Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jY5_LfUBaqZJ8gNjzWV5iGGV0sI.roa
File:                     jY5_LfUBaqZJ8gNjzWV5iGGV0sI.roa (raw, json)
Hash identifier:          weRsPMeBEqvnmdUo6XFC+3gjgPKFP+nJEku4rPvf5Ho=
Subject key identifier:   8D:8E:7F:2D:F5:01:6A:A6:49:F2:03:63:CD:65:79:88:61:95:D2:C2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019D4328759CF50691B5A320F6D4E6BCABA8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jY5_LfUBaqZJ8gNjzWV5iGGV0sI.roa
Signing time:             Tue 31 Mar 2026 09:10:17 +0000
ROA not before:           Tue 31 Mar 2026 09:10:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200506
IP address blocks:        84.245.29.0/24 maxlen: 24
                          87.101.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:28:75:9c:f5:06:91:b5:a3:20:f6:d4:e6:bc:ab:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 31 09:10:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d8e7f2df5016aa649f20363cd6579886195d2c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:30:b4:c2:d3:38:ce:18:6f:94:09:84:bd:33:
                    83:d7:9d:ff:bb:1d:3d:f2:8c:e1:5f:e5:31:06:58:
                    8d:9b:d5:77:a5:f0:9f:27:cf:71:e7:34:59:e5:2a:
                    23:eb:51:cb:d2:8c:2d:13:56:49:68:c3:fa:f7:d1:
                    aa:bf:81:18:37:c0:d1:3d:90:17:8c:c9:76:e4:0f:
                    1e:ad:57:dc:48:07:4d:ac:4e:37:37:1b:9f:3b:19:
                    99:f3:c2:ee:f8:ee:50:0b:4a:c2:cc:ac:43:3e:85:
                    dc:57:76:5b:e9:a6:1e:9f:82:22:22:80:b0:8f:61:
                    bb:c1:d8:5a:03:f3:ff:26:84:dd:88:01:13:63:d5:
                    85:54:01:7d:f0:6e:5f:cd:11:45:21:f0:2e:d9:8f:
                    cb:52:3a:9c:3a:f2:3d:22:46:b9:e3:44:74:b8:1b:
                    5b:3a:a6:33:2a:32:fa:1a:6e:42:d4:08:e7:e0:8a:
                    d6:2f:fe:aa:56:92:e3:bd:cb:c2:d5:b2:67:8b:74:
                    b4:30:4a:a7:39:15:e9:9e:c3:7b:4d:99:1b:24:88:
                    c4:f6:51:bb:a8:a1:21:4f:50:a2:54:e2:f4:48:7d:
                    86:05:4f:32:a9:63:f8:c8:21:19:02:c5:56:91:05:
                    0c:d3:34:80:29:48:7b:ee:47:71:38:a0:86:c5:08:
                    f3:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8E:7F:2D:F5:01:6A:A6:49:F2:03:63:CD:65:79:88:61:95:D2:C2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jY5_LfUBaqZJ8gNjzWV5iGGV0sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.245.29.0/24
                  87.101.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:cc:fb:cf:aa:0e:e8:60:02:48:86:45:1e:69:16:b0:9d:d1:
         c8:b1:da:a2:a3:d7:ec:57:0f:44:05:80:d5:82:08:82:47:b3:
         58:f8:37:19:fc:e2:3f:d3:ce:9c:f7:b0:e9:80:45:c5:de:86:
         8a:bf:87:53:d6:08:dd:0e:ef:4a:28:c9:df:b0:11:3f:0f:4f:
         87:0b:c1:93:57:5e:5d:b6:e8:51:f2:2f:93:8d:e8:1e:31:85:
         2c:f3:49:c4:89:ae:96:29:86:f4:15:81:b2:2d:32:ae:c9:2f:
         e3:f1:bb:93:d7:c1:03:64:9a:73:aa:6e:4f:b6:9d:74:d3:61:
         9f:03:c9:5d:89:48:7e:cb:32:30:5f:d9:d6:1f:30:3c:df:8f:
         c8:27:cb:6e:2f:03:26:31:a7:4e:96:d4:ed:2f:ad:68:80:8e:
         0b:6a:b7:49:6e:bb:b3:a4:06:e6:b4:ce:8e:2f:8e:e9:9d:41:
         23:cf:27:fc:ea:1b:99:18:a1:a8:b9:30:18:01:c4:d1:3d:83:
         63:ad:75:71:78:32:1c:86:d9:2c:bb:cb:a8:8b:55:29:d0:5b:
         39:2c:53:44:13:cd:7e:c6:7f:09:2d:ee:65:8b:92:d0:9c:03:
         27:f9:83:96:67:a5:9d:2b:34:22:07:7a:11:c8:9b:e7:ed:c5:
         a2:87:1a:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1DKHWc9QaRtaMg9tTmvKuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMzMxMDkxMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDhlN2YyZGY1MDE2YWE2NDlmMjAzNjNjZDY1Nzk4ODYxOTVkMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTC0wtM4zhhvlAmEvTOD153/ux09
8ozhX+UxBliNm9V3pfCfJ89x5zRZ5Soj61HL0owtE1ZJaMP699Gqv4EYN8DRPZAX
jMl25A8erVfcSAdNrE43NxufOxmZ88Lu+O5QC0rCzKxDPoXcV3Zb6aYen4IiIoCw
j2G7wdhaA/P/JoTdiAETY9WFVAF98G5fzRFFIfAu2Y/LUjqcOvI9Ika540R0uBtb
OqYzKjL6Gm5C1Ajn4IrWL/6qVpLjvcvC1bJni3S0MEqnORXpnsN7TZkbJIjE9lG7
qKEhT1CiVOL0SH2GBU8yqWP4yCEZAsVWkQUM0zSAKUh77kdxOKCGxQjzRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI2Ofy31AWqmSfIDY81leYhhldLCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvalk1X0xmVUJhcVpKOGdOanpXVjVpR0dWMHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPUdAwQA
V2UCMA0GCSqGSIb3DQEBCwUAA4IBAQBGzPvPqg7oYAJIhkUeaRawndHIsdqio9fs
Vw9EBYDVggiCR7NY+DcZ/OI/086c97DpgEXF3oaKv4dT1gjdDu9KKMnfsBE/D0+H
C8GTV15dtuhR8i+TjegeMYUs80nEia6WKYb0FYGyLTKuyS/j8buT18EDZJpzqm5P
tp1002GfA8ldiUh+yzIwX9nWHzA834/IJ8tuLwMmMadOltTtL61ogI4LardJbruz
pAbmtM6OL47pnUEjzyf86huZGKGouTAYAcTRPYNjrXVxeDIchtksu8uoi1Up0Fs5
LFNEE81+xn8JLe5li5LQnAMn+YOWZ6WdKzQiB3oRyJvn7cWihxrx
-----END CERTIFICATE-----