Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/N3LKuwLRuVKYuFWiGYpHH9iTJDU.roa
File:                     N3LKuwLRuVKYuFWiGYpHH9iTJDU.roa (raw, json)
Hash identifier:          +3GE+YLKYRUGq2ir////J+cfvpEdtk9nror7A4YJdrQ=
Subject key identifier:   37:72:CA:BB:02:D1:B9:52:98:B8:55:A2:19:8A:47:1F:D8:93:24:35
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       019E075E1F97AC9597D959CC7D8F426AAB56
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/N3LKuwLRuVKYuFWiGYpHH9iTJDU.roa
Signing time:             Fri 08 May 2026 11:34:29 +0000
ROA not before:           Fri 08 May 2026 11:34:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        82.222.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:5e:1f:97:ac:95:97:d9:59:cc:7d:8f:42:6a:ab:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: May  8 11:34:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3772cabb02d1b95298b855a2198a471fd8932435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:81:10:73:0c:cb:a8:38:00:e9:46:3e:7c:89:
                    ba:8c:d4:7b:8f:ba:f8:5d:39:4d:84:ad:b1:4b:37:
                    c0:d9:3e:2e:dd:cf:05:09:5b:db:10:d2:de:04:42:
                    2f:69:1a:ec:8b:b1:c5:82:6a:e3:19:a3:b7:43:17:
                    93:4f:f4:ef:3e:21:b1:15:08:d6:c7:9b:56:eb:8a:
                    dc:00:1e:37:87:b5:4d:d9:7a:4e:3b:cc:d5:36:60:
                    2e:42:12:3f:70:28:66:fb:2a:5b:09:ed:c5:2e:ff:
                    e3:c3:05:f8:e6:e6:68:c0:0c:6a:0d:ce:c6:7f:03:
                    8d:6a:d6:35:d3:53:4c:4b:dc:8b:ef:d2:56:81:7f:
                    7a:1c:f5:4a:54:44:6e:4f:09:ca:ea:c9:a9:ea:08:
                    a9:e5:ac:1a:ec:09:37:89:01:68:00:04:79:4d:25:
                    32:2e:63:78:7a:08:cf:19:d4:d3:53:5a:da:02:3e:
                    45:51:c8:3a:b0:b7:71:a5:6a:35:34:ce:fc:0e:11:
                    7b:c6:3b:92:6c:17:d8:55:53:64:23:49:83:1b:da:
                    8a:80:a4:38:64:24:1e:22:ab:9c:a3:ce:f2:2f:b8:
                    51:37:23:9d:d7:74:61:27:2f:43:89:59:8e:dd:24:
                    a1:26:8a:c2:e7:8a:dc:4f:a9:5b:a7:f2:cf:16:0f:
                    70:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:72:CA:BB:02:D1:B9:52:98:B8:55:A2:19:8A:47:1F:D8:93:24:35
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/N3LKuwLRuVKYuFWiGYpHH9iTJDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:fd:91:72:e0:f3:12:d0:da:fb:e7:53:89:8d:89:8c:68:98:
         56:90:24:b6:d2:24:18:c1:b6:7f:52:95:11:e4:90:95:a0:86:
         32:95:dd:7f:43:ac:64:9b:4d:57:d2:22:33:3a:f4:5d:a3:0e:
         19:28:b6:62:f9:86:4b:15:94:e0:d8:cf:6c:f6:35:2a:bc:12:
         27:c0:23:ca:07:d0:28:07:d4:10:99:95:ae:18:4d:30:fb:29:
         6c:ab:9b:ba:a8:e6:00:e8:ed:25:be:86:a7:b1:9c:2b:86:47:
         94:e5:71:01:fb:d6:fd:f8:df:97:c5:6d:91:ac:c8:65:f5:de:
         65:f8:2c:f4:66:a6:3f:f7:e3:5c:d3:82:96:96:31:6d:98:01:
         05:f4:3f:2d:83:16:1b:fa:94:4e:85:c3:07:a8:b0:b0:80:87:
         4e:e5:7b:04:9e:f9:0c:57:60:77:f3:fa:57:13:86:5e:e0:85:
         52:09:d1:cc:c4:cc:15:39:d2:0f:79:26:85:63:e0:91:a2:90:
         3d:34:e3:af:55:7b:ea:f3:90:49:22:93:42:4f:b1:22:b7:3a:
         15:66:8a:ff:64:dd:59:6a:6b:f5:55:fa:30:c9:14:f3:19:83:
         43:53:8b:10:5b:58:72:b9:39:a2:b1:8d:dd:4c:aa:35:28:14:
         0d:18:6c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4HXh+XrJWX2VnMfY9CaqtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjYwNTA4MTEzNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzcyY2FiYjAyZDFiOTUyOThiODU1YTIxOThhNDcxZmQ4OTMyNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYEQcwzLqDgA6UY+fIm6jNR7j7r4
XTlNhK2xSzfA2T4u3c8FCVvbENLeBEIvaRrsi7HFgmrjGaO3QxeTT/TvPiGxFQjW
x5tW64rcAB43h7VN2XpOO8zVNmAuQhI/cChm+ypbCe3FLv/jwwX45uZowAxqDc7G
fwONatY101NMS9yL79JWgX96HPVKVERuTwnK6smp6gip5awa7Ak3iQFoAAR5TSUy
LmN4egjPGdTTU1raAj5FUcg6sLdxpWo1NM78DhF7xjuSbBfYVVNkI0mDG9qKgKQ4
ZCQeIquco87yL7hRNyOd13RhJy9DiVmO3SShJorC54rcT6lbp/LPFg9wKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdyyrsC0blSmLhVohmKRx/YkyQ1MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvTjNMS3V3TFJ1VktZdUZXaUdZcEhIOWlUSkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt5EMA0G
CSqGSIb3DQEBCwUAA4IBAQBj/ZFy4PMS0Nr751OJjYmMaJhWkCS20iQYwbZ/UpUR
5JCVoIYyld1/Q6xkm01X0iIzOvRdow4ZKLZi+YZLFZTg2M9s9jUqvBInwCPKB9Ao
B9QQmZWuGE0w+ylsq5u6qOYA6O0lvoansZwrhkeU5XEB+9b9+N+XxW2RrMhl9d5l
+Cz0ZqY/9+Nc04KWljFtmAEF9D8tgxYb+pROhcMHqLCwgIdO5XsEnvkMV2B38/pX
E4Ze4IVSCdHMxMwVOdIPeSaFY+CRopA9NOOvVXvq85BJIpNCT7EitzoVZor/ZN1Z
amv1VfowyRTzGYNDU4sQW1hyuTmisY3dTKo1KBQNGGzu
-----END CERTIFICATE-----