Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NymMi-FIaoPSQdTr4PyxqarU8uI.roa
File:                     NymMi-FIaoPSQdTr4PyxqarU8uI.roa (raw, json)
Hash identifier:          vE/uVoeUT7eLR84dPsUnd+uShtikDXq3Pq+Yk8LlvnU=
Subject key identifier:   37:29:8C:8B:E1:48:6A:83:D2:41:D4:EB:E0:FC:B1:A9:AA:D4:F2:E2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D253BA66DB2F499843B94FCDEB2051582
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NymMi-FIaoPSQdTr4PyxqarU8uI.roa
Signing time:             Wed 25 Mar 2026 13:42:39 +0000
ROA not before:           Wed 25 Mar 2026 13:42:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        89.213.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:3b:a6:6d:b2:f4:99:84:3b:94:fc:de:b2:05:15:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 13:42:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37298c8be1486a83d241d4ebe0fcb1a9aad4f2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:95:8e:a3:72:84:bd:84:4c:28:7b:c4:ff:f2:
                    ca:ae:1a:a9:82:5e:f0:a1:5e:c9:7c:32:33:a0:8d:
                    3a:5e:86:f5:ca:5e:2e:1d:1b:25:14:da:5c:ec:d3:
                    13:e5:03:36:ef:61:bd:4b:db:60:4f:04:34:7f:e3:
                    4c:97:bd:55:f9:d4:b8:65:da:71:84:d4:ad:86:77:
                    46:b8:f5:75:29:c1:72:ad:1d:02:3e:6e:2d:d3:25:
                    77:25:f0:71:e9:d4:23:bf:8c:b8:68:b8:7a:32:02:
                    f1:bf:f1:0d:f7:1b:30:44:af:00:e4:99:d9:81:83:
                    88:4b:5a:34:1e:8c:78:0f:a0:f4:1d:b3:3a:fe:42:
                    f0:ac:2e:27:ab:36:8e:0b:96:42:1c:18:16:2e:56:
                    3d:17:d0:2c:d5:74:b0:c5:86:e6:68:c7:08:98:3e:
                    f3:5f:33:c9:74:22:76:0a:48:0c:e2:49:f3:86:e0:
                    8d:de:ac:2c:61:c4:d2:4a:33:26:50:39:a4:33:12:
                    5b:8b:47:3c:12:f2:77:59:8c:f8:19:67:32:af:d0:
                    83:8d:bc:90:e2:be:4b:fd:50:d3:fc:c6:f4:52:9e:
                    cb:e2:7b:6b:bb:10:df:2c:24:e5:c2:aa:76:d0:07:
                    65:d3:10:be:56:18:ae:ef:0a:e8:bc:c5:df:17:5c:
                    72:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:29:8C:8B:E1:48:6A:83:D2:41:D4:EB:E0:FC:B1:A9:AA:D4:F2:E2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NymMi-FIaoPSQdTr4PyxqarU8uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:eb:ee:03:d9:bc:c7:1e:90:54:cf:f9:6a:61:5a:c7:42:df:
         82:19:e5:f9:2d:36:88:8e:21:2a:84:1e:cd:60:97:33:17:f2:
         26:10:6a:4c:6b:87:02:a8:c6:d2:e2:6d:8f:09:51:04:48:2b:
         18:65:e8:86:3b:75:52:c0:77:5e:78:14:d5:c7:8e:2a:b9:d7:
         0f:8d:24:88:59:9e:4d:74:ef:9a:a1:9f:e0:20:a5:cd:d3:f3:
         8f:5e:d2:20:cc:f1:17:b2:a7:af:f0:84:1a:65:5a:8f:f4:37:
         80:36:98:9c:61:9c:e8:c9:ab:ca:22:79:9c:e2:1e:1d:da:c7:
         e0:d3:4f:3f:11:b5:46:9b:c6:5e:f5:b9:d2:ee:f8:1f:b9:7d:
         51:19:c2:dc:a0:83:c7:21:10:01:bf:f0:a6:a1:cf:a5:16:a2:
         bc:b1:dc:1d:f8:09:e1:2a:02:4d:24:4b:c8:b5:39:49:36:78:
         be:3c:d8:b3:a3:cf:12:2b:fa:35:11:c4:4c:09:65:89:1b:c7:
         09:71:02:6b:55:07:1d:24:80:db:5a:9a:38:ed:b4:00:dd:37:
         3e:36:0d:7c:87:7a:a7:7f:21:58:a4:6b:33:b8:06:a6:fb:48:
         d2:41:1a:cb:08:1e:8e:b7:7e:50:e5:b3:31:23:b5:60:9e:40:
         1a:83:b9:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0lO6ZtsvSZhDuU/N6yBRWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzI1MTM0MjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI5OGM4YmUxNDg2YTgzZDI0MWQ0ZWJlMGZjYjFhOWFhZDRmMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJWOo3KEvYRMKHvE//LKrhqpgl7w
oV7JfDIzoI06Xob1yl4uHRslFNpc7NMT5QM272G9S9tgTwQ0f+NMl71V+dS4Zdpx
hNSthndGuPV1KcFyrR0CPm4t0yV3JfBx6dQjv4y4aLh6MgLxv/EN9xswRK8A5JnZ
gYOIS1o0Hox4D6D0HbM6/kLwrC4nqzaOC5ZCHBgWLlY9F9As1XSwxYbmaMcImD7z
XzPJdCJ2CkgM4knzhuCN3qwsYcTSSjMmUDmkMxJbi0c8EvJ3WYz4GWcyr9CDjbyQ
4r5L/VDT/Mb0Up7L4ntruxDfLCTlwqp20Adl0xC+Vhiu7wrovMXfF1xyswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcpjIvhSGqD0kHU6+D8samq1PLiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTnltTWktRklhb1BTUWRUcjRQeXhxYXJVOHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUCMA0G
CSqGSIb3DQEBCwUAA4IBAQBq6+4D2bzHHpBUz/lqYVrHQt+CGeX5LTaIjiEqhB7N
YJczF/ImEGpMa4cCqMbS4m2PCVEESCsYZeiGO3VSwHdeeBTVx44qudcPjSSIWZ5N
dO+aoZ/gIKXN0/OPXtIgzPEXsqev8IQaZVqP9DeANpicYZzoyavKInmc4h4d2sfg
008/EbVGm8Ze9bnS7vgfuX1RGcLcoIPHIRABv/Cmoc+lFqK8sdwd+AnhKgJNJEvI
tTlJNni+PNizo88SK/o1EcRMCWWJG8cJcQJrVQcdJIDbWpo47bQA3Tc+Ng18h3qn
fyFYpGszuAam+0jSQRrLCB6Ot35Q5bMxI7VgnkAag7mS
-----END CERTIFICATE-----