Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/N0v-KmBKzbgafTbRxjP2A3otZaI.roa
File:                     N0v-KmBKzbgafTbRxjP2A3otZaI.roa (raw, json)
Hash identifier:          /NXvAva5XstkoM4QBHQX8yPEV4/F0NjD96oq9sMSzeM=
Subject key identifier:   37:4B:FE:2A:60:4A:CD:B8:1A:7D:36:D1:C6:33:F6:03:7A:2D:65:A2
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019ED215FD6676BA62B59CBAAECC445967A8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/N0v-KmBKzbgafTbRxjP2A3otZaI.roa
Signing time:             Tue 16 Jun 2026 20:18:36 +0000
ROA not before:           Tue 16 Jun 2026 20:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154317
IP address blocks:        194.77.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Jun 2026 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d2:15:fd:66:76:ba:62:b5:9c:ba:ae:cc:44:59:67:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 16 20:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=374bfe2a604acdb81a7d36d1c633f6037a2d65a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:33:e7:4f:05:ef:8e:34:86:88:98:da:1c:d6:
                    33:98:c5:ca:24:9d:c1:d8:6e:73:17:5c:6e:0d:79:
                    76:42:ee:48:61:de:bd:e6:9c:65:27:1c:c4:0c:8a:
                    04:fe:90:4a:19:e6:81:46:bf:8c:04:9f:b3:40:ba:
                    6b:ed:8c:dd:c8:60:1c:c3:ba:1e:2c:21:da:83:ab:
                    73:14:db:12:05:b9:7f:a0:f5:e8:7a:34:62:a2:2a:
                    43:a3:da:04:dc:d2:a1:07:98:45:1e:27:04:e1:7a:
                    a2:22:c8:9b:13:37:2d:09:9d:63:0b:5f:59:54:63:
                    70:72:95:be:b4:33:97:14:91:14:1d:c7:87:37:da:
                    f3:5d:69:ac:30:5c:d4:cc:9c:55:4e:15:6f:8d:bb:
                    c7:8f:c5:12:c0:f2:c2:89:27:19:f5:88:06:1e:be:
                    8d:4b:45:b9:41:ec:9b:8d:ea:4e:e1:03:ba:3d:bd:
                    32:50:84:51:26:8b:ff:78:5c:fa:79:aa:cc:5d:6b:
                    a3:31:d4:0d:73:99:12:be:99:95:f0:6d:25:c8:c6:
                    11:0f:82:8d:78:de:d1:a8:ab:50:27:b7:d2:9b:fe:
                    47:45:3b:81:36:0a:ce:c2:0c:fa:dc:8b:59:dc:e9:
                    71:13:ac:0a:ba:b4:b9:98:4c:15:b7:34:7d:dc:ea:
                    d2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4B:FE:2A:60:4A:CD:B8:1A:7D:36:D1:C6:33:F6:03:7A:2D:65:A2
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/N0v-KmBKzbgafTbRxjP2A3otZaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.77.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:5a:d8:d6:28:e6:26:9e:7f:3f:70:04:94:10:dc:d1:c7:18:
         ba:10:5f:ad:49:64:9f:a8:84:eb:8c:75:2c:52:4b:61:a8:0c:
         b1:c2:9c:39:90:5a:e7:c4:d7:84:01:29:c5:a5:d5:35:8f:9a:
         70:de:f8:a7:13:4c:28:c4:60:70:34:c6:f7:26:98:7e:dc:ac:
         76:1d:15:4b:42:dd:c4:58:a7:80:33:63:a3:d2:3c:4b:d2:28:
         83:51:27:0a:78:ba:39:8e:ce:49:b3:5c:0d:d8:76:bf:31:c9:
         2a:0c:53:e2:92:50:0f:6d:b8:1e:6d:c5:9b:45:36:06:92:6e:
         9f:2e:49:eb:d7:59:2a:64:78:ec:a7:5f:20:c0:81:ed:6c:8a:
         19:ab:0e:97:c9:d4:6d:80:08:6e:cd:ae:2f:ba:8e:7b:2e:1a:
         5d:32:1f:9c:41:36:a6:df:37:08:ff:67:f4:ac:0c:75:f0:27:
         35:d1:4f:47:39:44:20:20:3c:9b:6a:6f:5b:6a:6f:65:4c:e4:
         92:8b:8e:4c:d7:62:b1:2e:2f:52:07:f4:84:4c:43:3d:d6:b0:
         9d:61:1e:99:d3:b1:ae:b4:23:52:8d:3b:4b:f7:d1:46:46:ad:
         f6:c4:ad:9b:81:df:36:a2:58:67:82:2b:6a:20:b4:73:94:ed:
         e9:7b:23:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7SFf1mdrpitZy6rsxEWWeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjE2MjAxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzRiZmUyYTYwNGFjZGI4MWE3ZDM2ZDFjNjMzZjYwMzdhMmQ2NWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDPnTwXvjjSGiJjaHNYzmMXKJJ3B
2G5zF1xuDXl2Qu5IYd695pxlJxzEDIoE/pBKGeaBRr+MBJ+zQLpr7YzdyGAcw7oe
LCHag6tzFNsSBbl/oPXoejRioipDo9oE3NKhB5hFHicE4XqiIsibEzctCZ1jC19Z
VGNwcpW+tDOXFJEUHceHN9rzXWmsMFzUzJxVThVvjbvHj8USwPLCiScZ9YgGHr6N
S0W5QeybjepO4QO6Pb0yUIRRJov/eFz6earMXWujMdQNc5kSvpmV8G0lyMYRD4KN
eN7RqKtQJ7fSm/5HRTuBNgrOwgz63ItZ3OlxE6wKurS5mEwVtzR93OrSKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdL/ipgSs24Gn020cYz9gN6LWWiMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvTjB2LUttQkt6YmdhZlRiUnhqUDJBM290WmFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwk1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQC4WtjWKOYmnn8/cASUENzRxxi6EF+tSWSfqITrjHUs
UkthqAyxwpw5kFrnxNeEASnFpdU1j5pw3vinE0woxGBwNMb3Jph+3Kx2HRVLQt3E
WKeAM2Oj0jxL0iiDUScKeLo5js5Js1wN2Ha/MckqDFPiklAPbbgebcWbRTYGkm6f
Lknr11kqZHjsp18gwIHtbIoZqw6XydRtgAhuza4vuo57LhpdMh+cQTam3zcI/2f0
rAx18Cc10U9HOUQgIDybam9bam9lTOSSi45M12KxLi9SB/SETEM91rCdYR6Z07Gu
tCNSjTtL99FGRq32xK2bgd82olhngitqILRzlO3peyMS
-----END CERTIFICATE-----