Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/NzeG0Cjs2GlaCluis6FvFRPdG8Y.roa
File:                     NzeG0Cjs2GlaCluis6FvFRPdG8Y.roa (raw, json)
Hash identifier:          D8I63gjSnCkjqqUpR3svQsGafWUlJxH4Rxdr+NEwvGg=
Subject key identifier:   37:37:86:D0:28:EC:D8:69:5A:0A:5B:A2:B3:A1:6F:15:13:DD:1B:C6
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019E7D28D00A931BF98CC46F960CE8EC66E1
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/NzeG0Cjs2GlaCluis6FvFRPdG8Y.roa
Signing time:             Sun 31 May 2026 08:31:27 +0000
ROA not before:           Sun 31 May 2026 08:31:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34346
IP address blocks:        152.89.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7d:28:d0:0a:93:1b:f9:8c:c4:6f:96:0c:e8:ec:66:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: May 31 08:31:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=373786d028ecd8695a0a5ba2b3a16f1513dd1bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:02:80:3d:97:a7:1e:c4:b6:08:39:85:8d:54:
                    0a:8e:2b:4c:f5:bd:fb:cd:4b:4f:ea:27:72:1b:cd:
                    ee:f2:31:e7:f8:e1:d9:6f:e8:57:77:36:0b:13:8a:
                    cd:14:aa:cf:fc:8b:b2:20:59:a8:cc:76:1e:f1:36:
                    d9:c8:b6:9d:55:a6:48:fd:92:7c:99:98:b8:8e:5f:
                    6f:89:e5:f1:b8:95:a3:dc:32:ce:c1:0a:21:cd:1f:
                    cd:9d:a8:14:39:af:0b:ea:4a:b4:1d:44:a7:fe:6f:
                    33:78:29:f4:cc:42:e2:74:c6:3c:c4:01:f9:8a:bf:
                    ae:78:b7:03:bf:86:5a:ff:e6:2c:66:5c:48:ba:64:
                    24:0c:c3:2b:28:42:1c:59:b9:59:8e:c0:bb:9a:e4:
                    ae:1d:76:34:8a:12:66:a1:ef:7b:3d:5c:fc:bc:48:
                    86:ed:c2:88:d1:2b:4b:de:6e:bf:f5:0f:0f:82:28:
                    f1:dc:a6:ab:16:39:f6:72:51:e7:73:c0:73:50:c4:
                    6c:ce:65:34:20:08:e2:f6:5b:dc:33:8f:11:0a:42:
                    da:9b:06:6e:d5:df:be:a5:8e:54:26:9a:8f:5d:88:
                    d6:61:f2:98:04:e6:e5:f0:b4:46:2d:d0:f1:ff:39:
                    b0:ca:a4:c5:f7:f8:f1:a0:df:2b:95:dc:4d:47:20:
                    57:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:37:86:D0:28:EC:D8:69:5A:0A:5B:A2:B3:A1:6F:15:13:DD:1B:C6
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/NzeG0Cjs2GlaCluis6FvFRPdG8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a6:c7:74:eb:02:32:38:c3:a7:89:b2:6c:85:52:ef:c4:7b:
         cf:3f:7e:8a:82:27:08:01:b8:73:f1:bc:63:85:cc:8d:0c:54:
         b7:03:12:44:46:48:f0:e9:2b:0f:81:d2:3b:b7:e7:17:59:e0:
         38:e1:1a:12:b5:01:12:37:05:03:a5:36:7b:f9:14:cf:a6:e3:
         69:ab:34:91:14:3f:96:7d:6a:bc:40:75:39:97:83:64:85:2a:
         0c:5f:db:07:0d:c2:03:11:54:62:ef:e4:a6:a0:09:35:5e:20:
         d6:1d:5a:fd:58:b1:87:0c:f2:a5:ee:30:28:37:e7:34:53:55:
         33:b0:97:50:92:a0:d5:5c:88:d6:77:74:f6:02:1c:81:f2:fb:
         d0:3e:ba:94:e9:28:c1:4c:23:18:28:7f:4d:07:29:a1:e2:0b:
         08:05:ef:97:dc:19:a7:97:a0:b4:23:13:04:6c:da:ad:0c:b6:
         1f:ba:ad:61:00:d6:a4:02:42:74:e9:67:2d:91:94:a9:b8:1c:
         cb:96:f9:39:ab:5f:ff:89:05:95:44:32:93:eb:0a:05:9e:95:
         58:94:e3:a5:02:00:9f:c9:16:06:d5:9c:0b:69:ee:bb:75:8d:
         34:d8:c3:9b:cb:9f:c7:ea:62:fa:53:2b:f2:cb:17:12:92:a5:
         6a:57:1e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ59KNAKkxv5jMRvlgzo7GbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNTMxMDgzMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM3ODZkMDI4ZWNkODY5NWEwYTViYTJiM2ExNmYxNTEzZGQxYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgKAPZenHsS2CDmFjVQKjitM9b37
zUtP6idyG83u8jHn+OHZb+hXdzYLE4rNFKrP/IuyIFmozHYe8TbZyLadVaZI/ZJ8
mZi4jl9vieXxuJWj3DLOwQohzR/NnagUOa8L6kq0HUSn/m8zeCn0zELidMY8xAH5
ir+ueLcDv4Za/+YsZlxIumQkDMMrKEIcWblZjsC7muSuHXY0ihJmoe97PVz8vEiG
7cKI0StL3m6/9Q8Pgijx3KarFjn2clHnc8BzUMRszmU0IAji9lvcM48RCkLamwZu
1d++pY5UJpqPXYjWYfKYBObl8LRGLdDx/zmwyqTF9/jxoN8rldxNRyBXtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc3htAo7NhpWgpborOhbxUT3RvGMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvTnplRzBDanMyR2xhQ2x1aXM2RnZGUlBkRzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnDMA0G
CSqGSIb3DQEBCwUAA4IBAQCcpsd06wIyOMOnibJshVLvxHvPP36KgicIAbhz8bxj
hcyNDFS3AxJERkjw6SsPgdI7t+cXWeA44RoStQESNwUDpTZ7+RTPpuNpqzSRFD+W
fWq8QHU5l4NkhSoMX9sHDcIDEVRi7+SmoAk1XiDWHVr9WLGHDPKl7jAoN+c0U1Uz
sJdQkqDVXIjWd3T2AhyB8vvQPrqU6SjBTCMYKH9NBymh4gsIBe+X3Bmnl6C0IxME
bNqtDLYfuq1hANakAkJ06WctkZSpuBzLlvk5q1//iQWVRDKT6woFnpVYlOOlAgCf
yRYG1ZwLae67dY002MOby5/H6mL6UyvyyxcSkqVqVx6t
-----END CERTIFICATE-----