Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NkrF-O5v7s9V8zsG8ziIKUJW3zk.roa
File:                     NkrF-O5v7s9V8zsG8ziIKUJW3zk.roa (raw, json)
Hash identifier:          2LcYAm16dFHvjzNIaAwM1NGSLS+Z5iohtj1HatvcojI=
Subject key identifier:   36:4A:C5:F8:EE:6F:EE:CF:55:F3:3B:06:F3:38:88:29:42:56:DF:39
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019CD21AB3060CCDA281AF87D138BEA4E570
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NkrF-O5v7s9V8zsG8ziIKUJW3zk.roa
Signing time:             Mon 09 Mar 2026 10:18:11 +0000
ROA not before:           Mon 09 Mar 2026 10:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        194.41.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:1a:b3:06:0c:cd:a2:81:af:87:d1:38:be:a4:e5:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  9 10:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=364ac5f8ee6feecf55f33b06f33888294256df39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e6:42:9c:5d:fb:77:6f:24:4d:d8:24:89:87:
                    5e:48:8c:c1:1e:6c:c9:f4:b7:b3:ec:13:ab:37:b0:
                    11:2f:fe:ca:00:25:11:2e:69:1b:3d:30:30:ab:6a:
                    1d:86:60:d8:0f:4f:dc:d9:7e:ff:cd:f0:37:77:b5:
                    c9:2a:97:2b:e2:4b:7a:4e:11:04:41:07:97:96:51:
                    1e:b5:12:d7:43:89:8d:86:a1:ae:b4:eb:96:ac:74:
                    00:56:af:dd:c0:bc:a9:51:e4:c8:ee:3b:b7:9d:f3:
                    d4:92:4a:7d:a9:2a:47:8e:1e:63:46:62:e6:a9:72:
                    75:0c:26:81:cb:07:ef:89:cb:9b:1c:a9:9c:95:e2:
                    cb:4b:2a:00:cb:da:98:83:01:8d:6c:be:d1:78:36:
                    7d:90:6e:45:f0:06:cb:88:a6:6c:b6:0f:9e:16:df:
                    cd:ba:7a:11:48:8c:2e:5e:1b:12:5f:87:36:b1:bc:
                    df:b1:84:23:04:ff:c6:78:5b:d2:95:7f:9b:dc:2a:
                    f4:93:2e:db:c2:ab:52:32:bd:1c:78:c4:c5:3e:3f:
                    43:bf:f2:be:9a:19:a6:50:ea:78:cc:1d:67:b1:b2:
                    00:0e:aa:4a:7e:50:75:a4:cb:07:47:31:34:ca:d8:
                    87:07:d3:2a:0a:1e:47:a3:8d:c3:73:9e:91:03:4b:
                    7b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4A:C5:F8:EE:6F:EE:CF:55:F3:3B:06:F3:38:88:29:42:56:DF:39
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NkrF-O5v7s9V8zsG8ziIKUJW3zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.41.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1a:d0:dd:45:4d:12:c9:89:f2:ef:1b:3c:f1:2f:32:87:39:
         37:31:04:96:c3:db:9a:ec:a3:e8:2b:10:df:81:87:fa:84:5e:
         7e:99:9d:35:bb:f3:ee:0a:b2:96:48:f6:7f:4d:b9:c0:05:6f:
         90:b8:23:45:3e:78:bd:0b:0e:f1:e5:db:35:52:db:e0:25:f2:
         46:cf:86:3c:d6:12:a1:6e:9c:af:67:cf:6f:3e:e9:48:61:d8:
         6f:f1:24:d8:33:c1:13:d5:4b:56:dc:d0:06:60:77:52:ef:1b:
         fd:4f:f0:ed:3f:8f:2d:82:0a:4f:fa:a3:84:81:b7:04:51:61:
         05:57:34:9c:f8:02:a7:63:ca:48:08:d3:65:76:71:59:5c:a6:
         ed:3c:9e:85:61:3a:52:9e:76:d2:34:f1:16:5d:d4:3f:2d:9c:
         c3:8b:af:0b:ac:cb:94:3d:b9:ac:f4:31:fe:9b:de:e5:54:03:
         f0:ac:09:de:1c:df:05:65:3e:88:52:cc:ad:02:cf:7e:b5:45:
         55:66:18:a0:f3:e8:e5:6c:c1:8a:cd:bb:7e:3c:c6:27:5c:c4:
         ae:8a:03:85:94:c8:2d:e7:b0:65:d4:c7:47:fb:5c:51:09:7a:
         9e:41:d2:ca:a4:a9:51:1d:1a:11:2b:d0:b2:a0:df:df:27:0f:
         b6:73:68:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSGrMGDM2iga+H0Ti+pOVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMzA5MTAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRhYzVmOGVlNmZlZWNmNTVmMzNiMDZmMzM4ODgyOTQyNTZkZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OZCnF37d28kTdgkiYdeSIzBHmzJ
9Lez7BOrN7ARL/7KACURLmkbPTAwq2odhmDYD0/c2X7/zfA3d7XJKpcr4kt6ThEE
QQeXllEetRLXQ4mNhqGutOuWrHQAVq/dwLypUeTI7ju3nfPUkkp9qSpHjh5jRmLm
qXJ1DCaBywfvicubHKmcleLLSyoAy9qYgwGNbL7ReDZ9kG5F8AbLiKZstg+eFt/N
unoRSIwuXhsSX4c2sbzfsYQjBP/GeFvSlX+b3Cr0ky7bwqtSMr0ceMTFPj9Dv/K+
mhmmUOp4zB1nsbIADqpKflB1pMsHRzE0ytiHB9MqCh5Ho43Dc56RA0t7owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZKxfjub+7PVfM7BvM4iClCVt85MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTmtyRi1PNXY3czlWOHpzRzh6aUlLVUpXM3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwilyMA0G
CSqGSIb3DQEBCwUAA4IBAQA7GtDdRU0SyYny7xs88S8yhzk3MQSWw9ua7KPoKxDf
gYf6hF5+mZ01u/PuCrKWSPZ/TbnABW+QuCNFPni9Cw7x5ds1UtvgJfJGz4Y81hKh
bpyvZ89vPulIYdhv8STYM8ET1UtW3NAGYHdS7xv9T/DtP48tggpP+qOEgbcEUWEF
VzSc+AKnY8pICNNldnFZXKbtPJ6FYTpSnnbSNPEWXdQ/LZzDi68LrMuUPbms9DH+
m97lVAPwrAneHN8FZT6IUsytAs9+tUVVZhig8+jlbMGKzbt+PMYnXMSuigOFlMgt
57Bl1MdH+1xRCXqeQdLKpKlRHRoRK9CyoN/fJw+2c2hD
-----END CERTIFICATE-----