Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/N9FFxQDjdWSsDqKRotEMiDNfWM0.roa
File:                     N9FFxQDjdWSsDqKRotEMiDNfWM0.roa (raw, json)
Hash identifier:          JYJSVQnx65soskv06MhEawaexOLV3MdaQKd5cWOTtiM=
Subject key identifier:   37:D1:45:C5:00:E3:75:64:AC:0E:A2:91:A2:D1:0C:88:33:5F:58:CD
Certificate issuer:       /CN=d6ce59c56b1ca1b63026cc29c3e7adcf3414663c
Certificate serial:       019DCED1C2FB5C3B1FB179E3FF469DC8559F
Authority key identifier: D6:CE:59:C5:6B:1C:A1:B6:30:26:CC:29:C3:E7:AD:CF:34:14:66:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/N9FFxQDjdWSsDqKRotEMiDNfWM0.roa
Signing time:             Mon 27 Apr 2026 12:02:26 +0000
ROA not before:           Mon 27 Apr 2026 12:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42
IP address blocks:        194.117.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:d1:c2:fb:5c:3b:1f:b1:79:e3:ff:46:9d:c8:55:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6ce59c56b1ca1b63026cc29c3e7adcf3414663c
        Validity
            Not Before: Apr 27 12:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37d145c500e37564ac0ea291a2d10c88335f58cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:21:58:0c:cc:c5:e0:aa:b0:62:d1:23:53:e4:
                    c7:68:4e:15:8e:76:95:52:20:7c:b5:3d:ae:fb:99:
                    bb:4e:a7:ba:9e:15:e3:7f:db:15:02:ed:25:52:c9:
                    e0:df:8f:31:01:c6:09:bc:11:37:c4:91:23:22:a5:
                    e0:87:85:8b:49:e5:bb:9c:48:31:9d:82:a8:16:85:
                    c8:cb:ea:8f:8e:c3:28:0c:de:db:12:bb:85:83:7c:
                    e6:76:42:02:bd:7d:d5:1a:fa:ad:10:ac:d2:a8:14:
                    e6:db:d9:e4:bc:82:b4:b0:0d:c1:ba:b1:b3:1c:52:
                    04:09:bc:13:7f:4c:42:e4:15:0a:41:ea:48:83:5c:
                    24:f8:1f:58:03:3a:31:57:35:72:e6:c2:43:c1:8e:
                    02:7f:3e:ad:83:80:31:7f:8a:28:48:89:9e:13:0e:
                    34:4c:c3:dd:34:6c:f3:1c:d0:5a:6e:c3:5b:56:43:
                    f9:d2:fb:19:ba:cc:f5:2a:cc:b8:e6:90:60:95:8d:
                    f3:87:29:a1:f2:46:a7:ac:59:00:b4:0b:7c:cc:0b:
                    55:2c:80:11:43:f8:c4:b9:02:a9:86:c3:b5:0e:c7:
                    d1:7e:27:63:c4:5a:39:ef:b7:2d:0a:db:c6:6b:7e:
                    8a:b5:ce:1d:bf:24:69:e1:80:8d:08:bd:08:a0:b4:
                    8b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D1:45:C5:00:E3:75:64:AC:0E:A2:91:A2:D1:0C:88:33:5F:58:CD
            X509v3 Authority Key Identifier:
                keyid:D6:CE:59:C5:6B:1C:A1:B6:30:26:CC:29:C3:E7:AD:CF:34:14:66:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/N9FFxQDjdWSsDqKRotEMiDNfWM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:93:f1:76:c0:85:51:97:ff:0b:1a:f5:9c:3b:b1:2e:b3:37:
         fd:88:d7:fc:a2:fb:15:ce:26:14:47:d8:2b:77:3c:63:46:8b:
         5e:e1:b7:30:f7:21:91:b3:bd:8c:87:26:66:1c:38:d7:24:55:
         d9:c9:45:16:30:22:b4:1c:c3:bc:f9:14:25:ea:fb:c2:b5:e9:
         45:53:28:12:3a:f2:e3:09:67:0c:21:1c:a8:81:47:aa:96:da:
         87:0c:c3:10:29:c3:45:1c:ba:a5:26:56:71:f4:a2:2c:6f:dc:
         1e:98:ab:14:2f:6e:5f:c5:ac:6c:49:7f:c0:dc:99:9b:5f:3e:
         4c:22:2f:de:12:b8:d6:b2:a4:e7:c0:b9:61:ca:9c:52:ba:ba:
         a4:52:ef:4a:02:00:c0:c0:df:e5:9a:1b:18:43:0d:a9:16:ab:
         a3:20:46:39:b4:62:7c:db:1d:09:85:f8:6b:d4:b1:b2:48:7f:
         40:8e:ba:9a:aa:4a:98:6c:37:92:52:13:a7:81:52:f2:57:b5:
         85:ce:63:01:9f:e8:bb:37:17:93:69:5a:8c:0e:21:9f:87:e4:
         30:f4:25:d1:59:e3:e4:08:95:82:bd:61:f5:d8:96:dc:a8:df:
         a9:64:27:a4:e9:54:00:95:90:8a:68:a0:e7:12:7b:9a:65:5e:
         60:c9:aa:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3O0cL7XDsfsXnj/0adyFWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2Y2U1OWM1NmIxY2ExYjYzMDI2Y2MyOWMzZTdhZGNmMzQx
NDY2M2MwHhcNMjYwNDI3MTIwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2QxNDVjNTAwZTM3NTY0YWMwZWEyOTFhMmQxMGM4ODMzNWY1OGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCFYDMzF4KqwYtEjU+THaE4VjnaV
UiB8tT2u+5m7Tqe6nhXjf9sVAu0lUsng348xAcYJvBE3xJEjIqXgh4WLSeW7nEgx
nYKoFoXIy+qPjsMoDN7bEruFg3zmdkICvX3VGvqtEKzSqBTm29nkvIK0sA3BurGz
HFIECbwTf0xC5BUKQepIg1wk+B9YAzoxVzVy5sJDwY4Cfz6tg4Axf4ooSImeEw40
TMPdNGzzHNBabsNbVkP50vsZusz1Ksy45pBglY3zhymh8kanrFkAtAt8zAtVLIAR
Q/jEuQKphsO1DsfRfidjxFo577ctCtvGa36Ktc4dvyRp4YCNCL0IoLSLnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfRRcUA43VkrA6ikaLRDIgzX1jNMB8GA1UdIwQY
MBaAFNbOWcVrHKG2MCbMKcPnrc80FGY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXM1WnhXc2NvYll3SnN3cHctZXR6elFVWmp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9jZWI1NzgtNzFkOC00NDllLWEyYzkt
Yzg1OTYzYzcxOGZiLzEvTjlGRnhRRGpkV1NzRHFLUm90RU1pRE5mV00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9jZWI1NzgtNzFkOC00NDllLWEyYzktYzg1OTYzYzcxOGZi
LzEvMXM1WnhXc2NvYll3SnN3cHctZXR6elFVWmp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnU6MA0G
CSqGSIb3DQEBCwUAA4IBAQAek/F2wIVRl/8LGvWcO7Euszf9iNf8ovsVziYUR9gr
dzxjRote4bcw9yGRs72MhyZmHDjXJFXZyUUWMCK0HMO8+RQl6vvCtelFUygSOvLj
CWcMIRyogUeqltqHDMMQKcNFHLqlJlZx9KIsb9wemKsUL25fxaxsSX/A3JmbXz5M
Ii/eErjWsqTnwLlhypxSurqkUu9KAgDAwN/lmhsYQw2pFqujIEY5tGJ82x0Jhfhr
1LGySH9AjrqaqkqYbDeSUhOngVLyV7WFzmMBn+i7NxeTaVqMDiGfh+Qw9CXRWePk
CJWCvWH12JbcqN+pZCek6VQAlZCKaKDnEnuaZV5gyaqu
-----END CERTIFICATE-----