Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/nOa638g_V2wtGEyTH1US4Mko4Q8.roa
File:                     nOa638g_V2wtGEyTH1US4Mko4Q8.roa (raw, json)
Hash identifier:          hjAi2zRBuemAe5qpNuCZhFQgwOmDpoyFiA63zs6Mg7I=
Subject key identifier:   9C:E6:BA:DF:C8:3F:57:6C:2D:18:4C:93:1F:55:12:E0:C9:28:E1:0F
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       019DF291B853A3C4259A3F22892D828DBC6E
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/nOa638g_V2wtGEyTH1US4Mko4Q8.roa
Signing time:             Mon 04 May 2026 10:38:49 +0000
ROA not before:           Mon 04 May 2026 10:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        92.42.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:91:b8:53:a3:c4:25:9a:3f:22:89:2d:82:8d:bc:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: May  4 10:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ce6badfc83f576c2d184c931f5512e0c928e10f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:91:0b:18:22:d0:ef:25:bc:4e:96:da:45:
                    7c:90:45:96:6b:77:0c:22:2a:fb:8c:cb:04:fa:3f:
                    0d:87:e8:7a:cb:2f:f8:4a:8d:46:3e:eb:24:02:25:
                    55:b7:c7:cc:ce:0b:a2:6c:24:6c:c0:77:6b:74:48:
                    b2:a3:ed:78:40:e9:25:78:9b:53:37:09:17:dd:00:
                    9e:a8:a0:97:28:63:45:98:12:ca:e7:a8:e5:1d:e1:
                    1a:c1:aa:f2:63:ed:00:4a:c3:56:e6:97:65:ca:d7:
                    0a:13:7d:d8:f0:4c:81:39:d9:fc:5c:08:d0:e3:95:
                    c8:f0:cb:84:d9:0d:b5:72:dd:70:a0:69:44:2c:de:
                    1c:15:40:3b:be:fb:45:39:9d:0b:36:45:ac:e4:e8:
                    35:2d:1a:90:ec:6c:d3:d7:5d:7c:05:6b:b2:16:ef:
                    bb:02:ef:f1:08:38:4c:4c:ef:bd:ee:20:47:b8:02:
                    22:50:f3:3b:99:68:5d:33:5f:cf:57:4b:0a:0c:50:
                    93:80:8d:54:00:78:82:c7:8b:3e:ff:68:ec:a9:5b:
                    5e:ff:1d:38:6b:46:c4:ae:ec:b1:ae:98:96:8b:66:
                    c9:8a:50:bd:68:77:dc:fe:a9:32:cb:60:d9:2f:44:
                    63:b2:d0:fe:cf:97:7c:52:db:b3:11:50:ce:76:ff:
                    6b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E6:BA:DF:C8:3F:57:6C:2D:18:4C:93:1F:55:12:E0:C9:28:E1:0F
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/nOa638g_V2wtGEyTH1US4Mko4Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:4a:e1:46:88:cc:e5:ce:83:68:8e:f5:cb:9a:1e:00:04:e6:
         a9:61:63:b0:fe:ba:3e:0d:e2:ca:4f:b3:cd:2c:ca:a1:d5:f7:
         89:fe:0f:95:75:9a:97:de:38:93:e3:36:80:86:26:45:2a:c2:
         24:c7:e4:02:79:28:f0:ac:4b:b3:ab:c6:58:87:ec:fe:4e:23:
         f8:42:63:ea:48:f7:25:25:42:85:d4:14:af:99:b2:8b:5a:c4:
         55:e6:98:6d:67:bb:4e:e5:7f:05:7e:c3:43:ce:5a:49:93:28:
         c0:e5:ce:94:15:97:55:4a:5c:67:22:88:32:6e:d0:df:1b:03:
         5f:d3:57:5d:67:3e:d8:07:b4:89:38:4d:81:7c:53:1a:58:91:
         23:51:80:30:4a:58:a1:ad:f1:31:39:9d:aa:51:bb:67:26:75:
         4f:6d:9e:35:db:c2:b6:e0:43:b6:f6:4b:2a:df:74:62:6d:dc:
         0f:88:0f:76:3b:14:c8:11:34:03:01:04:4a:73:cf:84:08:af:
         9c:92:28:86:86:8c:36:ef:7e:c9:e7:7d:7a:6c:e3:2a:2b:1e:
         07:95:56:8e:9b:13:c7:20:2c:b6:51:0f:4e:8b:60:cb:b3:3e:
         ce:7c:63:45:17:c0:3d:76:13:72:86:2e:d7:3d:df:e1:3f:ef:
         a4:cb:9a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ykbhTo8Qlmj8iiS2CjbxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjYwNTA0MTAzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2U2YmFkZmM4M2Y1NzZjMmQxODRjOTMxZjU1MTJlMGM5MjhlMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFuRCxgi0O8lvE6W2kV8kEWWa3cM
Iir7jMsE+j8Nh+h6yy/4So1GPuskAiVVt8fMzguibCRswHdrdEiyo+14QOkleJtT
NwkX3QCeqKCXKGNFmBLK56jlHeEawaryY+0ASsNW5pdlytcKE33Y8EyBOdn8XAjQ
45XI8MuE2Q21ct1woGlELN4cFUA7vvtFOZ0LNkWs5Og1LRqQ7GzT1118BWuyFu+7
Au/xCDhMTO+97iBHuAIiUPM7mWhdM1/PV0sKDFCTgI1UAHiCx4s+/2jsqVte/x04
a0bEruyxrpiWi2bJilC9aHfc/qkyy2DZL0RjstD+z5d8UtuzEVDOdv9rwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzmut/IP1dsLRhMkx9VEuDJKOEPMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvbk9hNjM4Z19WMnd0R0V5VEgxVVM0TWtvNFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCpgMA0G
CSqGSIb3DQEBCwUAA4IBAQBBSuFGiMzlzoNojvXLmh4ABOapYWOw/ro+DeLKT7PN
LMqh1feJ/g+VdZqX3jiT4zaAhiZFKsIkx+QCeSjwrEuzq8ZYh+z+TiP4QmPqSPcl
JUKF1BSvmbKLWsRV5phtZ7tO5X8FfsNDzlpJkyjA5c6UFZdVSlxnIogybtDfGwNf
01ddZz7YB7SJOE2BfFMaWJEjUYAwSlihrfExOZ2qUbtnJnVPbZ4128K24EO29ksq
33RibdwPiA92OxTIETQDAQRKc8+ECK+ckiiGhow2737J5316bOMqKx4HlVaOmxPH
ICy2UQ9Oi2DLsz7OfGNFF8A9dhNyhi7XPd/hP++ky5rm
-----END CERTIFICATE-----