Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NjSHXcCDDaK5u1TU4oMToEl62qM.roa
File:                     NjSHXcCDDaK5u1TU4oMToEl62qM.roa (raw, json)
Hash identifier:          HeUCjx+wV0yXwP3hYyYKM+zbw5PyeWLXaR2QOA1dIDk=
Subject key identifier:   36:34:87:5D:C0:83:0D:A2:B9:BB:54:D4:E2:83:13:A0:49:7A:DA:A3
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DB15ABC0A09AD8AA6239978BAD361A2B7
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NjSHXcCDDaK5u1TU4oMToEl62qM.roa
Signing time:             Tue 21 Apr 2026 18:43:26 +0000
ROA not before:           Tue 21 Apr 2026 18:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        87.232.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b1:5a:bc:0a:09:ad:8a:a6:23:99:78:ba:d3:61:a2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Apr 21 18:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3634875dc0830da2b9bb54d4e28313a0497adaa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cf:e0:02:73:42:df:f9:9b:84:c0:09:3f:60:
                    cd:66:d9:56:4d:6f:b5:06:82:47:19:a4:9f:05:e8:
                    e2:1d:55:43:7d:0f:aa:99:34:b3:a0:fc:d0:7e:49:
                    66:e4:23:dc:f5:2c:ae:94:58:25:2c:e3:43:39:ba:
                    98:4c:a8:2f:68:c4:2b:f8:e3:c6:6e:3c:0a:44:c8:
                    09:3f:3d:4b:d9:0b:5d:70:2f:80:44:43:6c:fb:dc:
                    06:11:cc:83:b5:b1:8e:d3:b0:5b:f5:eb:f2:54:28:
                    ec:99:86:fd:2a:ce:f6:55:7f:08:4c:e1:68:55:bf:
                    fe:95:5d:dc:56:0a:b3:75:97:f1:0d:13:7f:cd:11:
                    1e:a6:6c:37:5a:af:11:77:95:c5:58:7c:a8:56:20:
                    48:df:41:8e:92:c1:58:5c:7d:93:22:0a:bc:8c:f1:
                    f3:ed:a5:1b:76:50:d0:b6:3d:cd:2d:ec:66:d5:1d:
                    54:5e:9e:9d:5a:d7:ae:61:96:ad:12:31:7e:71:21:
                    96:2c:a5:95:41:73:e3:ff:fe:25:19:c1:f1:df:09:
                    f9:f4:6a:e8:14:da:4f:6f:ae:fc:a5:4e:ff:eb:e5:
                    90:b8:d2:10:65:4d:00:df:cd:ab:f9:f2:d5:ff:d0:
                    f3:59:a1:50:3d:29:7f:04:d5:37:bf:e6:66:cd:07:
                    cb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:34:87:5D:C0:83:0D:A2:B9:BB:54:D4:E2:83:13:A0:49:7A:DA:A3
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/NjSHXcCDDaK5u1TU4oMToEl62qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:67:db:a2:49:49:72:be:90:51:1a:be:f5:d5:05:d9:f2:e9:
         5f:b8:b3:f2:b2:53:66:aa:34:05:29:03:89:9e:ec:20:1a:6f:
         ed:15:84:42:f8:7c:1c:05:e6:04:5b:20:8d:5f:b2:48:8a:16:
         dc:3d:9b:1b:53:99:c8:62:ba:ca:4b:25:f9:4e:fc:63:56:73:
         6c:75:1d:65:9b:9e:03:e0:de:66:0d:1f:49:aa:ac:3d:50:a1:
         e8:ca:7a:d2:63:21:b0:91:1d:8f:5f:59:97:a6:1d:98:5d:86:
         d5:77:c0:4e:ae:ee:68:42:cf:02:9e:50:11:c7:f8:5a:7b:53:
         f1:0b:b0:fd:e2:8a:15:ed:33:be:06:bf:53:64:43:c7:d5:ec:
         a5:6d:f1:ec:f2:64:51:90:70:7b:76:01:0c:65:15:87:c7:cd:
         e8:b3:45:28:51:df:b3:d9:4f:fc:c3:62:4e:5b:b7:5d:45:58:
         e9:3d:9b:07:c2:2f:a1:29:23:3c:3b:ac:c1:13:e9:b1:5a:63:
         4f:df:c8:fc:4c:db:ea:ce:23:c1:83:cd:3f:fd:25:6d:9b:41:
         15:a2:66:9e:51:97:32:d5:a7:55:0a:8a:28:cb:b0:2e:64:72:
         be:ce:f0:d6:b3:35:7e:06:17:e3:67:8c:70:fd:fd:85:83:a8:
         8a:1b:5e:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2xWrwKCa2KpiOZeLrTYaK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNDIxMTg0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM0ODc1ZGMwODMwZGEyYjliYjU0ZDRlMjgzMTNhMDQ5N2FkYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms/gAnNC3/mbhMAJP2DNZtlWTW+1
BoJHGaSfBejiHVVDfQ+qmTSzoPzQfklm5CPc9SyulFglLONDObqYTKgvaMQr+OPG
bjwKRMgJPz1L2QtdcC+ARENs+9wGEcyDtbGO07Bb9evyVCjsmYb9Ks72VX8ITOFo
Vb/+lV3cVgqzdZfxDRN/zREepmw3Wq8Rd5XFWHyoViBI30GOksFYXH2TIgq8jPHz
7aUbdlDQtj3NLexm1R1UXp6dWteuYZatEjF+cSGWLKWVQXPj//4lGcHx3wn59Gro
FNpPb678pU7/6+WQuNIQZU0A382r+fLV/9DzWaFQPSl/BNU3v+ZmzQfLNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDY0h13Agw2iubtU1OKDE6BJetqjMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTmpTSFhjQ0REYUs1dTFUVTRvTVRvRWw2MnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hmMA0G
CSqGSIb3DQEBCwUAA4IBAQBgZ9uiSUlyvpBRGr711QXZ8ulfuLPyslNmqjQFKQOJ
nuwgGm/tFYRC+HwcBeYEWyCNX7JIihbcPZsbU5nIYrrKSyX5TvxjVnNsdR1lm54D
4N5mDR9Jqqw9UKHoynrSYyGwkR2PX1mXph2YXYbVd8BOru5oQs8CnlARx/hae1Px
C7D94ooV7TO+Br9TZEPH1eylbfHs8mRRkHB7dgEMZRWHx83os0UoUd+z2U/8w2JO
W7ddRVjpPZsHwi+hKSM8O6zBE+mxWmNP38j8TNvqziPBg80//SVtm0EVomaeUZcy
1adVCoooy7AuZHK+zvDWszV+BhfjZ4xw/f2Fg6iKG14d
-----END CERTIFICATE-----