Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Nt20MB19h9M1uivpv5FCnN2xdXI.roa
File:                     Nt20MB19h9M1uivpv5FCnN2xdXI.roa (raw, json)
Hash identifier:          pMI4iuf0VDtrwRVnIKjpqdkhNctKuOfiRqEWZeFRmuA=
Subject key identifier:   36:DD:B4:30:1D:7D:87:D3:35:BA:2B:E9:BF:91:42:9C:DD:B1:75:72
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E1CE3E1227E80E07296545785F2838D9E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Nt20MB19h9M1uivpv5FCnN2xdXI.roa
Signing time:             Tue 12 May 2026 15:52:36 +0000
ROA not before:           Tue 12 May 2026 15:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211439
IP address blocks:        185.242.110.0/24 maxlen: 24
                          185.242.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:e3:e1:22:7e:80:e0:72:96:54:57:85:f2:83:8d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 12 15:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36ddb4301d7d87d335ba2be9bf91429cddb17572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9f:06:4d:9c:c0:d6:04:df:1a:28:dd:30:73:
                    e8:d5:22:29:75:99:a0:f4:f7:90:69:81:9c:70:b6:
                    6e:2a:ec:14:60:34:6d:a1:9d:8b:6e:b3:ae:32:48:
                    68:c7:56:83:4b:f8:f3:bd:d2:e5:07:23:03:88:f9:
                    b7:cc:18:b1:51:3a:f8:73:c3:ce:fc:34:a8:9e:53:
                    de:cf:66:a2:b1:ad:e0:bd:85:66:d8:ec:1b:f8:b6:
                    45:b1:26:d4:3c:9a:0f:19:c8:66:ae:85:19:dd:99:
                    ac:1e:4d:d5:30:15:fc:45:2b:90:07:7d:66:73:e3:
                    60:9b:12:65:3e:59:b4:e2:61:86:2b:37:b3:bd:5b:
                    e2:6c:70:6b:10:8a:06:ac:35:d1:73:2c:df:96:ad:
                    25:b2:3a:73:7a:02:32:69:e3:a1:1d:05:7f:2d:55:
                    49:af:ff:da:f5:f2:d7:91:03:f2:ab:a8:19:58:98:
                    30:ac:27:f0:97:e5:03:b9:9b:73:c2:26:21:25:c0:
                    7c:f7:90:c0:7b:af:b6:e7:4e:e8:20:67:50:0e:82:
                    f0:68:f4:ac:1e:b6:08:1d:cd:2a:46:f5:8e:b6:17:
                    0e:31:c7:38:ef:81:bc:17:88:9e:12:7f:2b:ca:34:
                    cd:ba:8c:e3:14:9a:ef:90:fb:b9:02:d4:a2:3f:ac:
                    fd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DD:B4:30:1D:7D:87:D3:35:BA:2B:E9:BF:91:42:9C:DD:B1:75:72
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Nt20MB19h9M1uivpv5FCnN2xdXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:f7:6e:2b:bc:4b:0d:03:e0:67:47:e9:5b:17:5e:d5:02:ae:
         1a:6b:ca:59:14:fb:4d:e3:4b:5c:64:ae:a5:7f:f3:46:d5:9f:
         e6:51:f7:df:e8:ee:85:fc:62:bd:ff:60:c1:a3:2e:6d:be:d6:
         7a:a9:4b:47:5c:72:27:ba:bb:1a:0e:a2:b5:ce:0c:90:fd:ab:
         ff:47:d6:ab:95:fd:c0:2c:5e:24:e9:3d:c2:ca:dc:43:9e:51:
         ed:4f:ba:ec:4e:f3:db:e8:ae:0f:19:46:6a:f0:8d:a0:69:f6:
         38:95:3a:e2:95:32:d1:0f:38:a9:a7:66:a9:f0:88:af:2e:ac:
         24:60:18:b1:bd:af:4d:ae:34:26:7f:9b:60:00:71:1e:40:b7:
         13:db:4d:86:a3:68:bd:20:0c:bd:cd:f4:37:5b:cb:f2:24:81:
         b8:d5:f7:29:6e:04:ae:43:9c:da:27:d4:f9:05:54:ae:15:6f:
         d8:f4:37:08:73:ef:ab:ef:03:fe:63:af:6c:c2:7f:dc:37:7a:
         10:89:3b:6d:a5:5d:ce:1a:1d:29:a5:d9:03:ec:aa:8e:3a:ea:
         71:4c:9d:df:2f:5d:3f:fa:b1:62:88:c2:db:17:9d:d8:b7:48:
         87:6a:ee:94:38:c7:ed:7f:cc:bf:f0:08:90:57:19:d2:b1:61:
         16:04:83:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4c4+EifoDgcpZUV4Xyg42eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNTEyMTU1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRkYjQzMDFkN2Q4N2QzMzViYTJiZTliZjkxNDI5Y2RkYjE3NTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu58GTZzA1gTfGijdMHPo1SIpdZmg
9PeQaYGccLZuKuwUYDRtoZ2LbrOuMkhox1aDS/jzvdLlByMDiPm3zBixUTr4c8PO
/DSonlPez2aisa3gvYVm2Owb+LZFsSbUPJoPGchmroUZ3ZmsHk3VMBX8RSuQB31m
c+NgmxJlPlm04mGGKzezvVvibHBrEIoGrDXRcyzflq0lsjpzegIyaeOhHQV/LVVJ
r//a9fLXkQPyq6gZWJgwrCfwl+UDuZtzwiYhJcB895DAe6+2507oIGdQDoLwaPSs
HrYIHc0qRvWOthcOMcc474G8F4ieEn8ryjTNuozjFJrvkPu5AtSiP6z9wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbdtDAdfYfTNbor6b+RQpzdsXVyMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTnQyME1CMTloOU0xdWl2cHY1RkNuTjJ4ZFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufJuMA0G
CSqGSIb3DQEBCwUAA4IBAQCN924rvEsNA+BnR+lbF17VAq4aa8pZFPtN40tcZK6l
f/NG1Z/mUfff6O6F/GK9/2DBoy5tvtZ6qUtHXHInursaDqK1zgyQ/av/R9arlf3A
LF4k6T3CytxDnlHtT7rsTvPb6K4PGUZq8I2gafY4lTrilTLRDzipp2ap8IivLqwk
YBixva9NrjQmf5tgAHEeQLcT202Go2i9IAy9zfQ3W8vyJIG41fcpbgSuQ5zaJ9T5
BVSuFW/Y9DcIc++r7wP+Y69swn/cN3oQiTttpV3OGh0ppdkD7KqOOupxTJ3fL10/
+rFiiMLbF53Yt0iHau6UOMftf8y/8AiQVxnSsWEWBIPM
-----END CERTIFICATE-----