Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/ncKH1YpuJk5-uciMg32syOz5Dh0.roa
File:                     ncKH1YpuJk5-uciMg32syOz5Dh0.roa (raw, json)
Hash identifier:          8NVQeOlGQC5ZiQGFRi3sIRfLjXwS5UuTrVhAQo79EFs=
Subject key identifier:   9D:C2:87:D5:8A:6E:26:4E:7E:B9:C8:8C:83:7D:AC:C8:EC:F9:0E:1D
Certificate issuer:       /CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Certificate serial:       019E780F444DFF278B35C8BF4E91CEEB02CA
Authority key identifier: DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/ncKH1YpuJk5-uciMg32syOz5Dh0.roa
Signing time:             Sat 30 May 2026 08:45:26 +0000
ROA not before:           Sat 30 May 2026 08:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57282
IP address blocks:        185.148.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:78:0f:44:4d:ff:27:8b:35:c8:bf:4e:91:ce:eb:02:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0ba4f56e6f037725286037afc3c14c293b9b82
        Validity
            Not Before: May 30 08:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dc287d58a6e264e7eb9c88c837dacc8ecf90e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8d:5c:ee:52:38:b9:02:20:5c:9e:d1:a9:8e:
                    e9:38:95:9a:82:c7:c6:d9:52:2e:71:7d:46:07:af:
                    8b:f6:b5:9c:de:29:a3:4b:36:b8:00:f0:17:01:a7:
                    69:97:c9:d2:08:ce:e4:0b:f2:72:31:a3:48:ff:6a:
                    de:81:e4:1e:53:ef:7f:eb:e0:69:bc:37:f3:f5:43:
                    d1:61:4d:f3:99:77:7b:5e:21:3e:91:fd:ee:57:6c:
                    fe:55:d3:52:9f:f1:c4:3c:aa:21:8e:ec:7f:1c:83:
                    36:60:74:b9:00:71:d9:07:76:13:92:b5:64:89:06:
                    aa:c3:32:19:4f:39:2f:7f:79:10:03:f6:47:39:13:
                    36:e5:ce:2a:b4:9c:6f:f1:63:cd:52:92:c1:1c:9a:
                    51:f5:b7:8b:a0:24:3f:cd:e5:ac:63:b1:ed:2b:1c:
                    1b:7e:f5:46:e3:da:72:c2:e3:e9:3a:70:9e:cb:d3:
                    8e:8a:8a:89:3e:70:8c:a9:25:6b:46:a3:88:27:a9:
                    fd:79:bb:3f:b8:9d:9a:6f:c2:f0:2c:c1:8b:a3:29:
                    08:02:b8:0f:60:3c:50:72:ef:b0:09:bb:2c:e9:af:
                    b3:01:24:67:b4:31:df:45:6c:1f:4f:8f:34:62:5a:
                    bc:31:91:40:92:bf:9d:09:66:2e:44:38:31:09:20:
                    81:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C2:87:D5:8A:6E:26:4E:7E:B9:C8:8C:83:7D:AC:C8:EC:F9:0E:1D
            X509v3 Authority Key Identifier:
                keyid:DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/ncKH1YpuJk5-uciMg32syOz5Dh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:39:17:a4:8e:5f:2e:d1:29:66:29:a8:3a:d0:b9:a3:01:79:
         ee:3b:15:ad:ce:1f:9c:87:8d:8b:fa:15:ca:0c:08:22:e3:3a:
         fc:db:3e:0d:f5:ba:dc:48:64:68:fb:51:a9:6f:bd:41:d7:e2:
         59:f6:c0:5f:71:47:92:46:52:12:d4:7d:8b:49:53:31:03:8f:
         2c:e3:ad:62:21:5f:79:02:6c:2a:1a:59:91:82:9c:6e:52:ef:
         19:58:f6:f8:91:3e:1a:2a:13:d2:d3:0f:a2:72:3b:eb:e6:16:
         5d:16:05:99:9c:7b:08:8d:99:bb:27:c5:8a:09:6b:7f:11:6f:
         10:ec:61:1e:26:b7:87:e5:17:65:81:f7:7f:e3:83:89:e7:c5:
         7c:ce:0e:f9:40:30:4a:45:65:93:75:d0:2e:5d:26:68:4c:35:
         c1:e4:8a:5f:86:f8:10:20:d7:c5:f9:aa:a5:35:a0:c5:88:01:
         0c:16:a7:12:23:10:a9:64:03:6e:4f:1d:58:49:44:c5:6a:77:
         6a:0d:df:16:5f:2d:60:ec:b0:48:a9:e4:ce:db:32:1c:c6:8b:
         64:36:c8:a5:0a:06:93:46:b5:1c:d6:80:dc:f3:70:16:a5:1f:
         ac:9a:0f:6c:96:ce:04:06:eb:c7:31:ca:61:4a:33:f7:1c:d2:
         8c:72:25:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ54D0RN/yeLNci/TpHO6wLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGJhNGY1NmU2ZjAzNzcyNTI4NjAzN2FmYzNjMTRjMjkz
YjliODIwHhcNMjYwNTMwMDg0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMyODdkNThhNmUyNjRlN2ViOWM4OGM4MzdkYWNjOGVjZjkwZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtI1c7lI4uQIgXJ7RqY7pOJWagsfG
2VIucX1GB6+L9rWc3imjSza4APAXAadpl8nSCM7kC/JyMaNI/2regeQeU+9/6+Bp
vDfz9UPRYU3zmXd7XiE+kf3uV2z+VdNSn/HEPKohjux/HIM2YHS5AHHZB3YTkrVk
iQaqwzIZTzkvf3kQA/ZHORM25c4qtJxv8WPNUpLBHJpR9beLoCQ/zeWsY7HtKxwb
fvVG49pywuPpOnCey9OOioqJPnCMqSVrRqOIJ6n9ebs/uJ2ab8LwLMGLoykIArgP
YDxQcu+wCbss6a+zASRntDHfRWwfT480Ylq8MZFAkr+dCWYuRDgxCSCB7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3Ch9WKbiZOfrnIjIN9rMjs+Q4dMB8GA1UdIwQY
MBaAFN8LpPVubwN3JShgN6/DwUwpO5uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTIt
MzZjNjc4OTAwZjc5LzEvbmNLSDFZcHVKazUtdWNpTWczMnN5T3o1RGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTItMzZjNjc4OTAwZjc5
LzEvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZT7MA0G
CSqGSIb3DQEBCwUAA4IBAQAuORekjl8u0SlmKag60LmjAXnuOxWtzh+ch42L+hXK
DAgi4zr82z4N9brcSGRo+1Gpb71B1+JZ9sBfcUeSRlIS1H2LSVMxA48s461iIV95
AmwqGlmRgpxuUu8ZWPb4kT4aKhPS0w+icjvr5hZdFgWZnHsIjZm7J8WKCWt/EW8Q
7GEeJreH5Rdlgfd/44OJ58V8zg75QDBKRWWTddAuXSZoTDXB5IpfhvgQINfF+aql
NaDFiAEMFqcSIxCpZANuTx1YSUTFandqDd8WXy1g7LBIqeTO2zIcxotkNsilCgaT
RrUc1oDc83AWpR+smg9sls4EBuvHMcphSjP3HNKMciUI
-----END CERTIFICATE-----