Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nVgbGv07d0xDGS2SqPeo81gbCks.roa
File:                     nVgbGv07d0xDGS2SqPeo81gbCks.roa (raw, json)
Hash identifier:          SxNRJVUlxFYycDTJAn0orexujNBa+UsMV2bn5jf5cGc=
Subject key identifier:   9D:58:1B:1A:FD:3B:77:4C:43:19:2D:92:A8:F7:A8:F3:58:1B:0A:4B
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       019E404C83F111D21FB6E3DBE85BE550F1EB
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nVgbGv07d0xDGS2SqPeo81gbCks.roa
Signing time:             Tue 19 May 2026 12:53:36 +0000
ROA not before:           Tue 19 May 2026 12:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8648
IP address blocks:        37.46.80.0/21 maxlen: 24
                          130.193.8.0/21 maxlen: 24
                          185.102.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:4c:83:f1:11:d2:1f:b6:e3:db:e8:5b:e5:50:f1:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: May 19 12:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d581b1afd3b774c43192d92a8f7a8f3581b0a4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6f:5e:4a:24:98:98:63:74:4f:5a:c7:80:6f:
                    7d:96:aa:22:a1:6a:0f:63:33:cc:ec:a1:61:ad:70:
                    66:d1:fe:5c:db:6d:01:03:50:66:53:b1:5d:f9:d8:
                    fa:de:b0:20:ab:c3:2d:85:97:3a:bd:d0:96:d2:6f:
                    71:13:ea:03:92:a7:8f:56:0d:ef:51:dc:be:06:79:
                    c8:bd:21:b3:7f:8d:6c:82:ad:26:8b:84:47:4b:a7:
                    4e:66:1b:19:65:ad:72:51:00:27:c2:a5:70:72:f8:
                    3f:3c:28:03:4d:9c:93:98:27:40:7b:a0:0f:e4:5c:
                    16:88:19:6a:3a:04:61:47:68:1b:ad:98:76:17:e4:
                    7c:80:6c:3e:27:24:4c:d9:cb:79:e1:e5:86:12:4e:
                    a0:91:b6:2d:fe:cf:30:73:d5:b7:21:22:45:15:8c:
                    db:b4:c8:1f:bb:17:92:21:db:cc:af:81:b5:f5:da:
                    2f:17:43:5b:59:c1:1d:dc:b2:50:91:aa:ef:25:e6:
                    9b:f9:4e:14:aa:5d:88:cc:bf:5f:10:fa:5c:27:51:
                    0d:eb:7d:b8:c7:91:d4:c6:3c:46:e5:2f:0f:6d:ab:
                    6b:54:01:ad:1e:19:fe:15:86:3d:32:13:59:b0:e9:
                    dc:25:8a:a9:c0:83:48:1e:62:f2:47:17:80:63:5c:
                    ba:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:58:1B:1A:FD:3B:77:4C:43:19:2D:92:A8:F7:A8:F3:58:1B:0A:4B
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/nVgbGv07d0xDGS2SqPeo81gbCks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.80.0/21
                  130.193.8.0/21
                  185.102.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:80:58:15:5e:27:4d:4c:20:58:4d:1e:95:e6:8e:cf:7f:4c:
         e6:58:20:7d:ff:25:df:98:80:93:43:d4:1c:28:7b:97:f0:68:
         cf:fb:06:31:e5:de:fa:dd:90:e4:2d:76:ed:99:e3:ea:a8:74:
         6d:82:12:66:34:ea:db:92:0b:6c:8f:06:35:8a:80:a5:a4:fd:
         4f:4e:28:69:7b:3f:24:00:df:f6:e6:fe:e2:e4:f4:0c:7b:80:
         b9:34:62:11:2b:5c:6e:a6:65:07:37:91:20:5f:bb:78:63:45:
         3b:b9:a8:19:d6:ed:86:8f:97:e0:65:dd:24:7a:02:9d:ac:47:
         96:b9:65:29:53:45:b7:af:e5:5c:6d:41:2e:fa:74:31:b3:12:
         bd:23:72:c6:0d:5c:a6:e9:ff:d8:94:6b:39:43:63:dc:31:0b:
         49:7d:8f:0f:80:41:4f:e0:58:e1:8d:c9:2b:d1:a3:43:32:6b:
         46:29:4e:8a:10:37:d5:64:31:20:fc:5d:1a:0f:88:b7:92:27:
         26:f2:0e:29:6d:ea:9d:52:54:06:79:2f:4c:53:63:ee:67:5c:
         2c:0a:b1:6f:f1:fe:08:d6:c6:45:ca:10:da:d3:81:be:f3:63:
         de:92:21:1c:2e:db:9c:53:e0:4b:11:dd:ab:cb:00:8a:f0:91:
         04:31:01:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5ATIPxEdIftuPb6FvlUPHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjYwNTE5MTI1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDU4MWIxYWZkM2I3NzRjNDMxOTJkOTJhOGY3YThmMzU4MWIwYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW9eSiSYmGN0T1rHgG99lqoioWoP
YzPM7KFhrXBm0f5c220BA1BmU7Fd+dj63rAgq8MthZc6vdCW0m9xE+oDkqePVg3v
Udy+BnnIvSGzf41sgq0mi4RHS6dOZhsZZa1yUQAnwqVwcvg/PCgDTZyTmCdAe6AP
5FwWiBlqOgRhR2gbrZh2F+R8gGw+JyRM2ct54eWGEk6gkbYt/s8wc9W3ISJFFYzb
tMgfuxeSIdvMr4G19dovF0NbWcEd3LJQkarvJeab+U4Uql2IzL9fEPpcJ1EN6324
x5HUxjxG5S8PbatrVAGtHhn+FYY9MhNZsOncJYqpwINIHmLyRxeAY1y6FwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ1YGxr9O3dMQxktkqj3qPNYGwpLMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvblZnYkd2MDdkMHhER1MyU3FQZW84MWdiQ2tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJS5QAwQD
gsEIAwQCuWYUMA0GCSqGSIb3DQEBCwUAA4IBAQA5gFgVXidNTCBYTR6V5o7Pf0zm
WCB9/yXfmICTQ9QcKHuX8GjP+wYx5d763ZDkLXbtmePqqHRtghJmNOrbkgtsjwY1
ioClpP1PTihpez8kAN/25v7i5PQMe4C5NGIRK1xupmUHN5EgX7t4Y0U7uagZ1u2G
j5fgZd0kegKdrEeWuWUpU0W3r+VcbUEu+nQxsxK9I3LGDVym6f/YlGs5Q2PcMQtJ
fY8PgEFP4Fjhjckr0aNDMmtGKU6KEDfVZDEg/F0aD4i3kicm8g4pbeqdUlQGeS9M
U2PuZ1wsCrFv8f4I1sZFyhDa04G+82PekiEcLtucU+BLEd2rywCK8JEEMQGY
-----END CERTIFICATE-----