Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-nNXdlWd7N6m82YTHjIM8iqVL8E.roa
File:                     1-nNXdlWd7N6m82YTHjIM8iqVL8E.roa (raw, json)
Hash identifier:          s3AoaeSVezr+WMzWPVC3CpYW+KDhdj/4ARSrxY5Tk/w=
Subject key identifier:   FA:73:57:76:55:9D:EC:DE:A6:F3:66:13:1E:32:0C:F2:2A:95:2F:C1
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019D00AED05B6A0DC548E6D7074359042EEC
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-nNXdlWd7N6m82YTHjIM8iqVL8E.roa
Signing time:             Wed 18 Mar 2026 11:22:29 +0000
ROA not before:           Wed 18 Mar 2026 11:22:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        109.122.241.0/24 maxlen: 24
                          109.122.242.0/24 maxlen: 24
                          109.122.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:ae:d0:5b:6a:0d:c5:48:e6:d7:07:43:59:04:2e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Mar 18 11:22:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa735776559decdea6f366131e320cf22a952fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0e:92:53:0b:63:a6:27:49:c9:47:4c:12:17:
                    1c:92:2c:51:cc:b5:47:38:5b:08:28:e7:21:45:b5:
                    8c:62:92:b9:77:bb:d3:e9:9c:6c:39:5f:d8:35:a3:
                    01:44:d1:ee:76:dd:d8:b0:7d:97:d8:5d:fa:56:8d:
                    69:22:f7:01:fa:07:99:a4:0a:ca:71:ff:ec:ee:92:
                    90:85:95:6b:9b:1d:11:e8:68:a1:5a:28:21:0e:81:
                    57:4a:17:62:12:da:bb:c1:5c:c4:c9:76:5c:30:7d:
                    e2:fa:ea:60:b1:9f:c0:d5:30:91:39:51:ee:20:6b:
                    f9:7b:d6:60:07:61:37:34:91:a3:60:2f:ba:27:a3:
                    99:8d:ad:66:86:1b:7f:fd:46:82:eb:78:f8:78:39:
                    d0:7f:16:b4:97:0d:41:15:11:01:a7:02:c4:99:43:
                    70:0b:3d:16:5f:07:87:af:b1:6d:9c:5c:af:45:2f:
                    2f:af:f1:b6:45:1d:07:81:f1:be:e3:60:8a:f2:59:
                    0c:75:6b:ae:89:d9:51:17:be:1c:ed:66:a7:71:d4:
                    4f:aa:17:12:68:c5:07:3f:43:ca:10:d8:96:72:a1:
                    71:89:bd:9f:f1:e1:0d:68:c2:69:99:e0:03:62:df:
                    9f:04:34:ea:60:ec:3f:b8:6b:11:e1:dd:bf:94:fe:
                    88:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:73:57:76:55:9D:EC:DE:A6:F3:66:13:1E:32:0C:F2:2A:95:2F:C1
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-nNXdlWd7N6m82YTHjIM8iqVL8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.241.0-109.122.243.255

    Signature Algorithm: sha256WithRSAEncryption
         1b:ed:07:11:df:e2:99:b5:ef:76:fb:cb:66:aa:e3:a8:46:69:
         94:2c:a2:be:b9:92:a2:a8:78:80:83:af:38:54:b8:87:85:4c:
         96:84:4b:89:c0:ba:b7:85:d9:42:0f:9e:d8:33:b5:52:86:5d:
         0a:6f:a6:e3:95:70:d7:4c:b5:f4:b0:8c:10:e1:68:fa:25:fa:
         7d:5e:e1:12:ea:25:58:c9:49:1f:5e:00:d9:c6:75:aa:7c:68:
         79:fb:6a:a5:26:d8:5b:fd:b2:18:fc:c8:7e:71:69:50:48:25:
         60:79:64:e2:6f:8b:04:52:31:57:d7:27:1a:59:01:b3:3b:e5:
         d5:6e:81:4f:ad:2b:62:8d:06:87:fe:32:3b:af:89:b5:0d:d1:
         8b:19:41:88:56:e6:8a:69:ef:3e:12:01:19:0b:4e:94:e5:83:
         83:47:68:d3:b4:b6:35:0b:c7:4c:62:ff:90:1c:9d:37:48:f5:
         6a:99:34:22:a6:1d:c4:f8:e3:04:47:21:b9:04:00:1c:fc:87:
         19:0e:fe:54:25:07:0b:8c:6e:b6:ae:99:c1:42:17:f6:9f:bb:
         c0:30:b4:62:6f:10:41:d2:d5:43:c3:02:39:43:de:3c:c6:d9:
         ec:5e:33:41:30:c9:33:70:6f:d2:b4:a7:97:42:27:9e:b3:18:
         b3:52:b3:eb
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZ0ArtBbag3FSObXB0NZBC7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMzE4MTEyMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTczNTc3NjU1OWRlY2RlYTZmMzY2MTMxZTMyMGNmMjJhOTUyZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ6SUwtjpidJyUdMEhcckixRzLVH
OFsIKOchRbWMYpK5d7vT6ZxsOV/YNaMBRNHudt3YsH2X2F36Vo1pIvcB+geZpArK
cf/s7pKQhZVrmx0R6GihWighDoFXShdiEtq7wVzEyXZcMH3i+upgsZ/A1TCROVHu
IGv5e9ZgB2E3NJGjYC+6J6OZja1mhht//UaC63j4eDnQfxa0lw1BFREBpwLEmUNw
Cz0WXweHr7FtnFyvRS8vr/G2RR0HgfG+42CK8lkMdWuuidlRF74c7WancdRPqhcS
aMUHP0PKENiWcqFxib2f8eENaMJpmeADYt+fBDTqYOw/uGsR4d2/lP6IBQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPpzV3ZVnezepvNmEx4yDPIqlS/BMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvMS1uTlhkbFdkN042bTgyWVRIaklNOGlxVkw4RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTIvYzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIx
Ni8xL2JkczRzMFBhTFJHVENlMnFHY2VuaUhBeWZyNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQAbXrx
AwQCbXrwMA0GCSqGSIb3DQEBCwUAA4IBAQAb7QcR3+KZte92+8tmquOoRmmULKK+
uZKiqHiAg684VLiHhUyWhEuJwLq3hdlCD57YM7VShl0Kb6bjlXDXTLX0sIwQ4Wj6
Jfp9XuES6iVYyUkfXgDZxnWqfGh5+2qlJthb/bIY/Mh+cWlQSCVgeWTib4sEUjFX
1ycaWQGzO+XVboFPrStijQaH/jI7r4m1DdGLGUGIVuaKae8+EgEZC06U5YODR2jT
tLY1C8dMYv+QHJ03SPVqmTQiph3E+OMERyG5BAAc/IcZDv5UJQcLjG62rpnBQhf2
n7vAMLRibxBB0tVDwwI5Q948xtnsXjNBMMkzcG/StKeXQieesxizUrPr
-----END CERTIFICATE-----