Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/nbH1TD42BLjdbeZiXuysrxr8qdk.roa
File:                     nbH1TD42BLjdbeZiXuysrxr8qdk.roa (raw, json)
Hash identifier:          0KSmmCd2YiufgVfcWAQKmc1rBsWEg+kubWBnByHlzaA=
Subject key identifier:   9D:B1:F5:4C:3E:36:04:B8:DD:6D:E6:62:5E:EC:AC:AF:1A:FC:A9:D9
Certificate issuer:       /CN=df4283200acdc21d9a35f584f20ff2e026e82c8e
Certificate serial:       019DB5E2B45D17F56A2A6BEBDBF4280D3A7C
Authority key identifier: DF:42:83:20:0A:CD:C2:1D:9A:35:F5:84:F2:0F:F2:E0:26:E8:2C:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/30KDIArNwh2aNfWE8g_y4CboLI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/nbH1TD42BLjdbeZiXuysrxr8qdk.roa
Signing time:             Wed 22 Apr 2026 15:50:26 +0000
ROA not before:           Wed 22 Apr 2026 15:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29457
IP address blocks:        168.222.214.0/24 maxlen: 24
                          168.222.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/30KDIArNwh2aNfWE8g_y4CboLI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/30KDIArNwh2aNfWE8g_y4CboLI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/30KDIArNwh2aNfWE8g_y4CboLI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:e2:b4:5d:17:f5:6a:2a:6b:eb:db:f4:28:0d:3a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df4283200acdc21d9a35f584f20ff2e026e82c8e
        Validity
            Not Before: Apr 22 15:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9db1f54c3e3604b8dd6de6625eecacaf1afca9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:23:37:f7:fd:c2:b8:d9:2b:58:05:b3:a3:
                    e8:b0:c0:5d:19:e2:2f:6c:7e:14:af:1c:f7:71:d3:
                    d4:fd:18:38:c8:3e:b9:9e:46:09:df:c9:d7:7e:3f:
                    54:a4:3b:5b:76:29:6f:02:6c:6e:e6:01:1d:60:0a:
                    52:19:7c:7b:c0:62:97:1e:bb:3c:68:46:10:6e:29:
                    45:b8:a2:19:5c:1b:e3:5e:c0:b2:48:80:6c:cb:d0:
                    98:4a:d3:b2:7d:09:89:2b:dc:65:f2:c4:1c:4e:7c:
                    8f:91:bb:14:95:74:63:02:9c:e8:77:8d:c8:3b:7e:
                    78:cb:ce:57:a6:57:04:84:fb:69:6d:99:67:ea:33:
                    5c:a0:ea:05:86:78:67:16:9d:9f:a6:76:ee:b5:d7:
                    9a:57:85:d4:93:28:d0:5b:32:40:36:ea:d6:e7:ae:
                    e3:af:54:7e:e5:d9:48:45:e9:82:1e:92:0d:15:4e:
                    91:1c:20:86:13:0a:59:4d:3c:15:82:a3:80:4b:15:
                    90:66:9b:6b:38:1a:91:84:5b:2f:ae:4f:70:9c:48:
                    7c:59:a5:08:6f:51:a7:e0:21:64:b7:71:e5:a6:f7:
                    f2:e3:b2:a6:a1:31:fe:aa:64:d3:9a:4e:4c:4e:b8:
                    f7:78:53:7b:a1:c5:ed:e8:84:79:d5:92:52:bb:c9:
                    8e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B1:F5:4C:3E:36:04:B8:DD:6D:E6:62:5E:EC:AC:AF:1A:FC:A9:D9
            X509v3 Authority Key Identifier:
                keyid:DF:42:83:20:0A:CD:C2:1D:9A:35:F5:84:F2:0F:F2:E0:26:E8:2C:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/30KDIArNwh2aNfWE8g_y4CboLI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/nbH1TD42BLjdbeZiXuysrxr8qdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a3a305-e3a5-420c-8fed-3206538d699b/1/30KDIArNwh2aNfWE8g_y4CboLI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:19:2c:4d:0a:2a:27:5c:2e:ac:d3:95:bf:11:fd:fa:61:80:
         03:44:c7:f5:a7:7f:0d:dc:11:6c:6d:49:02:bb:d8:dd:4a:0d:
         fe:45:50:fd:9a:f5:10:ae:fb:48:5c:f6:0c:ad:b6:74:de:93:
         01:66:bb:25:72:47:a9:a6:50:8e:35:68:91:1f:9b:d4:d5:8a:
         e8:4e:09:fc:61:9e:b6:a5:2d:73:54:72:2c:65:36:70:f5:80:
         0a:f5:aa:da:5c:f1:d6:24:14:7c:1d:44:8b:27:f6:35:87:38:
         85:2e:80:a1:10:f4:c9:c9:45:ce:04:a5:12:65:0b:72:e9:b0:
         dc:72:73:8e:99:0b:ad:10:a4:21:d5:02:9e:1d:db:68:c1:18:
         c5:cb:83:62:93:ff:c3:6c:21:6d:db:b6:82:c8:85:8e:79:e2:
         af:33:ef:f7:00:17:72:cf:83:ec:73:0b:91:af:13:5e:4f:b2:
         1b:9f:f2:a4:55:5c:f0:b2:d2:c3:71:93:c0:a4:4b:4e:10:6a:
         a3:c4:bd:42:dc:03:39:39:8d:3d:fb:90:3b:29:57:4d:5f:db:
         cb:53:e1:42:05:13:d2:38:26:31:ad:0f:03:d3:1a:2c:ce:39:
         2a:04:bf:35:d0:f0:af:e1:85:ea:80:14:34:d3:c4:e2:c7:03:
         11:02:7d:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ214rRdF/VqKmvr2/QoDTp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNDI4MzIwMGFjZGMyMWQ5YTM1ZjU4NGYyMGZmMmUwMjZl
ODJjOGUwHhcNMjYwNDIyMTU1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIxZjU0YzNlMzYwNGI4ZGQ2ZGU2NjI1ZWVjYWNhZjFhZmNhOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+wjN/f9wrjZK1gFs6PosMBdGeIv
bH4Urxz3cdPU/Rg4yD65nkYJ38nXfj9UpDtbdilvAmxu5gEdYApSGXx7wGKXHrs8
aEYQbilFuKIZXBvjXsCySIBsy9CYStOyfQmJK9xl8sQcTnyPkbsUlXRjApzod43I
O354y85XplcEhPtpbZln6jNcoOoFhnhnFp2fpnbutdeaV4XUkyjQWzJANurW567j
r1R+5dlIRemCHpINFU6RHCCGEwpZTTwVgqOASxWQZptrOBqRhFsvrk9wnEh8WaUI
b1Gn4CFkt3Hlpvfy47KmoTH+qmTTmk5MTrj3eFN7ocXt6IR51ZJSu8mOhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2x9Uw+NgS43W3mYl7srK8a/KnZMB8GA1UdIwQY
MBaAFN9CgyAKzcIdmjX1hPIP8uAm6CyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzBLRElBck53aDJhTmZXRThnX3k0Q2JvTEk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hM2EzMDUtZTNhNS00MjBjLThmZWQt
MzIwNjUzOGQ2OTliLzEvbmJIMVRENDJCTGpkYmVaaVh1eXNyeHI4cWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hM2EzMDUtZTNhNS00MjBjLThmZWQtMzIwNjUzOGQ2OTli
LzEvMzBLRElBck53aDJhTmZXRThnX3k0Q2JvTEk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqN7WMA0G
CSqGSIb3DQEBCwUAA4IBAQCvGSxNCionXC6s05W/Ef36YYADRMf1p38N3BFsbUkC
u9jdSg3+RVD9mvUQrvtIXPYMrbZ03pMBZrslckepplCONWiRH5vU1YroTgn8YZ62
pS1zVHIsZTZw9YAK9araXPHWJBR8HUSLJ/Y1hziFLoChEPTJyUXOBKUSZQty6bDc
cnOOmQutEKQh1QKeHdtowRjFy4Nik//DbCFt27aCyIWOeeKvM+/3ABdyz4PscwuR
rxNeT7Ibn/KkVVzwstLDcZPApEtOEGqjxL1C3AM5OY09+5A7KVdNX9vLU+FCBRPS
OCYxrQ8D0xoszjkqBL810PCv4YXqgBQ008TixwMRAn12
-----END CERTIFICATE-----