Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/Nq2jt4deL1vcbLLP6JUlP--zYjU.roa
File:                     Nq2jt4deL1vcbLLP6JUlP--zYjU.roa (raw, json)
Hash identifier:          o2B0T84JtLq/eEsMjiJgMnquL7CfY7FdFEuIWNrRV8U=
Subject key identifier:   36:AD:A3:B7:87:5E:2F:5B:DC:6C:B2:CF:E8:95:25:3F:EF:B3:62:35
Certificate issuer:       /CN=c41de537530874af11ae7cd2e2f618da6b0d8efa
Certificate serial:       019D2E430605C5E7FF06CBD0894521E6E135
Authority key identifier: C4:1D:E5:37:53:08:74:AF:11:AE:7C:D2:E2:F6:18:DA:6B:0D:8E:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xB3lN1MIdK8RrnzS4vYY2msNjvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/Nq2jt4deL1vcbLLP6JUlP--zYjU.roa
Signing time:             Fri 27 Mar 2026 07:47:17 +0000
ROA not before:           Fri 27 Mar 2026 07:47:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204486
IP address blocks:        194.187.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/xB3lN1MIdK8RrnzS4vYY2msNjvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/xB3lN1MIdK8RrnzS4vYY2msNjvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xB3lN1MIdK8RrnzS4vYY2msNjvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:43:06:05:c5:e7:ff:06:cb:d0:89:45:21:e6:e1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41de537530874af11ae7cd2e2f618da6b0d8efa
        Validity
            Not Before: Mar 27 07:47:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36ada3b7875e2f5bdc6cb2cfe895253fefb36235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fd:ab:8c:1e:e8:8e:15:65:d7:51:c2:d5:e0:
                    ff:d3:41:44:0a:5d:c2:1e:06:3e:d5:a0:52:1c:d0:
                    a1:08:24:99:67:77:96:1b:b3:f6:bc:d0:e0:90:d7:
                    20:25:1e:ad:d2:d0:19:f5:d7:ec:67:84:70:44:6b:
                    f6:a6:10:5c:ec:95:fc:dc:8d:2e:6a:16:c0:14:c9:
                    56:1e:84:27:21:69:d0:4b:2b:fe:39:c4:79:80:f5:
                    39:e3:8f:46:64:4c:eb:b6:e7:99:d9:e7:b1:1c:95:
                    0f:9c:0d:a6:8a:54:e9:9c:21:53:fd:40:8f:09:e9:
                    a4:1d:10:61:55:b1:a4:7b:61:28:0c:f6:d9:a0:e1:
                    52:e5:67:dd:8f:7f:65:ea:03:0e:16:25:08:af:fd:
                    41:c0:f1:ed:69:14:48:bf:08:3e:e0:bf:06:9d:52:
                    ac:c3:06:92:b1:52:be:b2:13:92:45:f7:b5:12:f9:
                    07:a3:72:ac:a0:6f:0c:0f:30:c5:e7:e0:e6:76:ed:
                    e2:a3:94:9a:79:44:23:60:90:58:10:8e:86:58:0e:
                    4f:8a:a3:6b:80:c7:12:43:b7:05:80:04:b2:23:ac:
                    3c:26:26:21:35:ae:30:16:97:da:05:61:64:cb:0a:
                    ba:30:68:c1:7c:9c:57:ea:a6:38:e6:fd:9e:ff:b6:
                    58:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:AD:A3:B7:87:5E:2F:5B:DC:6C:B2:CF:E8:95:25:3F:EF:B3:62:35
            X509v3 Authority Key Identifier:
                keyid:C4:1D:E5:37:53:08:74:AF:11:AE:7C:D2:E2:F6:18:DA:6B:0D:8E:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xB3lN1MIdK8RrnzS4vYY2msNjvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/Nq2jt4deL1vcbLLP6JUlP--zYjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/21aac6-c9b8-4e86-a578-926d5342cddf/1/xB3lN1MIdK8RrnzS4vYY2msNjvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d4:52:a3:6c:5c:99:a8:a5:f5:92:fd:25:c1:35:24:de:3e:e5:
         5b:30:7d:bf:da:04:57:4b:cf:b0:7f:a7:e3:eb:a7:1f:b6:27:
         ae:0b:7e:85:25:fd:26:a8:f9:5d:83:34:8f:ce:95:6b:5e:9e:
         7a:6a:33:63:a5:fd:10:ce:2f:7a:c6:ac:de:44:45:4e:fd:85:
         39:78:84:f5:00:79:aa:40:c8:36:2f:34:74:68:db:b4:cd:bf:
         e9:ae:04:0d:6e:b2:1e:b3:9e:7c:82:63:ac:79:06:3a:f2:d3:
         40:30:1c:6a:61:88:b9:78:15:f5:b4:76:3c:27:57:36:13:10:
         67:75:54:8c:76:f8:20:45:23:4c:9f:fa:af:f9:0d:34:81:60:
         72:50:f7:b2:28:a0:da:f5:03:fd:06:99:b3:ef:02:98:6f:c0:
         31:cf:fd:be:a9:5b:b2:a0:02:9a:5e:6d:d2:3f:11:6d:f0:e3:
         1c:44:4e:25:32:01:bd:68:18:d2:e6:bf:2a:58:72:02:2b:a5:
         50:43:a3:c1:0e:89:c6:32:b8:b3:4b:6c:e7:77:38:9f:25:4a:
         58:7e:8e:9d:05:b4:cb:e2:49:f4:06:45:fe:b0:3e:47:9b:2d:
         e6:d6:bf:b3:77:f9:e1:d9:98:bf:ec:00:c7:06:bf:bb:0d:da:
         35:97:cd:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0uQwYFxef/BsvQiUUh5uE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWRlNTM3NTMwODc0YWYxMWFlN2NkMmUyZjYxOGRhNmIw
ZDhlZmEwHhcNMjYwMzI3MDc0NzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmFkYTNiNzg3NWUyZjViZGM2Y2IyY2ZlODk1MjUzZmVmYjM2MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf2rjB7ojhVl11HC1eD/00FECl3C
HgY+1aBSHNChCCSZZ3eWG7P2vNDgkNcgJR6t0tAZ9dfsZ4RwRGv2phBc7JX83I0u
ahbAFMlWHoQnIWnQSyv+OcR5gPU5449GZEzrtueZ2eexHJUPnA2milTpnCFT/UCP
CemkHRBhVbGke2EoDPbZoOFS5Wfdj39l6gMOFiUIr/1BwPHtaRRIvwg+4L8GnVKs
wwaSsVK+shOSRfe1EvkHo3KsoG8MDzDF5+Dmdu3io5SaeUQjYJBYEI6GWA5PiqNr
gMcSQ7cFgASyI6w8JiYhNa4wFpfaBWFkywq6MGjBfJxX6qY45v2e/7ZYdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDato7eHXi9b3Gyyz+iVJT/vs2I1MB8GA1UdIwQY
MBaAFMQd5TdTCHSvEa580uL2GNprDY76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEIzbE4xTUlkSzhScm56UzR2WVkybXNOanZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yMWFhYzYtYzliOC00ZTg2LWE1Nzgt
OTI2ZDUzNDJjZGRmLzEvTnEyanQ0ZGVMMXZjYkxMUDZKVWxQLS16WWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yMWFhYzYtYzliOC00ZTg2LWE1NzgtOTI2ZDUzNDJjZGRm
LzEveEIzbE4xTUlkSzhScm56UzR2WVkybXNOanZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrsgMA0G
CSqGSIb3DQEBCwUAA4IBAQDUUqNsXJmopfWS/SXBNSTePuVbMH2/2gRXS8+wf6fj
66cftieuC36FJf0mqPldgzSPzpVrXp56ajNjpf0Qzi96xqzeREVO/YU5eIT1AHmq
QMg2LzR0aNu0zb/prgQNbrIes558gmOseQY68tNAMBxqYYi5eBX1tHY8J1c2ExBn
dVSMdvggRSNMn/qv+Q00gWByUPeyKKDa9QP9Bpmz7wKYb8Axz/2+qVuyoAKaXm3S
PxFt8OMcRE4lMgG9aBjS5r8qWHICK6VQQ6PBDonGMrizS2zndzifJUpYfo6dBbTL
4kn0BkX+sD5Hmy3m1r+zd/nh2Zi/7ADHBr+7Ddo1l812
-----END CERTIFICATE-----