Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/n0qiojX0rC0ncem-CvEgB_ZeZck.roa
File:                     n0qiojX0rC0ncem-CvEgB_ZeZck.roa (raw, json)
Hash identifier:          SdlqN0TiXpbcvGKUuvnul1FeFs7ZcfNLH+ThYb4mc7I=
Subject key identifier:   9F:4A:A2:A2:35:F4:AC:2D:27:71:E9:BE:0A:F1:20:07:F6:5E:65:C9
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019E68CCB81EE788E290ECE74611FC0932F5
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/n0qiojX0rC0ncem-CvEgB_ZeZck.roa
Signing time:             Wed 27 May 2026 09:38:27 +0000
ROA not before:           Wed 27 May 2026 09:38:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197268
IP address blocks:        85.142.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:cc:b8:1e:e7:88:e2:90:ec:e7:46:11:fc:09:32:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: May 27 09:38:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f4aa2a235f4ac2d2771e9be0af12007f65e65c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:51:b9:49:5e:59:c8:48:36:28:4d:1a:52:76:
                    6c:12:78:e6:56:10:60:2e:3a:6e:56:fa:f3:c7:d5:
                    e6:bf:c3:d5:bd:0b:2a:b6:8b:d7:4f:91:95:af:35:
                    42:c1:d2:01:f5:0a:d5:b5:12:72:ce:33:2e:f9:7e:
                    c8:c7:68:37:27:5a:f7:97:14:b4:10:4e:2f:40:04:
                    77:2a:99:dc:e6:ff:6b:76:65:ab:9c:1c:33:70:c1:
                    dc:d3:13:b4:d5:9b:3d:24:37:38:52:30:20:c3:27:
                    ff:19:b3:5c:ee:3a:4c:c7:59:87:d5:08:53:64:84:
                    3c:d2:7f:99:70:81:3c:a0:05:20:1f:1b:8f:a4:9e:
                    cd:1d:24:36:74:c6:a9:1f:39:35:59:a0:16:7e:c0:
                    b4:ba:6e:7f:ee:56:9d:6a:d3:0f:3d:b3:12:49:24:
                    ee:e0:48:2a:4f:a9:6c:28:a6:e4:f4:d1:c2:70:44:
                    24:44:f9:0c:cf:f1:0b:da:fa:8b:1e:0c:e8:57:79:
                    d8:c9:e4:4b:34:b1:1f:05:54:9c:79:17:f2:df:2d:
                    b1:a3:b2:ea:8e:bd:73:3d:29:64:02:c9:eb:00:7b:
                    42:6f:9d:6f:3d:86:4f:70:2d:cd:71:c1:e2:68:6e:
                    66:7f:40:57:d2:0f:d5:7b:96:e6:b4:0b:12:1c:e1:
                    9e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4A:A2:A2:35:F4:AC:2D:27:71:E9:BE:0A:F1:20:07:F6:5E:65:C9
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/n0qiojX0rC0ncem-CvEgB_ZeZck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3c:d2:ff:5b:9f:a8:a7:7d:72:ec:34:50:6f:01:b8:3b:b2:
         25:cd:db:0c:14:79:13:a1:d0:a8:31:ea:a2:96:d8:e8:ee:7f:
         8b:a8:bd:18:2b:ce:94:9a:3f:d5:7c:12:f9:23:9d:5d:1e:78:
         0c:94:04:23:30:27:d8:0d:32:2e:54:c6:52:c1:31:10:9f:c0:
         1f:ab:0a:a1:34:5b:69:f9:55:eb:0b:ac:2a:7f:19:88:05:78:
         d9:5f:2e:8b:e0:4f:de:81:d7:4f:1c:f7:5c:a2:1b:ba:07:c0:
         9b:44:d8:0c:1f:74:b1:02:b2:c0:e8:d9:3e:1e:01:8d:5d:4d:
         b8:61:0e:ca:bd:86:c2:ec:ed:83:09:d7:b2:e6:c4:1c:1a:a9:
         4a:ac:c9:54:ac:df:e4:60:3c:e5:08:cd:24:c9:90:26:62:24:
         32:ed:14:7b:88:cb:85:57:46:08:17:60:0e:f9:91:c9:68:40:
         14:4a:fc:b3:36:e4:8c:48:75:51:da:85:43:b5:5e:5c:4c:77:
         04:20:59:67:db:b8:6f:6f:8f:68:ed:d8:cd:8f:37:66:b0:e9:
         de:bf:03:45:ed:ec:f9:6a:67:c1:b9:74:4b:02:db:0c:fa:17:
         fa:11:89:41:76:f7:0e:22:ae:85:fb:25:82:1e:1a:64:6d:5d:
         11:c0:84:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ozLge54jikOznRhH8CTL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwNTI3MDkzODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRhYTJhMjM1ZjRhYzJkMjc3MWU5YmUwYWYxMjAwN2Y2NWU2NWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1G5SV5ZyEg2KE0aUnZsEnjmVhBg
LjpuVvrzx9Xmv8PVvQsqtovXT5GVrzVCwdIB9QrVtRJyzjMu+X7Ix2g3J1r3lxS0
EE4vQAR3Kpnc5v9rdmWrnBwzcMHc0xO01Zs9JDc4UjAgwyf/GbNc7jpMx1mH1QhT
ZIQ80n+ZcIE8oAUgHxuPpJ7NHSQ2dMapHzk1WaAWfsC0um5/7ladatMPPbMSSSTu
4EgqT6lsKKbk9NHCcEQkRPkMz/EL2vqLHgzoV3nYyeRLNLEfBVSceRfy3y2xo7Lq
jr1zPSlkAsnrAHtCb51vPYZPcC3NccHiaG5mf0BX0g/Ve5bmtAsSHOGe1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9KoqI19KwtJ3HpvgrxIAf2XmXJMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvbjBxaW9qWDByQzBuY2VtLUN2RWdCX1plWmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY72MA0G
CSqGSIb3DQEBCwUAA4IBAQAiPNL/W5+op31y7DRQbwG4O7IlzdsMFHkTodCoMeqi
ltjo7n+LqL0YK86Umj/VfBL5I51dHngMlAQjMCfYDTIuVMZSwTEQn8AfqwqhNFtp
+VXrC6wqfxmIBXjZXy6L4E/egddPHPdcohu6B8CbRNgMH3SxArLA6Nk+HgGNXU24
YQ7KvYbC7O2DCdey5sQcGqlKrMlUrN/kYDzlCM0kyZAmYiQy7RR7iMuFV0YIF2AO
+ZHJaEAUSvyzNuSMSHVR2oVDtV5cTHcEIFln27hvb49o7djNjzdmsOnevwNF7ez5
amfBuXRLAtsM+hf6EYlBdvcOIq6F+yWCHhpkbV0RwIS2
-----END CERTIFICATE-----