Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZZN0MLqpC7psKDgu6Ifwc90iXQ.roa
File:                     NZZN0MLqpC7psKDgu6Ifwc90iXQ.roa (raw, json)
Hash identifier:          JD+iRIo7zucs4eWoPnrPu3Wo+DBisR3KDp0r2/gQe3Q=
Subject key identifier:   35:96:4D:D0:C2:EA:A4:2E:E9:B0:A0:E0:BB:A2:1F:C1:CF:74:89:74
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E2BD7C80ECC12897769BDF3A52253
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZZN0MLqpC7psKDgu6Ifwc90iXQ.roa
Signing time:             Tue 26 May 2026 07:44:39 +0000
ROA not before:           Tue 26 May 2026 07:44:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:2b:d7:c8:0e:cc:12:89:77:69:bd:f3:a5:22:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35964dd0c2eaa42ee9b0a0e0bba21fc1cf748974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:5f:f2:e9:6f:2e:9f:af:df:96:4c:a5:96:aa:
                    94:d4:3d:bb:0f:2e:f9:64:98:a4:64:af:1a:d4:36:
                    29:67:fc:0c:92:c0:7d:0d:ed:4d:08:82:d4:2f:1d:
                    5d:11:a9:46:e8:bf:ed:7d:94:63:68:c5:d0:eb:f1:
                    4a:3e:44:56:ff:93:f9:29:a5:24:51:3b:77:a5:6a:
                    f0:26:25:69:07:83:69:f7:4a:e6:39:f6:da:a7:25:
                    1f:88:ea:db:49:a5:1b:dc:74:68:af:d0:d2:f2:d1:
                    22:8e:16:73:0f:83:aa:e0:fe:0a:2b:2b:aa:0a:b8:
                    17:08:46:f6:6e:4d:28:98:e9:60:5e:83:63:1d:e9:
                    8d:e7:33:43:09:c4:3f:a7:d8:bf:35:67:5c:b0:6f:
                    2e:8c:34:9a:99:d3:6a:ff:0c:43:39:79:6d:0f:3f:
                    d7:27:ca:b0:bb:55:46:3a:8a:01:17:8e:e3:13:29:
                    4f:43:38:b6:8d:47:e4:c6:d4:ba:57:34:c3:86:bd:
                    08:10:b2:a4:e3:22:fb:7f:7c:f5:d2:72:1a:e6:76:
                    47:ba:8b:e6:e2:5e:8f:e7:57:d1:dc:59:86:10:ba:
                    09:08:4c:19:b5:9f:79:0d:d4:52:09:5f:6f:59:6a:
                    f1:c1:b5:ee:55:e5:31:74:1e:51:b4:44:f7:c2:95:
                    cd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:96:4D:D0:C2:EA:A4:2E:E9:B0:A0:E0:BB:A2:1F:C1:CF:74:89:74
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZZN0MLqpC7psKDgu6Ifwc90iXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:0d:09:c7:c5:29:5a:7c:ee:ee:05:89:44:1a:e1:e6:29:70:
         fc:48:87:20:55:f5:2e:04:e9:94:8b:44:21:64:59:a1:32:87:
         1e:3c:15:be:a0:4d:df:99:97:b8:44:7a:60:cb:93:5e:77:21:
         2a:c7:34:03:35:d0:a8:d2:47:95:c2:2d:44:ec:1d:bb:ac:08:
         e6:3d:f5:50:89:c7:98:28:7a:e5:59:64:38:16:be:21:00:cc:
         6c:3b:6a:74:e7:be:87:d3:d4:1a:e4:c7:64:02:d4:fc:ac:e3:
         a9:9c:1e:0b:14:bb:08:d5:69:a8:9c:c3:47:0d:93:2e:b8:3e:
         91:d3:f9:b4:84:14:55:19:65:fb:04:fe:72:55:4f:6a:68:74:
         86:bf:b7:bb:86:19:e6:a7:05:c7:ed:f2:b3:a7:2c:02:1f:c1:
         10:c7:bd:40:a2:0a:e5:20:6c:6a:6b:7b:aa:fc:f5:9e:8e:2d:
         19:bb:e0:50:bf:18:0f:b2:b7:bf:1f:d2:83:af:47:e6:74:fa:
         4d:5b:b4:10:1d:9c:52:b6:09:72:7e:60:cd:9e:4a:70:2c:58:
         da:f8:41:97:ed:dd:63:6d:3c:52:cd:b1:d1:cf:6a:e3:46:f1:
         0f:29:22:20:b0:b0:9d:77:3c:73:2b:14:51:64:7d:41:94:86:
         27:c5:f6:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPivXyA7MEol3ab3zpSJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk2NGRkMGMyZWFhNDJlZTliMGEwZTBiYmEyMWZjMWNmNzQ4OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA81/y6W8un6/flkyllqqU1D27Dy75
ZJikZK8a1DYpZ/wMksB9De1NCILULx1dEalG6L/tfZRjaMXQ6/FKPkRW/5P5KaUk
UTt3pWrwJiVpB4Np90rmOfbapyUfiOrbSaUb3HRor9DS8tEijhZzD4Oq4P4KKyuq
CrgXCEb2bk0omOlgXoNjHemN5zNDCcQ/p9i/NWdcsG8ujDSamdNq/wxDOXltDz/X
J8qwu1VGOooBF47jEylPQzi2jUfkxtS6VzTDhr0IELKk4yL7f3z10nIa5nZHuovm
4l6P51fR3FmGELoJCEwZtZ95DdRSCV9vWWrxwbXuVeUxdB5RtET3wpXN9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWWTdDC6qQu6bCg4LuiH8HPdIl0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlpaTjBNTHFwQzdwc0tEZ3U2SWZ3YzkwaVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnzMA0G
CSqGSIb3DQEBCwUAA4IBAQBTDQnHxSlafO7uBYlEGuHmKXD8SIcgVfUuBOmUi0Qh
ZFmhMocePBW+oE3fmZe4RHpgy5NedyEqxzQDNdCo0keVwi1E7B27rAjmPfVQiceY
KHrlWWQ4Fr4hAMxsO2p0576H09Qa5MdkAtT8rOOpnB4LFLsI1WmonMNHDZMuuD6R
0/m0hBRVGWX7BP5yVU9qaHSGv7e7hhnmpwXH7fKzpywCH8EQx71AogrlIGxqa3uq
/PWeji0Zu+BQvxgPsre/H9KDr0fmdPpNW7QQHZxStglyfmDNnkpwLFja+EGX7d1j
bTxSzbHRz2rjRvEPKSIgsLCddzxzKxRRZH1BlIYnxfaI
-----END CERTIFICATE-----