Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MNtQ2BMxHzU6mS55JlD1-S-_hFo.roa
File:                     MNtQ2BMxHzU6mS55JlD1-S-_hFo.roa (raw, json)
Hash identifier:          5/Nge6cmwr/rG4aqzAbOhunIaZR4MBWj2DKl2PBcN4Y=
Subject key identifier:   30:DB:50:D8:13:31:1F:35:3A:99:2E:79:26:50:F5:F9:2F:BF:84:5A
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019CDC6A2B96082C58DD5C5864206667EFE5
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MNtQ2BMxHzU6mS55JlD1-S-_hFo.roa
Signing time:             Wed 11 Mar 2026 10:21:11 +0000
ROA not before:           Wed 11 Mar 2026 10:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        195.86.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:6a:2b:96:08:2c:58:dd:5c:58:64:20:66:67:ef:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 11 10:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30db50d813311f353a992e792650f5f92fbf845a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:55:a8:d4:9f:9a:47:f6:bf:f7:99:9b:71:17:
                    f8:d7:c9:6e:51:30:2c:3d:31:4f:e1:0e:bc:ce:fe:
                    aa:7e:f4:96:ea:dd:7b:f2:6f:f8:da:07:94:e5:1c:
                    34:26:8c:4f:f4:ea:b6:53:64:88:33:7a:3d:b8:0e:
                    51:cb:5c:33:a1:2f:b2:e8:c7:d4:38:ba:02:2e:95:
                    1e:37:b4:b8:0d:db:36:55:57:a1:df:6f:b6:e7:2a:
                    07:ad:aa:2f:90:16:3e:d8:d7:e2:0a:d6:b7:7c:d2:
                    09:ad:85:e1:c5:32:f0:19:cc:3d:21:22:ea:63:44:
                    c3:cd:94:53:ba:aa:8f:07:e5:92:a3:13:2e:d7:2b:
                    5a:1f:ba:f9:86:e3:66:94:31:d7:a6:9e:ee:f8:b4:
                    88:f2:4a:b1:fa:2f:2b:80:a4:81:88:18:f1:12:c3:
                    d9:6e:2c:59:33:dc:93:ec:7d:d9:33:76:07:53:eb:
                    b3:fd:61:4c:07:97:8f:73:09:b6:75:db:b5:ce:e1:
                    3d:05:d8:d1:e1:7f:80:7a:a1:d2:ef:1a:f0:27:57:
                    e4:6a:45:80:b4:bc:78:0b:73:cb:c2:87:42:0a:d7:
                    87:8c:3e:4c:78:89:67:78:02:c9:56:a8:e2:7f:d9:
                    ae:9b:7d:0a:11:9c:22:06:09:60:61:c2:fd:20:25:
                    ed:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:DB:50:D8:13:31:1F:35:3A:99:2E:79:26:50:F5:F9:2F:BF:84:5A
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MNtQ2BMxHzU6mS55JlD1-S-_hFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.86.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:5d:f5:82:21:e9:f5:58:cd:29:30:af:5c:ed:22:4f:10:13:
         50:0f:7a:09:ef:40:28:60:e8:be:2b:aa:ce:b0:b6:b1:ff:a2:
         46:49:40:c1:bb:a2:30:59:d2:89:64:a5:a3:9b:db:93:0b:88:
         bf:bb:53:21:a3:4c:43:b7:20:f5:85:78:4b:77:4c:ca:fb:86:
         81:62:8b:f6:43:2a:7b:30:c8:65:c7:0e:65:f5:c9:31:a8:22:
         22:fb:d8:5a:c0:14:55:3f:85:fc:0d:60:33:d9:92:5b:da:97:
         33:0d:5f:34:b7:a1:98:d3:59:77:26:7b:a5:36:3e:26:0d:b6:
         aa:3e:64:2a:ab:fc:ee:2b:5b:7a:e2:81:b6:00:f3:78:7e:6a:
         65:61:26:a3:04:a4:1c:43:45:f1:a3:74:d3:e5:83:94:1a:16:
         af:a3:6a:67:29:17:29:20:d6:da:fc:6b:c4:03:09:33:63:44:
         a8:2c:8a:28:c7:60:b1:5b:a9:6f:c6:e3:69:14:49:b9:f0:03:
         39:8f:24:c1:0a:ae:ee:a5:f4:35:13:65:4a:a2:91:18:50:7e:
         25:64:a5:a7:a6:b6:36:8c:b1:12:77:48:ff:20:af:eb:1b:d7:
         52:a0:79:d1:54:ea:bd:7d:04:b7:16:e0:3b:a4:b1:db:17:14:
         40:71:8a:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcaiuWCCxY3VxYZCBmZ+/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzExMTAyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGRiNTBkODEzMzExZjM1M2E5OTJlNzkyNjUwZjVmOTJmYmY4NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1Wo1J+aR/a/95mbcRf418luUTAs
PTFP4Q68zv6qfvSW6t178m/42geU5Rw0JoxP9Oq2U2SIM3o9uA5Ry1wzoS+y6MfU
OLoCLpUeN7S4Dds2VVeh32+25yoHraovkBY+2NfiCta3fNIJrYXhxTLwGcw9ISLq
Y0TDzZRTuqqPB+WSoxMu1ytaH7r5huNmlDHXpp7u+LSI8kqx+i8rgKSBiBjxEsPZ
bixZM9yT7H3ZM3YHU+uz/WFMB5ePcwm2ddu1zuE9BdjR4X+AeqHS7xrwJ1fkakWA
tLx4C3PLwodCCteHjD5MeIlneALJVqjif9mum30KEZwiBglgYcL9ICXt1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDbUNgTMR81OpkueSZQ9fkvv4RaMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvTU50UTJCTXhIelU2bVM1NUpsRDEtUy1faEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1YTMA0G
CSqGSIb3DQEBCwUAA4IBAQBRXfWCIen1WM0pMK9c7SJPEBNQD3oJ70AoYOi+K6rO
sLax/6JGSUDBu6IwWdKJZKWjm9uTC4i/u1Mho0xDtyD1hXhLd0zK+4aBYov2Qyp7
MMhlxw5l9ckxqCIi+9hawBRVP4X8DWAz2ZJb2pczDV80t6GY01l3JnulNj4mDbaq
PmQqq/zuK1t64oG2APN4fmplYSajBKQcQ0Xxo3TT5YOUGhavo2pnKRcpINba/GvE
AwkzY0SoLIoox2CxW6lvxuNpFEm58AM5jyTBCq7upfQ1E2VKopEYUH4lZKWnprY2
jLESd0j/IK/rG9dSoHnRVOq9fQS3FuA7pLHbFxRAcYq1
-----END CERTIFICATE-----