Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9E36hPHEge2H7tnSFgMY70eBkDQ.roa
File:                     9E36hPHEge2H7tnSFgMY70eBkDQ.roa (raw, json)
Hash identifier:          CvVBD9lqvKPasRK+HzeD16uXiR6Bn5Y4os+kulJOWig=
Subject key identifier:   F4:4D:FA:84:F1:C4:81:ED:87:EE:D9:D2:16:03:18:EF:47:81:90:34
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019D2F8377A1C7CF81C0FDF75EDAE5BD2CFE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9E36hPHEge2H7tnSFgMY70eBkDQ.roa
Signing time:             Fri 27 Mar 2026 13:37:17 +0000
ROA not before:           Fri 27 Mar 2026 13:37:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202294
IP address blocks:        185.227.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:83:77:a1:c7:cf:81:c0:fd:f7:5e:da:e5:bd:2c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 27 13:37:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f44dfa84f1c481ed87eed9d2160318ef47819034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:45:bc:b2:e8:12:db:b4:b8:92:e5:d6:c0:ec:
                    f6:d8:8c:10:04:4e:24:35:7c:10:99:30:8d:86:34:
                    1d:f3:e0:67:70:ff:85:a0:5e:43:86:f3:4b:e4:d3:
                    68:50:da:39:18:af:e6:cd:99:86:e7:fa:56:be:12:
                    61:13:14:27:8d:e6:a8:41:af:c0:b4:8b:fb:fa:0a:
                    7c:5e:5a:e4:3b:f5:4a:52:10:f7:f5:e0:db:d6:42:
                    8f:03:ad:a4:96:9d:fb:94:c2:79:a0:cf:3d:c4:14:
                    45:0d:b8:eb:82:16:fb:df:65:e6:22:e0:24:0d:72:
                    72:8b:f6:9b:be:94:a7:d7:e2:6d:86:47:16:53:3f:
                    42:28:d1:8a:87:36:39:6a:9b:57:94:eb:3e:68:8e:
                    91:95:e1:7c:32:64:0a:ec:f1:10:8f:60:21:cc:97:
                    e5:62:20:d7:f1:3b:32:6e:ee:39:0d:dc:63:3f:c4:
                    cb:67:8f:ef:e0:8d:06:44:ff:41:c3:df:8f:76:74:
                    b9:eb:84:4b:03:9f:93:fc:67:44:23:9a:92:fc:06:
                    0c:c5:87:61:23:24:0e:44:17:a7:07:25:34:ea:66:
                    d6:04:5a:cd:6f:ce:be:83:71:22:8a:ba:91:1e:68:
                    47:80:32:88:90:9e:7e:25:e4:2f:0b:47:40:84:a1:
                    e5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4D:FA:84:F1:C4:81:ED:87:EE:D9:D2:16:03:18:EF:47:81:90:34
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9E36hPHEge2H7tnSFgMY70eBkDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:c9:27:57:8c:a8:d0:d5:ea:55:26:ba:46:b2:18:d5:c3:f2:
         89:82:fe:1d:f0:bb:86:c6:78:00:a9:9c:ba:5d:9d:f1:dd:86:
         e6:d6:d2:1a:40:5c:de:f5:95:79:68:a3:64:4d:30:3f:ee:8c:
         32:be:75:42:50:97:6c:f1:c7:c2:4a:09:f7:5f:89:38:85:95:
         43:14:e8:e9:9c:22:54:17:a2:12:06:5b:1d:94:b6:7b:72:98:
         5d:59:18:ad:21:e8:30:72:76:3c:31:10:d1:7b:06:42:52:8a:
         d8:60:e7:0f:e9:47:6e:19:be:5f:80:39:61:74:6b:37:44:05:
         89:69:7c:82:35:92:53:bd:cc:1b:fb:46:ad:92:73:f0:26:52:
         bf:98:07:58:b1:79:5f:7d:b3:bc:a2:67:b6:55:1f:db:ef:ae:
         59:76:e7:1e:78:75:43:e8:a4:f5:b8:5d:0a:a5:52:67:0d:ce:
         9b:3b:15:4c:58:e4:92:c0:a9:4b:59:e1:fa:4d:45:9d:fb:45:
         dc:b8:1a:82:84:c7:fa:e1:55:31:6c:00:b0:14:72:3e:15:97:
         a1:fd:07:1e:b3:3f:71:88:3f:30:68:4d:55:67:c7:07:29:13:
         c0:ac:22:27:1d:ed:4a:25:dc:ad:44:6f:16:ac:cb:4c:f2:23:
         32:92:f8:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0vg3ehx8+BwP33XtrlvSz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMzI3MTMzNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRkZmE4NGYxYzQ4MWVkODdlZWQ5ZDIxNjAzMThlZjQ3ODE5MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUW8sugS27S4kuXWwOz22IwQBE4k
NXwQmTCNhjQd8+BncP+FoF5DhvNL5NNoUNo5GK/mzZmG5/pWvhJhExQnjeaoQa/A
tIv7+gp8XlrkO/VKUhD39eDb1kKPA62klp37lMJ5oM89xBRFDbjrghb732XmIuAk
DXJyi/abvpSn1+JthkcWUz9CKNGKhzY5aptXlOs+aI6RleF8MmQK7PEQj2AhzJfl
YiDX8Tsybu45DdxjP8TLZ4/v4I0GRP9Bw9+PdnS564RLA5+T/GdEI5qS/AYMxYdh
IyQORBenByU06mbWBFrNb86+g3EiirqRHmhHgDKIkJ5+JeQvC0dAhKHlBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRN+oTxxIHth+7Z0hYDGO9HgZA0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOUUzNmhQSEVnZTJIN3RuU0ZnTVk3MGVCa0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueNIMA0G
CSqGSIb3DQEBCwUAA4IBAQAiySdXjKjQ1epVJrpGshjVw/KJgv4d8LuGxngAqZy6
XZ3x3Ybm1tIaQFze9ZV5aKNkTTA/7owyvnVCUJds8cfCSgn3X4k4hZVDFOjpnCJU
F6ISBlsdlLZ7cphdWRitIegwcnY8MRDRewZCUorYYOcP6UduGb5fgDlhdGs3RAWJ
aXyCNZJTvcwb+0atknPwJlK/mAdYsXlffbO8ome2VR/b765ZduceeHVD6KT1uF0K
pVJnDc6bOxVMWOSSwKlLWeH6TUWd+0XcuBqChMf64VUxbACwFHI+FZeh/Qcesz9x
iD8waE1VZ8cHKRPArCInHe1KJdytRG8WrMtM8iMykvj/
-----END CERTIFICATE-----