Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/NuMlagHUke8KMkSphjPCPDQSoBI.roa
File:                     NuMlagHUke8KMkSphjPCPDQSoBI.roa (raw, json)
Hash identifier:          6uWtg7+XxICFhFYoeZcqILzkGTbAJfwlId5CHBnWoFg=
Subject key identifier:   36:E3:25:6A:01:D4:91:EF:0A:32:44:A9:86:33:C2:3C:34:12:A0:12
Certificate issuer:       /CN=734c3511cbff092816418be477cb553d66b5b84f
Certificate serial:       019DE0816350AD9BAFA79389B1F53996FF87
Authority key identifier: 73:4C:35:11:CB:FF:09:28:16:41:8B:E4:77:CB:55:3D:66:B5:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/NuMlagHUke8KMkSphjPCPDQSoBI.roa
Signing time:             Thu 30 Apr 2026 22:27:49 +0000
ROA not before:           Thu 30 Apr 2026 22:27:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13009
IP address blocks:        109.71.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e0:81:63:50:ad:9b:af:a7:93:89:b1:f5:39:96:ff:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=734c3511cbff092816418be477cb553d66b5b84f
        Validity
            Not Before: Apr 30 22:27:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36e3256a01d491ef0a3244a98633c23c3412a012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:51:b1:2f:4e:95:bf:8b:78:34:b3:7c:9e:a7:
                    16:82:20:fe:6e:ed:11:43:92:54:7a:c7:d3:a4:96:
                    62:48:96:4b:e8:e6:8f:70:d4:47:c6:29:99:b6:1c:
                    a2:4f:f8:ab:36:17:dd:9a:3f:27:76:b8:8a:33:d7:
                    28:b0:87:58:39:af:3e:63:05:d5:28:83:b3:09:2f:
                    22:d7:d3:cd:62:c1:ba:0b:c0:01:ce:70:13:4d:09:
                    1e:7e:74:02:07:f3:3b:b4:fc:70:7b:56:e3:42:bb:
                    26:9b:45:8a:bc:bd:d5:5a:02:2d:e7:f6:6d:cc:e7:
                    cc:f5:be:ce:6d:db:e6:1c:7f:b9:1f:28:6c:e3:27:
                    eb:1e:99:a9:99:b3:bf:82:4b:c6:73:25:97:51:58:
                    56:cf:b9:bc:37:49:4f:14:cc:a4:65:72:d9:88:3b:
                    13:5d:24:c6:5c:3e:2c:a8:c8:62:aa:38:66:9d:8a:
                    61:3d:3e:8a:78:b2:f9:97:ad:ff:a6:01:a9:c3:b0:
                    e1:77:68:92:98:da:73:06:2f:43:6e:b4:29:8c:7c:
                    5f:fb:ac:35:58:d4:61:ea:12:ad:d7:e5:ef:6f:72:
                    cd:5d:81:c5:cf:ca:28:3d:7a:e0:69:02:3b:b4:51:
                    4c:82:20:79:7c:ae:be:ed:eb:9e:89:70:5a:0c:38:
                    d0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E3:25:6A:01:D4:91:EF:0A:32:44:A9:86:33:C2:3C:34:12:A0:12
            X509v3 Authority Key Identifier:
                keyid:73:4C:35:11:CB:FF:09:28:16:41:8B:E4:77:CB:55:3D:66:B5:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/NuMlagHUke8KMkSphjPCPDQSoBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/c3d220-4985-4d19-8200-608097f18d83/1/c0w1Ecv_CSgWQYvkd8tVPWa1uE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:5d:33:08:12:d6:55:50:c2:ea:da:74:6b:f3:35:7a:24:36:
         f7:f6:ca:7c:b0:fa:87:fc:50:5e:23:90:24:99:56:f0:94:34:
         47:81:cb:9a:8b:47:cc:e5:39:98:c2:e4:6d:6c:b4:cb:ec:e4:
         a6:2c:3d:37:d3:ad:8c:81:44:22:0a:70:dd:bf:94:3d:c6:f0:
         c2:e7:c0:7e:fc:76:9f:4a:d4:b5:8e:b8:7f:d1:aa:46:92:8f:
         90:88:74:64:62:2e:30:07:32:dc:60:86:5f:4a:b6:c9:fc:a5:
         79:ba:0a:65:9f:58:a5:7e:cf:58:c4:e9:92:9e:ce:cc:db:e4:
         33:8b:cb:3b:e8:03:93:fe:92:58:f5:6b:b0:32:91:b6:23:fc:
         93:c2:b6:8d:5c:60:40:f2:fe:0a:46:92:2b:b3:46:ce:7e:7c:
         9a:ea:d1:1d:90:74:e9:01:00:d6:b8:d3:36:e2:49:76:2b:4c:
         ba:49:37:b7:d7:8b:7f:21:65:e2:26:ef:60:d2:41:bd:7f:ab:
         5b:97:99:54:17:35:e9:2d:49:4a:c4:01:73:e2:ff:d4:f7:ed:
         f0:15:d3:17:81:c9:02:4c:13:30:19:d2:5f:39:46:82:dd:bd:
         df:b7:62:eb:25:67:cb:ce:84:55:0c:61:66:d5:ba:c0:ed:5a:
         99:e4:48:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ggWNQrZuvp5OJsfU5lv+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNGMzNTExY2JmZjA5MjgxNjQxOGJlNDc3Y2I1NTNkNjZi
NWI4NGYwHhcNMjYwNDMwMjIyNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUzMjU2YTAxZDQ5MWVmMGEzMjQ0YTk4NjMzYzIzYzM0MTJhMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVGxL06Vv4t4NLN8nqcWgiD+bu0R
Q5JUesfTpJZiSJZL6OaPcNRHximZthyiT/irNhfdmj8ndriKM9cosIdYOa8+YwXV
KIOzCS8i19PNYsG6C8ABznATTQkefnQCB/M7tPxwe1bjQrsmm0WKvL3VWgIt5/Zt
zOfM9b7ObdvmHH+5Hyhs4yfrHpmpmbO/gkvGcyWXUVhWz7m8N0lPFMykZXLZiDsT
XSTGXD4sqMhiqjhmnYphPT6KeLL5l63/pgGpw7Dhd2iSmNpzBi9DbrQpjHxf+6w1
WNRh6hKt1+Xvb3LNXYHFz8ooPXrgaQI7tFFMgiB5fK6+7eueiXBaDDjQSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbjJWoB1JHvCjJEqYYzwjw0EqASMB8GA1UdIwQY
MBaAFHNMNRHL/wkoFkGL5HfLVT1mtbhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzB3MUVjdl9DU2dXUVl2a2Q4dFZQV2ExdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9jM2QyMjAtNDk4NS00ZDE5LTgyMDAt
NjA4MDk3ZjE4ZDgzLzEvTnVNbGFnSFVrZThLTWtTcGhqUENQRFFTb0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9jM2QyMjAtNDk4NS00ZDE5LTgyMDAtNjA4MDk3ZjE4ZDgz
LzEvYzB3MUVjdl9DU2dXUVl2a2Q4dFZQV2ExdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUdOMA0G
CSqGSIb3DQEBCwUAA4IBAQBiXTMIEtZVUMLq2nRr8zV6JDb39sp8sPqH/FBeI5Ak
mVbwlDRHgcuai0fM5TmYwuRtbLTL7OSmLD03062MgUQiCnDdv5Q9xvDC58B+/Haf
StS1jrh/0apGko+QiHRkYi4wBzLcYIZfSrbJ/KV5ugpln1ilfs9YxOmSns7M2+Qz
i8s76AOT/pJY9WuwMpG2I/yTwraNXGBA8v4KRpIrs0bOfnya6tEdkHTpAQDWuNM2
4kl2K0y6STe314t/IWXiJu9g0kG9f6tbl5lUFzXpLUlKxAFz4v/U9+3wFdMXgckC
TBMwGdJfOUaC3b3ft2LrJWfLzoRVDGFm1brA7VqZ5Eig
-----END CERTIFICATE-----