Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nQ9iAbgN4UYlEuNTfLq16x_NaaQ.roa
File:                     nQ9iAbgN4UYlEuNTfLq16x_NaaQ.roa (raw, json)
Hash identifier:          BEf2VxY3o36Xhod0Lk3QkOgwkfWY3y0QRdqwaSrfh4w=
Subject key identifier:   9D:0F:62:01:B8:0D:E1:46:25:12:E3:53:7C:BA:B5:EB:1F:CD:69:A4
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019F185F92F0718509E084D2D8FA850AD970
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nQ9iAbgN4UYlEuNTfLq16x_NaaQ.roa
Signing time:             Tue 30 Jun 2026 11:52:24 +0000
ROA not before:           Tue 30 Jun 2026 11:52:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50635
IP address blocks:        5.134.82.0/23 maxlen: 24
                          217.113.10.0/23 maxlen: 23
                          217.113.10.0/24 maxlen: 24
                          217.113.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:18:5f:92:f0:71:85:09:e0:84:d2:d8:fa:85:0a:d9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jun 30 11:52:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d0f6201b80de1462512e3537cbab5eb1fcd69a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:35:f4:d5:f9:70:94:c4:1b:a5:aa:94:b1:2b:
                    f6:f6:56:d3:f7:9e:4e:ca:ad:02:d8:b5:b6:77:a7:
                    1b:a6:de:8d:52:59:e1:ac:8f:07:25:8c:66:26:b2:
                    06:f7:63:39:4c:c9:04:04:6e:ce:a7:ae:85:3c:80:
                    6f:21:1d:5e:de:73:47:d2:c5:93:cc:7b:27:f8:af:
                    f3:7f:2a:61:e6:8e:d0:6c:3b:fb:cb:9e:3f:dd:eb:
                    91:65:e9:a5:7d:ec:e8:39:2a:2d:f8:73:dc:ac:e7:
                    0a:62:6b:fa:09:2d:d9:93:87:f1:f8:d1:5b:ac:f6:
                    97:26:2a:1d:14:4c:6b:12:bd:d5:80:e4:b6:4e:28:
                    73:5c:8f:73:e0:59:0a:67:1d:51:20:19:d7:88:9a:
                    c6:9d:6f:8e:ec:12:f1:89:b6:40:ed:bc:b9:0f:17:
                    47:b4:c2:d6:6b:c8:8f:49:08:56:3b:bf:f6:a5:d7:
                    b0:c4:cf:93:4c:33:d6:be:ec:00:8a:90:ef:32:76:
                    1c:c2:14:50:58:36:de:e2:86:1c:1c:1f:93:d1:19:
                    90:3c:b6:7d:01:d0:ec:f4:bf:f1:8d:a5:b2:c2:30:
                    b3:b9:2f:9f:4d:ed:48:d5:c5:1e:76:77:48:cc:1a:
                    c1:da:c8:22:99:96:88:c9:8b:de:d9:70:fd:df:61:
                    2d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:0F:62:01:B8:0D:E1:46:25:12:E3:53:7C:BA:B5:EB:1F:CD:69:A4
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nQ9iAbgN4UYlEuNTfLq16x_NaaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.82.0/23
                  217.113.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:3c:03:fe:91:aa:1a:36:4d:32:f4:80:38:a8:c6:b3:59:25:
         29:5f:f4:ae:9b:56:ef:c8:d7:1b:4e:12:d5:30:7c:90:49:aa:
         9f:40:23:71:a4:d6:98:6c:8f:a5:d1:bc:80:4d:f4:e9:20:cd:
         0c:25:a4:82:6a:b4:42:df:81:8d:27:1d:24:b4:a0:bc:8c:0b:
         ca:06:59:34:96:ff:8c:1a:54:7f:7b:71:1c:dd:41:e6:e3:88:
         c6:f6:7e:57:d6:5f:d6:17:32:24:44:b6:d8:3e:f7:8c:ea:f4:
         75:e5:96:be:6b:4e:eb:1c:7f:b8:97:34:7f:94:a2:d7:1e:a3:
         c0:1b:2d:72:a0:6b:cb:69:cd:fa:2b:83:58:f1:a1:c3:fc:45:
         4c:6a:ed:7a:3a:1c:0a:7e:b1:d5:48:ea:f8:ef:7d:01:2b:92:
         10:55:ef:f5:e8:76:b3:ad:e5:5c:ad:b2:1d:49:05:5d:5b:d3:
         18:59:d7:9d:b3:92:b7:fb:62:fe:69:ae:3c:16:d8:bd:fe:77:
         43:b2:f0:ad:b3:b3:fe:1b:f7:d4:ad:ee:7c:3f:c8:23:a2:c9:
         5b:2a:73:9b:5f:f3:91:ea:be:4d:9f:86:09:73:cc:1a:a1:08:
         9d:b5:a4:b8:90:c5:c3:02:b2:35:29:96:8f:14:50:8a:ce:6b:
         07:4d:9d:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8YX5LwcYUJ4ITS2PqFCtlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjYwNjMwMTE1MjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDBmNjIwMWI4MGRlMTQ2MjUxMmUzNTM3Y2JhYjVlYjFmY2Q2OWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzX01flwlMQbpaqUsSv29lbT955O
yq0C2LW2d6cbpt6NUlnhrI8HJYxmJrIG92M5TMkEBG7Op66FPIBvIR1e3nNH0sWT
zHsn+K/zfyph5o7QbDv7y54/3euRZemlfezoOSot+HPcrOcKYmv6CS3Zk4fx+NFb
rPaXJiodFExrEr3VgOS2TihzXI9z4FkKZx1RIBnXiJrGnW+O7BLxibZA7by5DxdH
tMLWa8iPSQhWO7/2pdewxM+TTDPWvuwAipDvMnYcwhRQWDbe4oYcHB+T0RmQPLZ9
AdDs9L/xjaWywjCzuS+fTe1I1cUedndIzBrB2sgimZaIyYve2XD932EtNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ0PYgG4DeFGJRLjU3y6tesfzWmkMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvblE5aUFiZ040VVlsRXVOVGZMcTE2eF9OYWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBYZSAwQB
2XEKMA0GCSqGSIb3DQEBCwUAA4IBAQCDPAP+kaoaNk0y9IA4qMazWSUpX/Sum1bv
yNcbThLVMHyQSaqfQCNxpNaYbI+l0byATfTpIM0MJaSCarRC34GNJx0ktKC8jAvK
Blk0lv+MGlR/e3Ec3UHm44jG9n5X1l/WFzIkRLbYPveM6vR15Za+a07rHH+4lzR/
lKLXHqPAGy1yoGvLac36K4NY8aHD/EVMau16OhwKfrHVSOr4730BK5IQVe/16Haz
reVcrbIdSQVdW9MYWdeds5K3+2L+aa48Fti9/ndDsvCts7P+G/fUre58P8gjoslb
KnObX/OR6r5Nn4YJc8waoQidtaS4kMXDArI1KZaPFFCKzmsHTZ0S
-----END CERTIFICATE-----
Generated at Wed Jul 1 03:37:49 2026 by rpki-client