Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IiiNwkDm7FKr3q5dKEJJ6zEO1a0.roa
File:                     IiiNwkDm7FKr3q5dKEJJ6zEO1a0.roa (raw, json)
Hash identifier:          0eqanXcAPPX/6LBUIHpqLb9Grb7kons5jpAp2RDVxBU=
Subject key identifier:   22:28:8D:C2:40:E6:EC:52:AB:DE:AE:5D:28:42:49:EB:31:0E:D5:AD
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EACF28C544195FDF25983843EE2B4377C
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IiiNwkDm7FKr3q5dKEJJ6zEO1a0.roa
Signing time:             Tue 09 Jun 2026 15:13:57 +0000
ROA not before:           Tue 09 Jun 2026 15:13:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141445
IP address blocks:        195.162.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:f2:8c:54:41:95:fd:f2:59:83:84:3e:e2:b4:37:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  9 15:13:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22288dc240e6ec52abdeae5d284249eb310ed5ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:32:86:91:71:7a:6c:76:a9:cd:f4:dd:f7:e2:
                    5f:13:10:92:df:7e:a5:18:25:a5:d7:d4:cf:8d:2e:
                    70:18:1e:2c:c7:23:80:b0:47:9d:e5:c3:60:b2:57:
                    52:40:91:54:4d:d7:75:7e:b9:e5:ce:3c:7f:0e:5f:
                    55:8a:86:79:0d:6e:f7:e1:03:1b:ff:fc:89:7d:75:
                    aa:93:bf:24:78:77:14:28:03:89:dc:76:1b:87:ca:
                    0f:e0:8d:1c:25:ac:a8:d2:a4:28:7b:95:2f:16:12:
                    ff:e4:2d:1f:23:62:81:7b:4e:61:bc:f6:ca:a2:d6:
                    53:9d:90:fd:e3:80:62:3c:8b:cf:38:5c:01:9d:90:
                    3a:8e:61:61:d4:df:c9:83:fd:2a:59:84:12:b9:72:
                    ef:f3:e3:8b:20:f5:07:31:57:bc:77:8f:82:f2:56:
                    fb:32:06:49:79:d1:2c:3f:16:8f:99:b7:6c:1b:14:
                    c7:b9:09:08:74:94:63:80:1a:44:2f:ff:44:06:02:
                    22:8f:3c:a3:71:c2:3c:b0:92:b8:33:9e:93:70:52:
                    e4:c2:ae:d7:70:54:b6:5a:b8:ff:bf:64:95:be:54:
                    5c:58:96:27:4c:3e:28:9c:83:0a:56:e6:0b:41:02:
                    95:43:27:de:1f:7f:be:ca:c8:18:d6:de:58:9c:c5:
                    0c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:28:8D:C2:40:E6:EC:52:AB:DE:AE:5D:28:42:49:EB:31:0E:D5:AD
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/IiiNwkDm7FKr3q5dKEJJ6zEO1a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:31:c8:8e:c6:45:ed:f8:a2:14:a2:87:67:cd:90:4b:ac:80:
         21:98:0c:eb:0c:64:9a:83:c4:62:a7:37:50:59:fe:dd:b8:e4:
         db:e1:d2:63:c9:6c:74:3a:ac:a1:53:29:11:df:48:1b:63:ac:
         ac:f0:6f:81:e2:5c:38:14:50:a5:73:2b:d8:92:cd:cf:57:8d:
         39:e5:74:54:c2:01:75:ef:35:33:9b:69:59:15:79:1b:7a:62:
         bd:57:af:c5:80:09:91:69:7b:4e:79:91:f1:af:90:70:1d:f0:
         fd:b0:98:4c:34:e3:4c:ca:89:53:c4:32:b0:c3:8c:ae:01:6e:
         69:65:e1:78:e2:db:25:43:34:cb:8a:f7:dd:49:50:b7:31:70:
         6c:52:9e:65:dc:18:66:5a:9d:df:ee:f5:70:6a:78:93:7c:32:
         9c:c3:78:72:ea:80:c5:5b:f1:de:d5:2e:97:5e:31:d8:16:12:
         38:b2:f4:2d:29:39:48:40:c6:c1:8a:e8:57:34:56:ee:c1:5c:
         76:99:1c:09:21:0c:23:07:5d:18:1e:0a:6e:15:db:9b:cf:02:
         9b:56:db:32:ab:68:f1:07:17:cf:f5:06:c2:d9:3a:54:eb:b8:
         30:19:36:50:36:e0:80:89:e1:d0:3e:cb:f0:3a:b9:ec:c0:9d:
         0d:1c:6a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6s8oxUQZX98lmDhD7itDd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjA5MTUxMzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjI4OGRjMjQwZTZlYzUyYWJkZWFlNWQyODQyNDllYjMxMGVkNWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzKGkXF6bHapzfTd9+JfExCS336l
GCWl19TPjS5wGB4sxyOAsEed5cNgsldSQJFUTdd1frnlzjx/Dl9VioZ5DW734QMb
//yJfXWqk78keHcUKAOJ3HYbh8oP4I0cJayo0qQoe5UvFhL/5C0fI2KBe05hvPbK
otZTnZD944BiPIvPOFwBnZA6jmFh1N/Jg/0qWYQSuXLv8+OLIPUHMVe8d4+C8lb7
MgZJedEsPxaPmbdsGxTHuQkIdJRjgBpEL/9EBgIijzyjccI8sJK4M56TcFLkwq7X
cFS2Wrj/v2SVvlRcWJYnTD4onIMKVuYLQQKVQyfeH3++ysgY1t5YnMUMyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIojcJA5uxSq96uXShCSesxDtWtMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvSWlpTndrRG03RktyM3E1ZEtFSko2ekVPMWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6L2MA0G
CSqGSIb3DQEBCwUAA4IBAQDZMciOxkXt+KIUoodnzZBLrIAhmAzrDGSag8RipzdQ
Wf7duOTb4dJjyWx0OqyhUykR30gbY6ys8G+B4lw4FFClcyvYks3PV4055XRUwgF1
7zUzm2lZFXkbemK9V6/FgAmRaXtOeZHxr5BwHfD9sJhMNONMyolTxDKww4yuAW5p
ZeF44tslQzTLivfdSVC3MXBsUp5l3BhmWp3f7vVwaniTfDKcw3hy6oDFW/He1S6X
XjHYFhI4svQtKTlIQMbBiuhXNFbuwVx2mRwJIQwjB10YHgpuFdubzwKbVtsyq2jx
BxfP9QbC2TpU67gwGTZQNuCAieHQPsvwOrnswJ0NHGrx
-----END CERTIFICATE-----