Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NNK9R7yF6XrFwMG8nuM3r4JWCV4.roa
File:                     NNK9R7yF6XrFwMG8nuM3r4JWCV4.roa (raw, json)
Hash identifier:          9ZUvYzRXn0Klpg5dQm6gHdmQvA0GHc1xDFASadUC4cY=
Subject key identifier:   34:D2:BD:47:BC:85:E9:7A:C5:C0:C1:BC:9E:E3:37:AF:82:56:09:5E
Certificate issuer:       /CN=36d6044966c57439aaf520310885f81d45275b2a
Certificate serial:       019E4DBF9D90488AF4E41FFDA16D568FE99A
Authority key identifier: 36:D6:04:49:66:C5:74:39:AA:F5:20:31:08:85:F8:1D:45:27:5B:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NNK9R7yF6XrFwMG8nuM3r4JWCV4.roa
Signing time:             Fri 22 May 2026 03:34:23 +0000
ROA not before:           Fri 22 May 2026 03:34:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        134.168.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4d:bf:9d:90:48:8a:f4:e4:1f:fd:a1:6d:56:8f:e9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36d6044966c57439aaf520310885f81d45275b2a
        Validity
            Not Before: May 22 03:34:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34d2bd47bc85e97ac5c0c1bc9ee337af8256095e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9d:b0:53:8c:7b:08:37:ef:4a:51:d3:e9:a7:
                    bb:f9:76:e9:be:47:ca:e0:66:b8:c7:33:84:03:60:
                    c5:e7:c2:5b:0c:3f:29:09:5d:a2:31:f5:26:e0:55:
                    d2:e5:72:65:96:60:51:3d:70:3f:1b:a7:7a:79:aa:
                    27:5b:1d:e1:1d:4d:67:84:84:f1:27:34:c6:b0:b8:
                    0b:98:49:de:58:d0:3f:42:e1:66:11:f7:34:36:30:
                    f6:87:e3:b8:90:13:c9:4c:d7:93:33:b6:8f:ae:d7:
                    77:97:47:f4:14:59:19:04:c9:17:57:a3:58:52:13:
                    e2:82:75:40:36:83:82:d2:54:00:bd:70:62:9d:ec:
                    ec:e0:72:0b:7f:b1:c2:fb:49:ce:4c:16:36:20:41:
                    67:7b:a1:c8:9b:21:6d:cd:df:2d:a8:57:62:6a:47:
                    0f:25:43:cc:ad:98:72:db:4f:dd:28:e3:04:61:ad:
                    b4:92:6b:01:9b:cd:f0:2f:a7:96:80:61:ee:cd:fa:
                    f2:e1:ae:89:9c:59:45:80:74:c5:f7:31:04:53:26:
                    ff:84:3a:9f:0c:f7:43:5c:59:61:2d:45:79:08:c7:
                    f4:f6:db:e7:8c:1b:c4:ab:e3:1d:e2:b7:24:22:f6:
                    3b:5f:33:e9:81:30:fb:a8:a5:fb:6c:1a:5a:ed:23:
                    91:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D2:BD:47:BC:85:E9:7A:C5:C0:C1:BC:9E:E3:37:AF:82:56:09:5E
            X509v3 Authority Key Identifier:
                keyid:36:D6:04:49:66:C5:74:39:AA:F5:20:31:08:85:F8:1D:45:27:5B:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NtYESWbFdDmq9SAxCIX4HUUnWyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NNK9R7yF6XrFwMG8nuM3r4JWCV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/0543e3-1bf0-4db3-b01e-a1d6054350d2/1/NtYESWbFdDmq9SAxCIX4HUUnWyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.168.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:17:e8:7a:af:5d:a3:67:19:e1:d8:54:2e:ae:e3:c8:fe:76:
         44:6f:e5:bf:3d:cf:ec:37:cb:95:10:1d:0a:0d:cb:1d:19:32:
         f1:ba:ca:62:85:b6:d1:5a:37:67:41:d4:ae:de:15:f2:ed:2e:
         f7:66:70:97:a4:3a:2c:f0:50:e4:c6:02:45:9f:18:d6:d3:0b:
         7d:2d:0e:48:e7:db:50:91:53:47:f8:49:cf:b3:83:0c:05:38:
         42:2c:cb:ed:8b:13:db:be:f7:ed:a2:da:1a:65:38:3e:e4:7a:
         44:5a:8e:21:a8:bf:74:32:35:79:9a:7d:1c:1c:e1:d9:f1:10:
         2a:0d:88:a4:50:f6:86:46:9f:6a:30:4e:2c:cf:96:4e:e5:f9:
         90:e5:4a:2d:b2:ac:fb:84:d7:9b:70:25:03:8b:00:0e:da:ed:
         9a:05:48:52:82:92:fd:f0:08:c4:87:e6:22:15:9a:10:1d:1a:
         1c:6c:1e:e4:47:20:5c:c3:5c:d1:32:80:67:19:40:c0:65:05:
         1f:5e:88:7b:bd:59:45:1c:57:5e:d2:b5:2e:d9:62:bb:f5:fe:
         59:fc:c0:86:b2:35:6e:cf:5b:f3:13:21:89:0b:9a:84:96:21:
         38:df:31:84:36:f2:c6:fe:0a:e8:32:89:77:47:b5:93:6a:c6:
         00:ac:bf:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Nv52QSIr05B/9oW1Wj+maMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZDYwNDQ5NjZjNTc0MzlhYWY1MjAzMTA4ODVmODFkNDUy
NzViMmEwHhcNMjYwNTIyMDMzNDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQyYmQ0N2JjODVlOTdhYzVjMGMxYmM5ZWUzMzdhZjgyNTYwOTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2wU4x7CDfvSlHT6ae7+XbpvkfK
4Ga4xzOEA2DF58JbDD8pCV2iMfUm4FXS5XJllmBRPXA/G6d6eaonWx3hHU1nhITx
JzTGsLgLmEneWNA/QuFmEfc0NjD2h+O4kBPJTNeTM7aPrtd3l0f0FFkZBMkXV6NY
UhPignVANoOC0lQAvXBinezs4HILf7HC+0nOTBY2IEFne6HImyFtzd8tqFdiakcP
JUPMrZhy20/dKOMEYa20kmsBm83wL6eWgGHuzfry4a6JnFlFgHTF9zEEUyb/hDqf
DPdDXFlhLUV5CMf09tvnjBvEq+Md4rckIvY7XzPpgTD7qKX7bBpa7SORDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTSvUe8hel6xcDBvJ7jN6+CVgleMB8GA1UdIwQY
MBaAFDbWBElmxXQ5qvUgMQiF+B1FJ1sqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnRZRVNXYkZkRG1xOVNBeENJWDRIVVVuV3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8wNTQzZTMtMWJmMC00ZGIzLWIwMWUt
YTFkNjA1NDM1MGQyLzEvTk5LOVI3eUY2WHJGd01HOG51TTNyNEpXQ1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8wNTQzZTMtMWJmMC00ZGIzLWIwMWUtYTFkNjA1NDM1MGQy
LzEvTnRZRVNXYkZkRG1xOVNBeENJWDRIVVVuV3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDhqjoMA0G
CSqGSIb3DQEBCwUAA4IBAQCMF+h6r12jZxnh2FQuruPI/nZEb+W/Pc/sN8uVEB0K
DcsdGTLxuspihbbRWjdnQdSu3hXy7S73ZnCXpDos8FDkxgJFnxjW0wt9LQ5I59tQ
kVNH+EnPs4MMBThCLMvtixPbvvftotoaZTg+5HpEWo4hqL90MjV5mn0cHOHZ8RAq
DYikUPaGRp9qME4sz5ZO5fmQ5Uotsqz7hNebcCUDiwAO2u2aBUhSgpL98AjEh+Yi
FZoQHRocbB7kRyBcw1zRMoBnGUDAZQUfXoh7vVlFHFde0rUu2WK79f5Z/MCGsjVu
z1vzEyGJC5qEliE43zGENvLG/groMol3R7WTasYArL/v
-----END CERTIFICATE-----