:
         b7:f3:5d:f6:68:55:90:ae:c7:e9:f3:c7:10:a9:e8:09:d4:85:
         01:1f:01:3a:e5:3a:d7:38:f6:7d:a2:52:dc:25:d8:24:91:0d:
         59:03:4e:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4orJFh9V80X4NXV1ShQr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjYwMTAxMDgxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkwY2MwYzgyYzI3OTkwNWE0OWVmMjkxYTA5MTAxNDQzMjgwNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGn/1jfDfCE1AQAzbV7umCM2DBte
S05KG6OqxM6i1H9gmLHAlf4swwX+XswG1g4aksGeeCEixljHjKR+gPjtXG54rSi/
cjEpag8vQsOBFdNAGyddT4BJ7RZhxI+fRVgpAvbYipSI9ymOem6RyBaFxL1WiT5e
3CvlJ7TIAb5U/hQQv9uXRb8KXK9SNoYHO5dMGUbq1NBHiUxdIQ6wy8H5NurJmS/3
3rfOSDlm+Gx7sEyKpmCIBBFCm5t1cxLMlyAyECLjbF/WJQfYcehyszq6tX9+Bs/u
ZdXnXVrNPEnQYgkLzyfvgiYQRId+5kkG6qxTj9xX9ANBza/3eWgNNaUezwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ2QzAyCwnmQWknvKRoJEBRDKAQfMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvblpETURJTENlWkJhU2U4cEdna1FGRU1vQkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBJfd0MA0E
AgACMAcDBQAqAwQAMA0GCSqGSIb3DQEBCwUAA4IBAQAGYTX4xHC+XhrDbIiME8Ag
8e8NytmsKMQrPL3hdgCFKsGYOCm/f+6GdZsJ5msHBt3r/sxOsu4u1KVYR5ivfErv
uyl+1iLvje74O0c2S38bVg6U9b6ir2AK8rGZl4IBvSQXv2PXH8wKKXcspLGHN7yh
DEZBp/AjgkKVRhqLxJrJdYG1+VlRcDLkPRYAg8iOEcPIGt56cB7ANOoFPsjKEJQ8
uzxs5t45nKBYtjyU1kX5fU9kG1rcVxfWPdVclvQUSTZg5HtJdGBCcPSK+TscvrUh
oX0CS/6ph8W38132aFWQrsfp88cQqegJ1IUBHwE65TrXOPZ9olLcJdgkkQ1ZA07P
-----END CERTIFICATE-----