Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/Nequ1Lfv45A-4d-1Vk4dCZmbP8I.roa
File:                     Nequ1Lfv45A-4d-1Vk4dCZmbP8I.roa (raw, json)
Hash identifier:          bLVnDdjoc9G1dickoCoDDOI7CZ2glnUV81dCe9iXEnE=
Subject key identifier:   35:EA:AE:D4:B7:EF:E3:90:3E:E1:DF:B5:56:4E:1D:09:99:9B:3F:C2
Certificate issuer:       /CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
Certificate serial:       019CB368F845CDA0413A65443D7465BB1D27
Authority key identifier: 2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/Nequ1Lfv45A-4d-1Vk4dCZmbP8I.roa
Signing time:             Tue 03 Mar 2026 11:15:26 +0000
ROA not before:           Tue 03 Mar 2026 11:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200468
IP address blocks:        31.3.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:68:f8:45:cd:a0:41:3a:65:44:3d:74:65:bb:1d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
        Validity
            Not Before: Mar  3 11:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35eaaed4b7efe3903ee1dfb5564e1d09999b3fc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:aa:df:d9:5f:3d:5e:29:48:35:e4:61:6d:ea:
                    80:19:d2:5b:26:f0:32:d8:ed:5a:a7:fe:85:75:05:
                    e0:6a:35:90:4d:94:9a:a0:7f:06:a9:6c:9f:80:41:
                    c0:c5:f8:7e:71:d9:28:8e:d2:75:52:07:f9:9b:7e:
                    b8:53:13:7f:72:22:d0:46:4c:3e:9f:ef:6e:af:71:
                    af:a3:b1:9a:66:ec:60:d8:cf:39:67:44:7e:62:90:
                    e0:70:75:22:96:33:68:78:22:03:94:6b:4a:49:0b:
                    bc:1c:e2:0b:20:08:59:dc:ac:be:22:90:2d:b5:37:
                    3f:d6:b2:f0:f9:44:8c:a0:93:6a:c7:d0:3c:77:68:
                    8c:b5:0e:ca:85:b3:ca:d2:2a:7c:9a:fd:2a:73:7d:
                    d4:02:73:3a:9c:7b:63:43:d5:2a:bb:c0:05:07:c7:
                    6e:70:b3:b2:a9:1b:24:ea:78:2e:c9:1c:e7:ad:85:
                    05:42:89:bc:69:b1:be:7b:f0:ed:ca:87:2a:f0:79:
                    bb:71:12:2e:d3:c9:13:90:3b:c3:47:5b:a4:fb:23:
                    63:f7:2a:4d:e4:56:0c:68:0e:6d:14:95:26:84:c7:
                    f6:0a:c2:87:03:6c:0a:f4:a1:96:43:c1:ec:fa:64:
                    07:51:49:2d:6d:a6:32:39:0d:2c:24:7a:bf:0e:10:
                    f6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EA:AE:D4:B7:EF:E3:90:3E:E1:DF:B5:56:4E:1D:09:99:9B:3F:C2
            X509v3 Authority Key Identifier:
                keyid:2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/Nequ1Lfv45A-4d-1Vk4dCZmbP8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3e:fe:d5:30:b2:84:6d:d7:6c:22:cf:db:40:7a:da:c4:ca:
         9a:3c:dc:7a:5b:43:14:40:89:b2:18:32:a2:fb:b0:53:b4:e7:
         14:68:79:18:2e:3b:80:7a:23:77:e0:5a:3c:6f:86:fc:e9:7b:
         1d:ec:a6:2c:d4:ce:25:e5:48:23:eb:78:2a:97:2d:56:1b:a7:
         1c:29:03:9f:85:aa:fb:dc:db:1d:f5:5a:73:71:8e:ca:0c:c1:
         d9:29:83:b3:0a:2d:6d:58:2e:f9:4d:12:62:c6:5b:c6:cd:c2:
         cf:c9:ed:03:30:69:f8:68:f1:a4:52:17:82:ef:c1:53:b1:e8:
         54:71:c4:40:b6:f3:1e:ea:ca:5e:a0:19:7a:6e:f6:98:eb:77:
         7a:76:31:e0:28:4b:9c:82:52:77:04:34:09:2a:6f:4f:a7:2f:
         39:38:e2:08:68:17:c5:67:94:b1:8e:b7:5c:75:fa:a7:d3:2f:
         44:10:08:e4:da:e5:74:7e:11:46:ac:e9:50:32:8c:84:6a:32:
         d7:31:28:b1:0b:cb:52:43:99:b5:c0:ff:61:9a:d6:bd:2f:fa:
         0e:11:7f:a8:9a:44:82:5d:b3:86:68:4d:02:cc:14:00:dd:5c:
         84:04:18:bd:57:2c:ea:7c:6a:a2:c5:f5:21:9f:0b:05:ff:92:
         9f:7c:e1:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzaPhFzaBBOmVEPXRlux0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlY2M1NzE1YzE2NzYxMTJlZWQ2MzE0NTk0YTU5MzMzYzNk
N2UxZTAwHhcNMjYwMzAzMTExNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWVhYWVkNGI3ZWZlMzkwM2VlMWRmYjU1NjRlMWQwOTk5OWIzZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86rf2V89XilINeRhbeqAGdJbJvAy
2O1ap/6FdQXgajWQTZSaoH8GqWyfgEHAxfh+cdkojtJ1Ugf5m364UxN/ciLQRkw+
n+9ur3Gvo7GaZuxg2M85Z0R+YpDgcHUiljNoeCIDlGtKSQu8HOILIAhZ3Ky+IpAt
tTc/1rLw+USMoJNqx9A8d2iMtQ7KhbPK0ip8mv0qc33UAnM6nHtjQ9Uqu8AFB8du
cLOyqRsk6nguyRznrYUFQom8abG+e/Dtyocq8Hm7cRIu08kTkDvDR1uk+yNj9ypN
5FYMaA5tFJUmhMf2CsKHA2wK9KGWQ8Hs+mQHUUktbaYyOQ0sJHq/DhD2jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXqrtS37+OQPuHftVZOHQmZmz/CMB8GA1UdIwQY
MBaAFC7MVxXBZ2ES7tYxRZSlkzPD1+HgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGIt
MzZmZDYwNmQ4ZDA5LzEvTmVxdTFMZnY0NUEtNGQtMVZrNGRDWm1iUDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGItMzZmZDYwNmQ4ZDA5
LzEvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwPZMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Pv7VMLKEbddsIs/bQHraxMqaPNx6W0MUQImyGDKi
+7BTtOcUaHkYLjuAeiN34Fo8b4b86Xsd7KYs1M4l5Ugj63gqly1WG6ccKQOfhar7
3Nsd9VpzcY7KDMHZKYOzCi1tWC75TRJixlvGzcLPye0DMGn4aPGkUheC78FTsehU
ccRAtvMe6speoBl6bvaY63d6djHgKEucglJ3BDQJKm9Ppy85OOIIaBfFZ5Sxjrdc
dfqn0y9EEAjk2uV0fhFGrOlQMoyEajLXMSixC8tSQ5m1wP9hmta9L/oOEX+omkSC
XbOGaE0CzBQA3VyEBBi9VyzqfGqixfUhnwsF/5KffOFR
-----END CERTIFICATE-----