Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/NwpkkaGnAXAjiDxfiDcypv2Xwc4.roa
File:                     NwpkkaGnAXAjiDxfiDcypv2Xwc4.roa (raw, json)
Hash identifier:          iL53UU/nbnCRffY5g0bOqHlDmmyczBlGJkr6CAGVmIQ=
Subject key identifier:   37:0A:64:91:A1:A7:01:70:23:88:3C:5F:88:37:32:A6:FD:97:C1:CE
Certificate issuer:       /CN=375619200ec963d194a8018d4163d778a5cb526a
Certificate serial:       019D2FEF7DAD8D2A623AB5EA3B449F69CB3C
Authority key identifier: 37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/NwpkkaGnAXAjiDxfiDcypv2Xwc4.roa
Signing time:             Fri 27 Mar 2026 15:35:17 +0000
ROA not before:           Fri 27 Mar 2026 15:35:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199738
IP address blocks:        213.173.12.0/24 maxlen: 24
                          213.173.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:ef:7d:ad:8d:2a:62:3a:b5:ea:3b:44:9f:69:cb:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375619200ec963d194a8018d4163d778a5cb526a
        Validity
            Not Before: Mar 27 15:35:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=370a6491a1a7017023883c5f883732a6fd97c1ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:97:4e:38:68:42:fb:7c:e9:e3:b4:d7:0b:13:
                    5e:f2:49:25:99:6a:84:ad:f6:02:e9:76:8d:4e:b4:
                    90:1a:63:aa:b7:be:18:85:50:70:db:86:c1:44:95:
                    84:53:ad:e9:ac:90:1f:07:a9:71:91:35:a4:0b:b6:
                    96:75:ff:5e:92:47:0a:c6:4e:0a:6b:fb:b6:c7:b7:
                    34:02:c5:de:11:8c:d6:5e:5b:6c:6a:a8:39:7f:1e:
                    89:6f:68:a3:44:a2:93:70:d3:15:18:13:90:5b:20:
                    c9:36:c7:3b:0a:ea:95:24:ec:b8:1b:24:57:2b:c3:
                    07:46:84:00:04:c2:8d:03:44:b2:73:ce:67:bd:9e:
                    fa:de:5d:8e:e7:32:97:14:06:e7:37:be:d8:6c:4c:
                    5c:17:e1:60:94:f2:b5:1a:24:ef:60:c8:0d:27:36:
                    1f:3c:ab:b0:02:ef:9e:03:16:ac:82:ae:42:36:e6:
                    d9:df:a7:2b:99:9d:25:e4:bf:b7:11:0d:dc:4f:05:
                    d6:3b:e9:43:3c:80:ff:3d:f2:30:71:32:c3:4f:6b:
                    87:7f:e3:42:e6:6d:32:b9:e7:28:ca:b0:69:df:1d:
                    19:c4:c2:ee:00:b3:43:49:f9:82:33:11:80:14:7f:
                    12:55:2c:52:47:f7:ae:58:d7:69:ef:2b:fd:75:97:
                    d7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0A:64:91:A1:A7:01:70:23:88:3C:5F:88:37:32:A6:FD:97:C1:CE
            X509v3 Authority Key Identifier:
                keyid:37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/NwpkkaGnAXAjiDxfiDcypv2Xwc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:ef:0b:6a:a5:cc:8f:e7:30:ce:a8:fc:4f:97:31:10:ae:17:
         b7:18:0f:09:93:ea:00:66:5f:f1:e3:8a:89:0e:04:f2:57:56:
         23:75:d2:7b:a4:a6:9f:f4:f8:c8:ec:a4:cd:00:fe:9e:04:a5:
         24:94:39:70:7f:67:8b:b2:c8:81:12:5e:2c:f7:19:57:ea:2d:
         86:10:a5:df:7e:58:57:8e:74:28:6a:76:8b:f7:04:23:d1:a3:
         5e:06:f7:b5:06:05:e7:61:d4:7c:fb:b6:9f:c4:e2:3d:fd:45:
         d4:58:2a:0f:0f:30:fe:29:7a:6a:e4:d0:6c:1c:cd:2b:4c:bb:
         2c:0d:90:f7:56:5b:16:a9:36:36:35:de:f9:6f:79:4d:3c:39:
         24:73:5f:2b:b2:34:91:8b:ee:e1:15:c3:c8:54:4f:1e:43:f4:
         bc:d2:0d:16:82:4e:b6:49:d0:9d:2c:3a:6e:2b:09:db:5f:eb:
         d4:dc:6e:54:c1:d1:38:ce:bd:3f:63:b5:1e:36:45:22:9f:b7:
         02:6c:a9:21:35:90:bc:92:37:45:35:f2:9d:cf:8b:6f:a7:53:
         ea:ca:6d:9c:0d:aa:e8:02:19:e3:3d:58:8a:27:c2:bb:7c:cf:
         10:84:1f:f2:aa:68:2c:5e:98:f7:70:fa:8e:bf:2c:93:21:68:
         61:74:63:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0v732tjSpiOrXqO0Sfacs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTYxOTIwMGVjOTYzZDE5NGE4MDE4ZDQxNjNkNzc4YTVj
YjUyNmEwHhcNMjYwMzI3MTUzNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBhNjQ5MWExYTcwMTcwMjM4ODNjNWY4ODM3MzJhNmZkOTdjMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5dOOGhC+3zp47TXCxNe8kklmWqE
rfYC6XaNTrSQGmOqt74YhVBw24bBRJWEU63prJAfB6lxkTWkC7aWdf9ekkcKxk4K
a/u2x7c0AsXeEYzWXltsaqg5fx6Jb2ijRKKTcNMVGBOQWyDJNsc7CuqVJOy4GyRX
K8MHRoQABMKNA0Syc85nvZ763l2O5zKXFAbnN77YbExcF+FglPK1GiTvYMgNJzYf
PKuwAu+eAxasgq5CNubZ36crmZ0l5L+3EQ3cTwXWO+lDPID/PfIwcTLDT2uHf+NC
5m0yuecoyrBp3x0ZxMLuALNDSfmCMxGAFH8SVSxSR/euWNdp7yv9dZfX6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcKZJGhpwFwI4g8X4g3Mqb9l8HOMB8GA1UdIwQY
MBaAFDdWGSAOyWPRlKgBjUFj13ily1JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgt
MmVkZDIxNzgzNzAzLzEvTndwa2thR25BWEFqaUR4ZmlEY3lwdjJYd2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgtMmVkZDIxNzgzNzAz
LzEvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1a0MMA0G
CSqGSIb3DQEBCwUAA4IBAQAX7wtqpcyP5zDOqPxPlzEQrhe3GA8Jk+oAZl/x44qJ
DgTyV1YjddJ7pKaf9PjI7KTNAP6eBKUklDlwf2eLssiBEl4s9xlX6i2GEKXfflhX
jnQoanaL9wQj0aNeBve1BgXnYdR8+7afxOI9/UXUWCoPDzD+KXpq5NBsHM0rTLss
DZD3VlsWqTY2Nd75b3lNPDkkc18rsjSRi+7hFcPIVE8eQ/S80g0Wgk62SdCdLDpu
KwnbX+vU3G5UwdE4zr0/Y7UeNkUin7cCbKkhNZC8kjdFNfKdz4tvp1Pqym2cDaro
AhnjPViKJ8K7fM8QhB/yqmgsXpj3cPqOvyyTIWhhdGO4
-----END CERTIFICATE-----