Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NS5ldcKq1LzOVk57QBl78tAnglo.roa
File:                     NS5ldcKq1LzOVk57QBl78tAnglo.roa (raw, json)
Hash identifier:          NLCMAf6L81UDBfmrt98wVbe31nVEYXW+pY5vNtXwIxQ=
Subject key identifier:   35:2E:65:75:C2:AA:D4:BC:CE:56:4E:7B:40:19:7B:F2:D0:27:82:5A
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019E34317578DEFAD6FFE017BF176BDC6575
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NS5ldcKq1LzOVk57QBl78tAnglo.roa
Signing time:             Sun 17 May 2026 04:28:36 +0000
ROA not before:           Sun 17 May 2026 04:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        46.37.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:34:31:75:78:de:fa:d6:ff:e0:17:bf:17:6b:dc:65:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May 17 04:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=352e6575c2aad4bcce564e7b40197bf2d027825a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:01:86:16:39:ae:2c:c9:dc:f7:55:6b:85:1b:
                    15:09:07:49:49:82:06:a5:01:91:dd:f3:09:27:bf:
                    a8:a9:45:91:11:f1:66:8b:d6:19:c2:6c:36:93:0c:
                    b0:99:59:f7:0a:a2:8f:1f:09:45:3c:59:5b:d2:fb:
                    dd:81:d2:08:2c:07:85:47:02:a3:99:14:e9:51:31:
                    24:9d:9b:af:81:42:0e:ea:d7:f3:f1:2d:76:12:f5:
                    b6:23:5f:81:13:3b:2c:4a:8e:16:a7:87:24:4f:b6:
                    1a:a8:78:d2:f2:03:9d:c1:67:e2:c7:c2:b3:5d:8a:
                    5c:b3:0f:8d:a5:0a:c8:c5:05:50:42:fc:f5:d9:19:
                    c6:68:b7:24:13:60:6f:83:6a:c2:e9:1a:0e:30:80:
                    57:24:98:9a:b5:c5:a2:5c:1d:1f:cc:d8:c4:fe:22:
                    f9:66:73:45:f2:8e:85:0c:df:4d:f5:40:53:8b:a1:
                    73:32:d4:a2:67:53:6c:b5:65:5a:80:76:1d:9e:8b:
                    dd:e3:90:ad:29:97:cf:a8:02:60:0e:c3:9d:bd:e2:
                    99:b8:56:e4:3d:c9:1c:99:cc:0a:eb:3c:0c:26:7c:
                    13:36:84:ae:11:8e:b1:aa:33:8e:59:4d:f4:ed:26:
                    25:f7:f7:ce:34:61:16:6a:17:e1:64:5b:c1:86:16:
                    c0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2E:65:75:C2:AA:D4:BC:CE:56:4E:7B:40:19:7B:F2:D0:27:82:5A
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/NS5ldcKq1LzOVk57QBl78tAnglo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:92:9a:5a:1e:5e:5b:c4:a7:b7:49:63:8b:f4:34:05:87:e2:
         cd:03:79:58:6c:5b:e6:a2:da:93:96:ce:23:cb:aa:8c:30:15:
         01:fb:be:5a:9f:bf:0d:5f:76:39:d7:03:ea:49:c6:e4:fa:c1:
         77:a7:b0:85:72:d9:46:50:52:db:8c:e9:a2:66:d2:33:74:17:
         84:a1:b4:00:8b:81:a2:32:40:d4:45:28:67:b3:87:7f:6a:90:
         c4:86:86:ca:c2:97:ce:c9:f8:91:ff:95:c6:01:16:42:6d:20:
         c2:85:8c:67:da:f0:b5:58:e1:c3:7b:3e:53:28:ca:84:70:51:
         35:35:f0:b1:6a:32:35:7b:80:0e:2d:5b:b7:ce:19:b5:3d:f0:
         47:72:39:a5:11:f9:b4:2a:dc:b9:ae:3b:0f:21:b9:c2:9f:07:
         2d:15:25:8f:12:67:05:fe:1a:09:92:de:35:bd:95:cd:05:66:
         0b:ee:84:a9:26:65:a8:9d:66:1a:2d:0e:d1:48:a5:d6:ac:41:
         c8:40:e1:fe:17:0f:4d:c4:60:de:8d:da:35:45:95:ce:05:26:
         04:f9:aa:10:04:42:a3:ac:a3:7f:85:01:3d:d1:c4:b8:ea:ed:
         dc:40:fb:52:7c:12:7a:3e:32:8c:bb:c5:07:9f:cb:c2:35:21:
         8a:ca:bd:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ40MXV43vrW/+AXvxdr3GV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjYwNTE3MDQyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJlNjU3NWMyYWFkNGJjY2U1NjRlN2I0MDE5N2JmMmQwMjc4MjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAGGFjmuLMnc91VrhRsVCQdJSYIG
pQGR3fMJJ7+oqUWREfFmi9YZwmw2kwywmVn3CqKPHwlFPFlb0vvdgdIILAeFRwKj
mRTpUTEknZuvgUIO6tfz8S12EvW2I1+BEzssSo4Wp4ckT7YaqHjS8gOdwWfix8Kz
XYpcsw+NpQrIxQVQQvz12RnGaLckE2Bvg2rC6RoOMIBXJJiatcWiXB0fzNjE/iL5
ZnNF8o6FDN9N9UBTi6FzMtSiZ1NstWVagHYdnovd45CtKZfPqAJgDsOdveKZuFbk
PckcmcwK6zwMJnwTNoSuEY6xqjOOWU307SYl9/fONGEWahfhZFvBhhbA+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUuZXXCqtS8zlZOe0AZe/LQJ4JaMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvTlM1bGRjS3ExTHpPVms1N1FCbDc4dEFuZ2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVtMA0G
CSqGSIb3DQEBCwUAA4IBAQBhkppaHl5bxKe3SWOL9DQFh+LNA3lYbFvmotqTls4j
y6qMMBUB+75an78NX3Y51wPqScbk+sF3p7CFctlGUFLbjOmiZtIzdBeEobQAi4Gi
MkDURShns4d/apDEhobKwpfOyfiR/5XGARZCbSDChYxn2vC1WOHDez5TKMqEcFE1
NfCxajI1e4AOLVu3zhm1PfBHcjmlEfm0Kty5rjsPIbnCnwctFSWPEmcF/hoJkt41
vZXNBWYL7oSpJmWonWYaLQ7RSKXWrEHIQOH+Fw9NxGDejdo1RZXOBSYE+aoQBEKj
rKN/hQE90cS46u3cQPtSfBJ6PjKMu8UHn8vCNSGKyr1T
-----END CERTIFICATE-----