Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/nmunvZ8NjUAQxyXLc7q3E6asADA.roa
File:                     nmunvZ8NjUAQxyXLc7q3E6asADA.roa (raw, json)
Hash identifier:          bcuDcNnBDq7F5VI75bQ3a3MYz4yXIjZXvHo8ZRs1H3g=
Subject key identifier:   9E:6B:A7:BD:9F:0D:8D:40:10:C7:25:CB:73:BA:B7:13:A6:AC:00:30
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019DA0786F9D3623504E2C94AB6DE335E1BF
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/nmunvZ8NjUAQxyXLc7q3E6asADA.roa
Signing time:             Sat 18 Apr 2026 12:02:20 +0000
ROA not before:           Sat 18 Apr 2026 12:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200623
IP address blocks:        85.149.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a0:78:6f:9d:36:23:50:4e:2c:94:ab:6d:e3:35:e1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 18 12:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e6ba7bd9f0d8d4010c725cb73bab713a6ac0030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d8:41:ea:71:70:e3:24:9a:7a:5e:17:a4:0f:
                    4a:2b:4f:ff:31:ff:a1:10:83:c8:2a:8d:8d:b9:50:
                    59:0f:fe:44:c6:53:94:13:29:fa:ea:20:7b:f6:ec:
                    86:2f:3a:8c:ac:cf:8a:0a:ee:66:80:d2:20:8c:1f:
                    3a:da:04:81:f2:62:c4:9c:b4:c0:5b:0b:84:15:f5:
                    1c:a9:19:b2:67:b4:b8:e8:f1:06:c6:aa:59:4f:65:
                    d0:49:3b:be:58:c1:b3:47:34:a4:c9:de:ad:9a:27:
                    1e:b5:05:be:2e:c3:e3:f6:ba:ce:2c:cf:ab:0b:e5:
                    1d:d7:14:b5:8f:1a:59:cd:ce:5c:f3:5d:74:df:58:
                    3b:94:97:53:52:e0:5e:b2:86:6c:bb:34:83:00:80:
                    4c:09:51:13:9c:31:0e:17:09:b5:a5:ff:79:47:49:
                    b7:26:91:37:7b:ca:67:fa:57:38:fe:a2:92:52:cf:
                    a8:ac:35:05:d0:dd:90:ca:aa:3c:b5:ec:75:e5:78:
                    ee:0d:50:4c:1c:dc:14:3e:56:9f:68:89:6e:64:88:
                    3f:60:78:f7:ce:6c:1e:7f:17:db:2b:94:2c:5e:22:
                    bd:7e:83:bb:16:10:59:df:cf:c9:57:41:eb:e0:fe:
                    00:a6:83:68:01:ee:47:d4:d1:16:bd:0b:cf:0f:15:
                    53:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:6B:A7:BD:9F:0D:8D:40:10:C7:25:CB:73:BA:B7:13:A6:AC:00:30
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/nmunvZ8NjUAQxyXLc7q3E6asADA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a1:bf:91:db:7e:1e:d7:2a:a9:c0:a1:f9:39:8f:14:03:22:
         a9:0a:b1:4d:b1:cd:35:b1:6f:b9:77:bf:8c:90:d8:32:02:5d:
         e9:17:9b:87:db:e5:b1:9d:7d:ba:ce:fb:fc:c5:b5:c6:4c:fe:
         7d:ee:84:8c:55:35:81:8e:c1:30:1c:48:7f:bd:50:1b:ec:8b:
         25:0b:19:10:95:76:d1:91:e6:c4:b2:fc:e7:65:50:f7:c9:89:
         c6:79:e7:53:2b:07:ba:07:23:f8:81:bd:f5:3e:fa:ae:e1:71:
         5b:08:48:5f:fa:08:f6:3b:f4:c5:3b:dd:d2:7a:85:a7:d6:d2:
         18:e2:e2:cf:47:28:68:93:b2:90:e9:37:f0:93:43:c1:0a:a2:
         46:53:10:ef:72:76:db:75:03:64:5b:31:87:2a:b9:05:f8:b9:
         fa:82:15:67:be:e9:74:a2:d4:d2:26:f1:0f:f6:f3:59:01:96:
         2d:1a:ad:cb:7b:1e:11:fe:1b:5e:0a:2f:e3:52:be:23:4f:f1:
         06:4b:94:c3:2a:ca:c1:a6:e3:55:bf:48:04:a3:bc:ee:b7:48:
         3e:c1:38:6f:dc:8a:34:55:8b:3a:55:d2:a8:8f:10:44:97:c8:
         aa:49:3d:70:31:0b:14:25:33:bf:e1:01:04:1d:c8:c3:c5:28:
         b5:9e:8f:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2geG+dNiNQTiyUq23jNeG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDE4MTIwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTZiYTdiZDlmMGQ4ZDQwMTBjNzI1Y2I3M2JhYjcxM2E2YWMwMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNhB6nFw4ySael4XpA9KK0//Mf+h
EIPIKo2NuVBZD/5ExlOUEyn66iB79uyGLzqMrM+KCu5mgNIgjB862gSB8mLEnLTA
WwuEFfUcqRmyZ7S46PEGxqpZT2XQSTu+WMGzRzSkyd6tmicetQW+LsPj9rrOLM+r
C+Ud1xS1jxpZzc5c811031g7lJdTUuBesoZsuzSDAIBMCVETnDEOFwm1pf95R0m3
JpE3e8pn+lc4/qKSUs+orDUF0N2Qyqo8tex15XjuDVBMHNwUPlafaIluZIg/YHj3
zmwefxfbK5QsXiK9foO7FhBZ38/JV0Hr4P4ApoNoAe5H1NEWvQvPDxVTfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5rp72fDY1AEMcly3O6txOmrAAwMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvbm11bnZaOE5qVUFReHlYTGM3cTNFNmFzQURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZXbMA0G
CSqGSIb3DQEBCwUAA4IBAQBMob+R234e1yqpwKH5OY8UAyKpCrFNsc01sW+5d7+M
kNgyAl3pF5uH2+WxnX26zvv8xbXGTP597oSMVTWBjsEwHEh/vVAb7IslCxkQlXbR
kebEsvznZVD3yYnGeedTKwe6ByP4gb31Pvqu4XFbCEhf+gj2O/TFO93SeoWn1tIY
4uLPRyhok7KQ6Tfwk0PBCqJGUxDvcnbbdQNkWzGHKrkF+Ln6ghVnvul0otTSJvEP
9vNZAZYtGq3Lex4R/hteCi/jUr4jT/EGS5TDKsrBpuNVv0gEo7zut0g+wThv3Io0
VYs6VdKojxBEl8iqST1wMQsUJTO/4QEEHcjDxSi1no+N
-----END CERTIFICATE-----