Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tu1ZEKiSAXsploAIv6uHDkFQWQ0.roa
File:                     tu1ZEKiSAXsploAIv6uHDkFQWQ0.roa (raw, json)
Hash identifier:          ZFCGd7K9x9CG62ATgmQwHjFGseTWygADKyET+eGZS0I=
Subject key identifier:   B6:ED:59:10:A8:92:01:7B:29:96:80:08:BF:AB:87:0E:41:50:59:0D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019DB44225E3D1ADC3C19FE3E659BFF97B00
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tu1ZEKiSAXsploAIv6uHDkFQWQ0.roa
Signing time:             Wed 22 Apr 2026 08:15:27 +0000
ROA not before:           Wed 22 Apr 2026 08:15:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61272
IP address blocks:        82.197.202.0/24 maxlen: 24
                          194.32.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Apr 2026 05:13:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:42:25:e3:d1:ad:c3:c1:9f:e3:e6:59:bf:f9:7b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 22 08:15:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6ed5910a892017b29968008bfab870e4150590d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9d:d1:a4:02:24:dc:88:d3:c5:bc:ce:cf:91:
                    0b:84:4b:73:10:0e:25:a1:4f:ef:6a:97:d8:ce:a4:
                    86:b3:17:e8:4e:a4:4d:0a:d4:79:24:e9:a5:7e:41:
                    e2:c0:8b:d4:b0:0d:27:1e:f2:74:d6:0f:d4:eb:b8:
                    01:0e:71:af:e5:f1:3d:4a:97:cf:ee:dd:86:d5:3b:
                    f1:31:1f:c9:1c:b2:20:53:b2:7b:ab:e5:a0:28:2a:
                    68:0f:08:8c:d7:0f:49:cb:5f:f1:13:21:70:51:e0:
                    06:90:e2:a8:7f:f9:e9:1a:61:58:29:16:98:36:a5:
                    6c:e6:d3:08:fb:d9:70:a3:6f:d3:ad:a4:4c:f7:cd:
                    9e:ca:c1:6a:16:ff:ff:c8:f2:f1:f6:d4:a7:04:a5:
                    e2:87:b5:bb:a0:46:18:2b:02:13:97:04:c2:99:be:
                    1d:8f:69:94:c9:73:80:f5:20:60:a7:f8:e7:0f:97:
                    47:1b:98:ab:1d:94:61:90:e8:7c:69:51:ab:4c:da:
                    14:37:96:f0:f0:cc:e2:a1:89:10:1b:bf:30:d7:84:
                    52:22:14:3e:9d:41:bd:b8:0e:02:2f:cc:93:a6:16:
                    83:09:6d:78:76:81:ab:a2:be:69:3b:d9:e5:03:88:
                    18:3e:b2:5d:e1:10:23:d3:1a:a0:6b:6d:2a:3d:1d:
                    1d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:ED:59:10:A8:92:01:7B:29:96:80:08:BF:AB:87:0E:41:50:59:0D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tu1ZEKiSAXsploAIv6uHDkFQWQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.202.0/24
                  194.32.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a6:0e:ec:1a:89:ca:c4:96:64:6c:2f:25:14:43:ec:cb:49:
         b3:2c:58:2c:8f:41:65:ed:e8:72:dc:cd:6e:09:57:8b:f4:3d:
         33:94:9f:14:6a:12:dc:91:57:9f:8a:f9:dc:02:e5:8c:99:52:
         02:bc:19:e6:eb:6b:a2:6b:44:98:d7:2c:62:5b:c2:06:31:8b:
         f6:a9:99:3c:87:45:9d:68:be:f5:2d:c3:3a:dc:07:2e:5c:58:
         fa:ee:b7:0a:a9:7b:c4:2e:04:aa:01:e6:fb:d8:33:6f:5f:51:
         ab:41:dc:5e:89:fc:8f:ab:28:55:bf:a2:bf:31:79:42:c9:d7:
         af:21:10:b8:e2:6d:68:06:d4:16:bc:a5:47:be:6a:3a:ae:8d:
         ee:58:73:06:b3:67:23:45:df:10:2f:83:69:fc:1d:bf:7e:7a:
         2a:e8:8a:ba:f0:16:d8:46:78:d3:8e:45:6f:87:42:90:c1:9d:
         ce:a5:f9:14:7d:44:48:e8:a9:3e:d4:e5:3e:b2:ab:8d:c8:f8:
         0f:8e:4d:e5:3e:d5:00:b8:24:71:5b:35:76:58:f3:40:8d:26:
         3a:b5:5f:2f:98:ef:99:db:cc:70:96:d1:7e:89:6e:37:ef:7a:
         8b:2b:b1:cf:15:76:a2:67:eb:95:b1:b8:46:b8:34:19:1c:9d:
         93:61:31:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ20QiXj0a3DwZ/j5lm/+XsAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDIyMDgxNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmVkNTkxMGE4OTIwMTdiMjk5NjgwMDhiZmFiODcwZTQxNTA1OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ3RpAIk3IjTxbzOz5ELhEtzEA4l
oU/vapfYzqSGsxfoTqRNCtR5JOmlfkHiwIvUsA0nHvJ01g/U67gBDnGv5fE9SpfP
7t2G1TvxMR/JHLIgU7J7q+WgKCpoDwiM1w9Jy1/xEyFwUeAGkOKof/npGmFYKRaY
NqVs5tMI+9lwo2/TraRM982eysFqFv//yPLx9tSnBKXih7W7oEYYKwITlwTCmb4d
j2mUyXOA9SBgp/jnD5dHG5irHZRhkOh8aVGrTNoUN5bw8MzioYkQG78w14RSIhQ+
nUG9uA4CL8yTphaDCW14doGror5pO9nlA4gYPrJd4RAj0xqga20qPR0dPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLbtWRCokgF7KZaACL+rhw5BUFkNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdHUxWkVLaVNBWHNwbG9BSXY2dUhEa0ZRV1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUsXKAwQA
wiB6MA0GCSqGSIb3DQEBCwUAA4IBAQAIpg7sGonKxJZkbC8lFEPsy0mzLFgsj0Fl
7ehy3M1uCVeL9D0zlJ8UahLckVefivncAuWMmVICvBnm62uia0SY1yxiW8IGMYv2
qZk8h0WdaL71LcM63AcuXFj67rcKqXvELgSqAeb72DNvX1GrQdxeifyPqyhVv6K/
MXlCydevIRC44m1oBtQWvKVHvmo6ro3uWHMGs2cjRd8QL4Np/B2/fnoq6Iq68BbY
RnjTjkVvh0KQwZ3OpfkUfURI6Kk+1OU+squNyPgPjk3lPtUAuCRxWzV2WPNAjSY6
tV8vmO+Z28xwltF+iW4373qLK7HPFXaiZ+uVsbhGuDQZHJ2TYTH5
-----END CERTIFICATE-----