Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/npp_zSAEpcB8VMvJql0J7J4aPic.roa
File:                     npp_zSAEpcB8VMvJql0J7J4aPic.roa (raw, json)
Hash identifier:          CiUWpsJ/aJLIcfg05NJl16JrBfZTTnvDJZ7fsK42oUQ=
Subject key identifier:   9E:9A:7F:CD:20:04:A5:C0:7C:54:CB:C9:AA:5D:09:EC:9E:1A:3E:27
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E222124654B2A0890F1FDBDDDADFDD274
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/npp_zSAEpcB8VMvJql0J7J4aPic.roa
Signing time:             Wed 13 May 2026 16:17:37 +0000
ROA not before:           Wed 13 May 2026 16:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42708
IP address blocks:        2.26.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:21:24:65:4b:2a:08:90:f1:fd:bd:dd:ad:fd:d2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 13 16:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e9a7fcd2004a5c07c54cbc9aa5d09ec9e1a3e27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c4:ed:bd:0d:e6:f2:ce:0e:0e:3c:29:dd:fe:
                    f1:bf:44:75:f7:c7:b0:48:f8:b4:13:39:1b:15:d9:
                    84:e1:c6:55:b7:6e:ee:02:ee:3e:00:9e:b4:39:49:
                    9b:ba:4a:15:47:08:50:0a:26:42:a0:f8:19:74:57:
                    bd:d4:d7:3f:98:6e:a6:dc:c7:23:54:50:cb:3b:e3:
                    98:08:a4:90:d0:35:16:9c:df:d5:2f:27:91:0d:49:
                    90:d9:ad:34:b4:3b:ea:30:32:4b:89:89:a6:4d:fc:
                    0d:3e:e5:f2:27:d7:f5:36:61:56:55:c6:d3:c2:75:
                    d8:1f:02:73:7f:d8:f2:37:0f:4b:9e:d3:92:b2:89:
                    fe:e0:7f:df:fc:55:66:d4:4f:d6:c0:2f:f1:f7:6a:
                    19:2e:36:83:3b:62:d2:5a:2f:ef:42:bf:34:d9:a0:
                    97:f1:d7:68:6b:83:8e:89:e7:a4:43:ba:24:d1:17:
                    7b:ee:d4:56:af:47:3f:ae:b8:ed:0e:43:75:ff:2d:
                    59:1f:42:68:51:19:a5:7e:60:c7:3e:75:41:b2:4d:
                    84:fe:34:ac:71:f1:9a:8c:df:5f:71:a7:e2:be:d7:
                    fb:89:f6:2d:99:cf:db:04:a3:f1:9a:c3:4d:1e:c9:
                    96:54:9c:a2:64:b7:4e:c3:54:e2:68:a1:8a:b4:fc:
                    dc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9A:7F:CD:20:04:A5:C0:7C:54:CB:C9:AA:5D:09:EC:9E:1A:3E:27
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/npp_zSAEpcB8VMvJql0J7J4aPic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ea:4d:21:3b:7e:48:66:68:30:75:84:f4:90:4f:e7:7c:ce:
         27:8c:5c:59:be:34:ca:7e:64:d0:21:ed:fb:1e:49:10:14:43:
         c6:f8:19:a9:91:1c:87:6f:c1:6d:7d:61:09:ea:96:3a:94:58:
         be:28:5b:12:8f:5c:d4:1e:0b:32:9f:35:01:08:8b:71:11:ac:
         0e:ee:39:b3:e9:36:81:05:cb:fe:f1:cb:52:74:8e:85:b5:30:
         3b:e9:9f:e9:61:07:e8:89:d8:e6:9f:9b:cf:22:83:ab:4d:51:
         e1:56:fe:ec:54:cd:e3:d8:ae:83:33:c3:7c:7f:2d:e0:e3:c7:
         2e:0a:0c:cd:7c:1c:b8:3b:42:bc:87:71:12:93:50:f4:19:20:
         71:2c:d1:07:f1:01:e5:b6:b0:28:52:b6:0d:c3:ed:51:37:b7:
         9d:0e:79:40:c3:6a:90:b7:12:28:fe:91:8a:6d:eb:28:7b:04:
         37:46:85:2b:d5:6c:52:32:03:47:a1:94:39:d1:1a:6b:2f:82:
         81:c4:78:8d:c2:f9:94:9e:ed:2c:b2:64:29:6d:a4:3d:ff:0a:
         1a:7c:e8:21:25:0f:75:2e:6d:3f:6a:9c:a0:70:60:59:45:da:
         81:dc:d5:19:8c:17:1d:de:37:88:6c:4f:45:b8:11:53:f6:6d:
         ed:f6:37:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4iISRlSyoIkPH9vd2t/dJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEzMTYxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTlhN2ZjZDIwMDRhNWMwN2M1NGNiYzlhYTVkMDllYzllMWEzZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksTtvQ3m8s4ODjwp3f7xv0R198ew
SPi0EzkbFdmE4cZVt27uAu4+AJ60OUmbukoVRwhQCiZCoPgZdFe91Nc/mG6m3Mcj
VFDLO+OYCKSQ0DUWnN/VLyeRDUmQ2a00tDvqMDJLiYmmTfwNPuXyJ9f1NmFWVcbT
wnXYHwJzf9jyNw9LntOSson+4H/f/FVm1E/WwC/x92oZLjaDO2LSWi/vQr802aCX
8ddoa4OOieekQ7ok0Rd77tRWr0c/rrjtDkN1/y1ZH0JoURmlfmDHPnVBsk2E/jSs
cfGajN9fcafivtf7ifYtmc/bBKPxmsNNHsmWVJyiZLdOw1TiaKGKtPzcHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6af80gBKXAfFTLyapdCeyeGj4nMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbnBwX3pTQUVwY0I4Vk12SnFsMEo3SjRhUGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhq+MA0G
CSqGSIb3DQEBCwUAA4IBAQCH6k0hO35IZmgwdYT0kE/nfM4njFxZvjTKfmTQIe37
HkkQFEPG+BmpkRyHb8FtfWEJ6pY6lFi+KFsSj1zUHgsynzUBCItxEawO7jmz6TaB
Bcv+8ctSdI6FtTA76Z/pYQfoidjmn5vPIoOrTVHhVv7sVM3j2K6DM8N8fy3g48cu
CgzNfBy4O0K8h3ESk1D0GSBxLNEH8QHltrAoUrYNw+1RN7edDnlAw2qQtxIo/pGK
besoewQ3RoUr1WxSMgNHoZQ50RprL4KBxHiNwvmUnu0ssmQpbaQ9/woafOghJQ91
Lm0/apygcGBZRdqB3NUZjBcd3jeIbE9FuBFT9m3t9jep
-----END CERTIFICATE-----