Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NJTq44k_WecA1hvoIxpjpM_Ku-M.roa
File:                     NJTq44k_WecA1hvoIxpjpM_Ku-M.roa (raw, json)
Hash identifier:          RbrdmcT+yNX61FV2nz+BYw6gvnkGmUYvPM0jbUMZer0=
Subject key identifier:   34:94:EA:E3:89:3F:59:E7:00:D6:1B:E8:23:1A:63:A4:CF:CA:BB:E3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D000F84ECAD42458F42A3F4235D37A446
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NJTq44k_WecA1hvoIxpjpM_Ku-M.roa
Signing time:             Wed 18 Mar 2026 08:28:30 +0000
ROA not before:           Wed 18 Mar 2026 08:28:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        81.5.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:0f:84:ec:ad:42:45:8f:42:a3:f4:23:5d:37:a4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 18 08:28:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3494eae3893f59e700d61be8231a63a4cfcabbe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ee:d8:ab:57:b4:ba:a3:a4:29:d5:3c:c3:de:
                    38:d5:53:ce:58:c5:af:4c:d2:5e:2c:e8:80:93:0d:
                    6c:23:64:02:90:23:b1:16:d5:c7:42:96:80:8b:40:
                    ec:ad:1c:ee:3e:65:44:e4:7b:45:d8:10:86:a9:4e:
                    95:5b:6c:6f:1f:3a:32:a4:cd:c7:7d:05:fb:ea:8f:
                    28:b7:ea:72:ba:15:1e:35:a4:06:9f:d6:31:7f:04:
                    ae:40:f7:ad:a9:7b:4d:56:bd:a6:52:dc:49:b0:1a:
                    07:e9:3a:4c:1f:a1:4a:a6:6f:3c:7b:e8:84:94:33:
                    bc:e9:4c:51:b9:1f:6d:77:79:82:b9:0a:33:7a:49:
                    dc:c0:86:18:b1:83:2d:c5:9c:42:b8:06:04:57:b4:
                    02:34:8e:8a:e7:f0:d8:b6:d8:8c:a4:5d:f3:1e:67:
                    18:38:17:c6:72:e8:28:75:26:51:bc:87:6e:90:77:
                    4f:c4:41:9e:14:0a:56:27:96:88:08:d5:ba:00:7d:
                    a1:71:c2:b1:a3:4c:00:d9:80:87:79:8f:be:e9:27:
                    45:80:c8:bc:59:3a:ce:7e:ba:b6:3d:4f:e4:d4:1d:
                    16:89:a5:72:14:47:e2:46:01:0b:08:3b:97:e1:c0:
                    d5:57:86:5b:c0:02:d2:f2:9c:ac:19:2a:c7:ba:27:
                    1c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:94:EA:E3:89:3F:59:E7:00:D6:1B:E8:23:1A:63:A4:CF:CA:BB:E3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NJTq44k_WecA1hvoIxpjpM_Ku-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:84:9e:19:62:ef:0e:c2:72:a6:ff:52:eb:a1:61:82:22:10:
         c5:48:43:74:02:6c:78:b7:0f:07:f7:92:e8:51:5b:e3:a6:dd:
         47:6e:51:fc:ef:06:67:0b:77:6a:d8:35:a8:3d:96:1d:e3:0f:
         1e:9f:3c:4e:04:ed:84:c6:d2:66:16:b5:f0:a5:23:a0:a8:0f:
         f9:8a:b2:da:b9:7f:64:90:be:6a:57:b0:92:1f:40:2a:c0:06:
         c0:51:be:ea:d5:ee:9f:96:b8:2f:a9:e2:5b:54:40:cb:1c:7d:
         ef:8c:4e:e4:e1:5c:62:7b:83:e1:7b:03:ac:13:aa:98:eb:13:
         c8:4a:9f:a8:40:4f:97:86:57:47:7d:31:21:5d:02:99:b4:b9:
         d4:d5:81:1a:18:e1:b4:72:50:63:06:5b:83:53:81:72:15:c2:
         55:79:6c:b3:a4:31:18:4d:50:2f:15:e5:9c:ce:62:97:49:2b:
         1f:c3:99:e7:6b:bf:f2:68:5a:16:85:36:1c:4d:f1:b4:45:b3:
         15:4c:be:d7:67:78:64:72:89:2e:2f:7d:1a:3c:42:6f:db:fc:
         ef:41:cd:bb:34:d9:99:e5:76:62:3d:c1:78:6a:cb:17:5f:e7:
         9d:9d:32:3f:a6:c0:5b:5d:7b:9e:46:89:3e:d7:96:62:06:47:
         b5:cd:f6:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AD4TsrUJFj0Kj9CNdN6RGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzE4MDgyODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk0ZWFlMzg5M2Y1OWU3MDBkNjFiZTgyMzFhNjNhNGNmY2FiYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+7Yq1e0uqOkKdU8w9441VPOWMWv
TNJeLOiAkw1sI2QCkCOxFtXHQpaAi0DsrRzuPmVE5HtF2BCGqU6VW2xvHzoypM3H
fQX76o8ot+pyuhUeNaQGn9YxfwSuQPetqXtNVr2mUtxJsBoH6TpMH6FKpm88e+iE
lDO86UxRuR9td3mCuQozekncwIYYsYMtxZxCuAYEV7QCNI6K5/DYttiMpF3zHmcY
OBfGcugodSZRvIdukHdPxEGeFApWJ5aICNW6AH2hccKxo0wA2YCHeY++6SdFgMi8
WTrOfrq2PU/k1B0WiaVyFEfiRgELCDuX4cDVV4ZbwALS8pysGSrHuiccQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSU6uOJP1nnANYb6CMaY6TPyrvjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTkpUcTQ0a19XZWNBMWh2b0l4cGpwTV9LdS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQW9MA0G
CSqGSIb3DQEBCwUAA4IBAQAShJ4ZYu8OwnKm/1LroWGCIhDFSEN0Amx4tw8H95Lo
UVvjpt1HblH87wZnC3dq2DWoPZYd4w8enzxOBO2ExtJmFrXwpSOgqA/5irLauX9k
kL5qV7CSH0AqwAbAUb7q1e6flrgvqeJbVEDLHH3vjE7k4Vxie4PhewOsE6qY6xPI
Sp+oQE+XhldHfTEhXQKZtLnU1YEaGOG0clBjBluDU4FyFcJVeWyzpDEYTVAvFeWc
zmKXSSsfw5nna7/yaFoWhTYcTfG0RbMVTL7XZ3hkcokuL30aPEJv2/zvQc27NNmZ
5XZiPcF4assXX+ednTI/psBbXXueRok+15ZiBke1zfYi
-----END CERTIFICATE-----