Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0nR5zSxNrbLaMwIKCKY6E5k_lNI.roa
File:                     0nR5zSxNrbLaMwIKCKY6E5k_lNI.roa (raw, json)
Hash identifier:          sGQ8bWhOk+ZGP+wXsv84gXboh5WzN0POFCpsVysYkP0=
Subject key identifier:   D2:74:79:CD:2C:4D:AD:B2:DA:33:02:0A:08:A6:3A:13:99:3F:94:D2
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EABB3409B55EE7BD9D50F0DC4CBB6D603
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0nR5zSxNrbLaMwIKCKY6E5k_lNI.roa
Signing time:             Tue 09 Jun 2026 09:25:11 +0000
ROA not before:           Tue 09 Jun 2026 09:25:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203054
IP address blocks:        212.189.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:b3:40:9b:55:ee:7b:d9:d5:0f:0d:c4:cb:b6:d6:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  9 09:25:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d27479cd2c4dadb2da33020a08a63a13993f94d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c2:2e:fc:24:a3:7d:48:72:5d:14:02:f5:26:
                    e2:4d:db:55:02:80:40:3c:7f:5f:d3:ec:50:dd:e5:
                    7b:de:19:50:d3:16:38:5b:a3:0a:f5:dc:7e:c7:ab:
                    d1:43:48:cc:4f:29:f2:31:e7:28:f9:70:49:43:f8:
                    0d:fc:e0:3e:9e:83:b1:de:44:fb:6c:57:f1:c4:c2:
                    02:6b:85:e2:a8:8c:d5:35:b3:05:6c:d3:7b:64:5c:
                    5f:18:44:30:fa:a9:45:86:34:50:c4:f2:ff:42:84:
                    76:47:4d:e0:d7:8f:bb:43:82:41:25:37:6f:a2:4c:
                    6e:e7:23:c1:ed:d9:61:a0:5a:b1:46:27:cc:49:90:
                    be:12:70:a3:95:e8:c8:bb:9a:6f:fc:b7:dc:60:c0:
                    d2:de:97:a0:5a:bb:19:05:58:21:99:fc:dd:c5:69:
                    da:ac:62:6e:0f:62:48:c5:3c:82:8b:c5:db:d2:29:
                    df:f4:ef:39:7f:7c:0a:2d:ad:0b:d5:3e:bd:67:46:
                    ef:e8:c4:20:99:63:4b:a1:a1:29:cd:56:a2:e5:87:
                    81:c2:33:4f:42:4a:f9:44:e3:21:44:b0:f6:29:ea:
                    68:c0:31:78:88:ce:5f:f8:7b:21:fc:59:92:68:4d:
                    a5:4f:67:2e:db:f7:21:66:e4:d1:28:82:8c:cf:a8:
                    87:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:74:79:CD:2C:4D:AD:B2:DA:33:02:0A:08:A6:3A:13:99:3F:94:D2
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0nR5zSxNrbLaMwIKCKY6E5k_lNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.189.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:7e:1f:3e:ca:56:eb:c6:11:e6:34:17:c1:83:29:14:5e:ca:
         ab:ee:6a:d5:58:51:bf:91:19:a5:7e:14:f6:48:50:dd:e7:f8:
         d1:b4:4b:7a:14:b7:32:8b:c1:c7:67:d6:18:0f:df:3d:37:5d:
         21:97:96:7b:a2:1b:21:d5:f3:c4:3c:63:c4:ca:9d:b1:16:53:
         40:0d:c0:8b:58:62:52:18:51:2d:4a:da:ac:d1:2d:c0:51:83:
         ba:7f:28:f0:b5:9d:8a:25:e0:4f:3f:77:00:b7:2e:be:18:6c:
         11:42:2c:83:5b:db:6b:9c:b9:73:b1:6b:5d:7c:ac:b7:cb:8f:
         1b:39:dc:f0:5e:04:be:51:b8:4c:92:6e:22:40:ef:a5:81:4d:
         37:63:cb:c7:e1:be:b2:3f:cf:8e:79:95:9a:9e:29:5e:7e:ce:
         6b:eb:f9:9e:22:bc:e7:ba:d4:e2:ac:6c:59:aa:74:89:fc:2c:
         ee:39:04:d4:1c:06:41:46:1a:b3:4a:42:b5:bf:a2:04:d8:8c:
         ba:95:b8:bb:be:a5:1a:0a:4c:25:6f:f1:78:19:36:ec:6f:91:
         33:11:07:e5:1b:fc:3f:08:a6:42:f1:87:32:c3:10:9e:b8:06:
         1a:59:d8:e6:dd:3f:55:be:3c:45:22:ac:8e:44:cf:8f:d9:87:
         55:c1:f1:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rs0CbVe572dUPDcTLttYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjA5MDkyNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjc0NzljZDJjNGRhZGIyZGEzMzAyMGEwOGE2M2ExMzk5M2Y5NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8Iu/CSjfUhyXRQC9SbiTdtVAoBA
PH9f0+xQ3eV73hlQ0xY4W6MK9dx+x6vRQ0jMTynyMeco+XBJQ/gN/OA+noOx3kT7
bFfxxMICa4XiqIzVNbMFbNN7ZFxfGEQw+qlFhjRQxPL/QoR2R03g14+7Q4JBJTdv
okxu5yPB7dlhoFqxRifMSZC+EnCjlejIu5pv/LfcYMDS3pegWrsZBVghmfzdxWna
rGJuD2JIxTyCi8Xb0inf9O85f3wKLa0L1T69Z0bv6MQgmWNLoaEpzVai5YeBwjNP
Qkr5ROMhRLD2KepowDF4iM5f+Hsh/FmSaE2lT2cu2/chZuTRKIKMz6iH7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJ0ec0sTa2y2jMCCgimOhOZP5TSMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMG5SNXpTeE5yYkxhTXdJS0NLWTZFNWtfbE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1L1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQDJfh8+ylbrxhHmNBfBgykUXsqr7mrVWFG/kRmlfhT2
SFDd5/jRtEt6FLcyi8HHZ9YYD989N10hl5Z7ohsh1fPEPGPEyp2xFlNADcCLWGJS
GFEtStqs0S3AUYO6fyjwtZ2KJeBPP3cAty6+GGwRQiyDW9trnLlzsWtdfKy3y48b
OdzwXgS+UbhMkm4iQO+lgU03Y8vH4b6yP8+OeZWanilefs5r6/meIrznutTirGxZ
qnSJ/CzuOQTUHAZBRhqzSkK1v6IE2Iy6lbi7vqUaCkwlb/F4GTbsb5EzEQflG/w/
CKZC8YcywxCeuAYaWdjm3T9VvjxFIqyORM+P2YdVwfFQ
-----END CERTIFICATE-----