Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/nhiORRVB5R2Ji9vrMVyt7Y44eo0.roa
File:                     nhiORRVB5R2Ji9vrMVyt7Y44eo0.roa (raw, json)
Hash identifier:          O/plQud2gf4u8xNl/t/FqiQhejtFRktzqSuc5pfoGDk=
Subject key identifier:   9E:18:8E:45:15:41:E5:1D:89:8B:DB:EB:31:5C:AD:ED:8E:38:7A:8D
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019E1B57743038AAD995D26D69F113E79CB9
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/nhiORRVB5R2Ji9vrMVyt7Y44eo0.roa
Signing time:             Tue 12 May 2026 08:39:36 +0000
ROA not before:           Tue 12 May 2026 08:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215496
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:57:74:30:38:aa:d9:95:d2:6d:69:f1:13:e7:9c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: May 12 08:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e188e451541e51d898bdbeb315caded8e387a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6c:23:eb:95:c6:e6:42:7d:67:15:2e:2b:89:
                    c4:20:3e:c7:9d:19:69:19:16:99:26:ee:f0:a1:35:
                    b7:a8:9b:80:5f:41:f7:74:eb:fe:49:b5:f4:43:ee:
                    a9:d5:23:c1:26:54:c6:4f:41:4a:5d:91:00:f9:1e:
                    cf:d1:c1:ba:b8:4c:a3:f9:73:3c:1a:39:d2:83:37:
                    84:76:1f:c2:87:9c:93:e1:f4:2e:26:e8:d5:b3:ce:
                    92:c5:b8:92:50:57:fd:61:41:36:d3:d1:d5:66:92:
                    3f:7e:5c:93:2d:d5:16:e1:27:76:89:ae:aa:ca:b9:
                    86:72:ca:b7:a8:e7:1c:8c:f1:17:0c:57:4a:3e:69:
                    a7:37:b1:4d:a7:b2:3d:26:c8:80:f7:4e:bc:16:d5:
                    e6:58:ce:3e:11:14:a7:6f:23:89:d9:ed:43:72:73:
                    f2:fe:d6:e5:71:64:48:38:63:58:de:d2:29:26:4a:
                    11:8f:92:2f:8c:cb:de:2f:98:28:14:24:37:89:29:
                    13:af:13:47:44:e9:a6:c9:10:e5:29:4f:e3:87:a1:
                    14:69:40:e8:08:05:7c:f7:08:33:11:1f:2c:93:25:
                    03:99:d1:df:a9:b5:64:ed:46:c0:61:ac:3a:04:a2:
                    95:a8:7b:13:50:bc:f7:bc:ab:8e:d3:5f:26:ca:2b:
                    8a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:18:8E:45:15:41:E5:1D:89:8B:DB:EB:31:5C:AD:ED:8E:38:7A:8D
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/nhiORRVB5R2Ji9vrMVyt7Y44eo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:7b:09:c9:a1:ee:79:7b:12:71:fb:9d:76:1f:3f:76:bb:0b:
         9a:0f:79:8e:a5:5f:a2:ac:28:22:74:ae:dd:3f:4f:33:ab:9d:
         2c:85:8b:16:cb:b0:f3:6d:2c:e8:99:87:e1:2d:af:4f:e4:66:
         3e:88:eb:4b:3d:07:8a:1b:80:31:fc:6f:59:8e:8b:07:8b:8a:
         d8:65:f5:21:d1:c2:e0:2b:b3:30:00:68:73:41:3b:13:83:18:
         54:13:06:66:60:3c:13:bd:88:c4:3c:9e:da:5e:4c:49:fc:a4:
         46:b4:5c:f8:38:8d:9c:15:f9:49:c4:4c:df:2d:24:2e:5b:82:
         3c:38:1e:68:ba:54:52:b7:e9:f0:c8:0c:fa:64:f4:8d:e0:6c:
         06:2a:89:5d:e2:53:e3:84:4e:98:be:d4:1b:12:27:c7:d5:45:
         bc:5d:23:8b:0e:ee:db:21:76:90:a5:df:eb:a9:00:0a:56:37:
         a5:be:bf:bb:e0:32:92:f6:45:b0:2e:11:a6:a4:e7:3a:d4:da:
         c3:67:28:19:04:22:b5:e6:05:0e:cc:9b:d2:20:ba:7b:d6:10:
         31:62:b7:f1:af:63:84:3d:54:9c:62:d4:c9:30:8f:a2:3e:bb:
         59:a3:42:76:77:a9:ea:23:35:43:2c:87:c6:d8:dd:dc:ec:62:
         d9:4d:6e:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4bV3QwOKrZldJtafET55y5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwNTEyMDgzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE4OGU0NTE1NDFlNTFkODk4YmRiZWIzMTVjYWRlZDhlMzg3YThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmwj65XG5kJ9ZxUuK4nEID7HnRlp
GRaZJu7woTW3qJuAX0H3dOv+SbX0Q+6p1SPBJlTGT0FKXZEA+R7P0cG6uEyj+XM8
GjnSgzeEdh/Ch5yT4fQuJujVs86SxbiSUFf9YUE209HVZpI/flyTLdUW4Sd2ia6q
yrmGcsq3qOccjPEXDFdKPmmnN7FNp7I9JsiA9068FtXmWM4+ERSnbyOJ2e1DcnPy
/tblcWRIOGNY3tIpJkoRj5IvjMveL5goFCQ3iSkTrxNHROmmyRDlKU/jh6EUaUDo
CAV89wgzER8skyUDmdHfqbVk7UbAYaw6BKKVqHsTULz3vKuO018myiuK7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4YjkUVQeUdiYvb6zFcre2OOHqNMB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvbmhpT1JSVkI1UjJKaTl2ck1WeXQ3WTQ0ZW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQAwewnJoe55exJx+512Hz92uwuaD3mOpV+irCgidK7d
P08zq50shYsWy7DzbSzomYfhLa9P5GY+iOtLPQeKG4Ax/G9ZjosHi4rYZfUh0cLg
K7MwAGhzQTsTgxhUEwZmYDwTvYjEPJ7aXkxJ/KRGtFz4OI2cFflJxEzfLSQuW4I8
OB5oulRSt+nwyAz6ZPSN4GwGKold4lPjhE6YvtQbEifH1UW8XSOLDu7bIXaQpd/r
qQAKVjelvr+74DKS9kWwLhGmpOc61NrDZygZBCK15gUOzJvSILp71hAxYrfxr2OE
PVScYtTJMI+iPrtZo0J2d6nqIzVDLIfG2N3c7GLZTW7U
-----END CERTIFICATE-----