Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nRBOvs5ffZyO4dCPJHVkLzaq_Ko.roa
File:                     nRBOvs5ffZyO4dCPJHVkLzaq_Ko.roa (raw, json)
Hash identifier:          JPieQFW1TwCvvtX/ePnZu9Rr8SR0Vdpyi82evzt8wQg=
Subject key identifier:   9D:10:4E:BE:CE:5F:7D:9C:8E:E1:D0:8F:24:75:64:2F:36:AA:FC:AA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D67792C1997F577E97716B55C037C97FA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nRBOvs5ffZyO4dCPJHVkLzaq_Ko.roa
Signing time:             Tue 07 Apr 2026 10:24:47 +0000
ROA not before:           Tue 07 Apr 2026 10:24:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        81.168.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:79:2c:19:97:f5:77:e9:77:16:b5:5c:03:7c:97:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  7 10:24:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d104ebece5f7d9c8ee1d08f2475642f36aafcaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dd:e7:d8:5e:e0:e9:9a:94:ae:88:f8:1f:bf:
                    37:dc:bb:9c:77:79:fd:47:26:80:2a:53:8d:ae:f3:
                    bb:e3:80:bc:ec:d4:84:2e:20:87:82:c9:55:ac:8b:
                    e8:bd:e2:8a:9c:a1:01:4f:e6:e0:2e:16:d4:26:f4:
                    e6:66:44:52:bb:5b:7a:bc:ae:fe:e8:03:54:33:51:
                    4e:85:b2:58:a2:d8:9f:1c:8e:d9:12:08:47:4d:b4:
                    06:d8:aa:cb:96:ff:88:66:39:0c:8d:68:37:ef:b4:
                    d5:76:cc:10:93:74:cf:76:46:8f:d7:17:8b:6a:a3:
                    02:86:6c:6b:97:26:e1:bb:3f:87:14:5d:92:70:26:
                    0e:2d:9f:dc:ad:85:fa:33:98:3a:e3:2f:c4:b2:71:
                    12:a2:4c:c4:ef:ca:47:6c:c9:a8:4e:8c:7d:30:8f:
                    4e:95:57:78:20:54:e8:89:a7:89:1a:f5:d9:f3:5d:
                    ed:0a:8f:65:eb:8e:53:fe:97:2b:48:3d:68:08:17:
                    76:8d:b7:fd:2d:b6:9c:be:de:f5:c3:f4:b2:92:a3:
                    cc:e3:8a:25:63:54:59:80:88:fc:35:bc:05:1e:e4:
                    fa:72:0f:eb:c7:04:18:17:74:7c:6c:63:85:84:d4:
                    20:69:bb:08:c7:c2:d8:d7:c9:97:04:de:84:41:fc:
                    4f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:10:4E:BE:CE:5F:7D:9C:8E:E1:D0:8F:24:75:64:2F:36:AA:FC:AA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nRBOvs5ffZyO4dCPJHVkLzaq_Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:18:9e:17:ea:92:b4:84:c9:72:3d:a0:10:de:57:31:f5:b0:
         75:e9:ae:df:20:7a:f8:85:ff:d6:06:94:56:50:3b:38:e6:83:
         c1:21:b6:a9:7e:4c:06:a2:b2:d8:e5:25:f7:f0:b1:e9:40:a0:
         53:10:30:61:21:56:cf:7c:23:6c:31:ea:b3:ce:b8:51:0b:d5:
         29:9b:a3:f6:95:54:8d:db:5b:ef:03:ba:4c:9b:be:9c:de:b4:
         a7:63:23:e6:00:37:fd:05:e7:68:64:f2:e8:34:dc:ea:81:1e:
         ee:4d:7c:92:49:e4:3d:b1:cc:6b:48:a1:ff:96:13:75:5f:d9:
         6c:55:f3:f3:91:85:33:43:62:57:2f:c9:06:13:e9:75:c8:08:
         c2:a3:4c:44:d6:c5:d1:1f:48:76:4e:0a:0c:3a:4e:25:b9:1b:
         53:c5:73:a2:ac:8b:87:e9:a4:e1:cc:8f:9a:00:85:8d:84:3c:
         12:5d:cd:fd:5d:0e:51:c6:75:9f:1b:1f:80:d8:85:3f:fd:30:
         f7:fe:4f:a7:d3:e9:11:4e:22:4c:ea:55:f9:32:37:6c:8a:cd:
         e1:21:5e:ab:92:6e:1e:85:b6:59:5c:64:df:1c:50:0e:4c:e7:
         04:0a:47:a1:df:60:07:a8:26:e7:12:9c:d3:e1:50:6f:b4:85:
         57:32:b3:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1neSwZl/V36XcWtVwDfJf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA3MTAyNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDEwNGViZWNlNWY3ZDljOGVlMWQwOGYyNDc1NjQyZjM2YWFmY2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw93n2F7g6ZqUroj4H7833Lucd3n9
RyaAKlONrvO744C87NSELiCHgslVrIvoveKKnKEBT+bgLhbUJvTmZkRSu1t6vK7+
6ANUM1FOhbJYotifHI7ZEghHTbQG2KrLlv+IZjkMjWg377TVdswQk3TPdkaP1xeL
aqMChmxrlybhuz+HFF2ScCYOLZ/crYX6M5g64y/EsnESokzE78pHbMmoTox9MI9O
lVd4IFToiaeJGvXZ813tCo9l645T/pcrSD1oCBd2jbf9Lbacvt71w/SykqPM44ol
Y1RZgIj8NbwFHuT6cg/rxwQYF3R8bGOFhNQgabsIx8LY18mXBN6EQfxPYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0QTr7OX32cjuHQjyR1ZC82qvyqMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvblJCT3ZzNWZmWnlPNGRDUEpIVmtMemFxX0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagUMA0G
CSqGSIb3DQEBCwUAA4IBAQAOGJ4X6pK0hMlyPaAQ3lcx9bB16a7fIHr4hf/WBpRW
UDs45oPBIbapfkwGorLY5SX38LHpQKBTEDBhIVbPfCNsMeqzzrhRC9Upm6P2lVSN
21vvA7pMm76c3rSnYyPmADf9BedoZPLoNNzqgR7uTXySSeQ9scxrSKH/lhN1X9ls
VfPzkYUzQ2JXL8kGE+l1yAjCo0xE1sXRH0h2TgoMOk4luRtTxXOirIuH6aThzI+a
AIWNhDwSXc39XQ5RxnWfGx+A2IU//TD3/k+n0+kRTiJM6lX5Mjdsis3hIV6rkm4e
hbZZXGTfHFAOTOcECkeh32AHqCbnEpzT4VBvtIVXMrN1
-----END CERTIFICATE-----