Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/aoNiKUZP83xEfHnw2PxeK_lXsIw.roa
File:                     aoNiKUZP83xEfHnw2PxeK_lXsIw.roa (raw, json)
Hash identifier:          Kw2LseMm72XUVDXHYb6CS/Zn8Lq+Y6DAIpp18mdH9/w=
Subject key identifier:   6A:83:62:29:46:4F:F3:7C:44:7C:79:F0:D8:FC:5E:2B:F9:57:B0:8C
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019DDF30792F991D9682E7127F169B50DBD7
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/aoNiKUZP83xEfHnw2PxeK_lXsIw.roa
Signing time:             Thu 30 Apr 2026 16:19:49 +0000
ROA not before:           Thu 30 Apr 2026 16:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        84.247.75.0/24 maxlen: 24
                          89.149.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:30:79:2f:99:1d:96:82:e7:12:7f:16:9b:50:db:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Apr 30 16:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a836229464ff37c447c79f0d8fc5e2bf957b08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:26:ce:63:8d:29:96:f6:da:c1:34:89:ab:9b:
                    69:b9:8c:e9:11:1b:fa:0e:9c:95:8d:27:5f:c4:c7:
                    98:5a:d9:4d:5e:4e:d0:32:c8:a4:5b:a2:c2:65:ca:
                    6a:9f:29:70:5b:1c:76:b2:f2:b3:01:b2:e2:83:57:
                    d7:ab:1f:46:be:d3:d7:3f:97:d6:1f:12:ed:30:3e:
                    53:22:85:66:7d:51:21:f4:08:b9:e2:1d:f8:8d:eb:
                    be:07:bb:7a:41:45:cf:cd:94:40:35:86:bb:84:78:
                    ae:de:bd:ce:d5:e6:99:f4:4a:50:5c:d1:11:0f:3b:
                    78:be:fb:46:29:73:67:91:6a:78:57:15:dd:ea:a1:
                    53:40:be:ae:b2:73:10:9e:23:b2:62:04:d6:c2:d0:
                    2e:24:fa:87:3f:6a:c9:33:45:8a:2b:0a:b7:95:4e:
                    fa:c7:c4:b5:b8:f3:2d:64:e5:d4:47:47:bf:07:ad:
                    6b:ed:2c:2e:68:64:9c:37:b4:28:27:ba:fa:d1:3b:
                    4f:55:11:c5:10:36:4d:31:f8:16:ad:75:60:a2:0f:
                    dc:e5:a5:62:5f:cf:76:cf:f6:51:09:f6:54:7e:57:
                    31:be:26:57:79:4b:41:db:72:ae:61:0c:d3:24:94:
                    d6:95:23:0c:e5:05:0a:c6:3d:1a:99:5e:94:fc:32:
                    b2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:83:62:29:46:4F:F3:7C:44:7C:79:F0:D8:FC:5E:2B:F9:57:B0:8C
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/aoNiKUZP83xEfHnw2PxeK_lXsIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.75.0/24
                  89.149.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:3c:db:c7:fe:8b:f0:06:c0:c7:46:a3:f0:b1:d3:b5:98:20:
         c2:f3:ad:e8:54:41:32:17:35:ff:14:10:32:44:db:bd:82:93:
         da:e7:4d:4f:f4:c7:9d:c1:81:58:9b:1f:4a:02:c4:88:32:55:
         3d:32:e9:bf:85:e3:a1:5a:b3:0a:e5:e5:00:f1:98:6d:ad:91:
         b8:df:f8:22:25:13:fc:a2:41:a0:fb:d4:5b:af:4a:2b:7e:ee:
         90:99:bb:b3:72:3b:c7:0f:70:15:3b:f8:0c:7e:9b:d4:56:e6:
         39:2f:df:f8:cd:23:e0:70:35:1b:75:82:04:3b:3a:6e:91:16:
         b5:b0:a1:c6:bb:db:1f:db:45:cc:f2:84:da:05:56:24:b8:cf:
         af:e6:1e:b0:62:49:97:07:03:a5:90:84:6f:53:54:45:69:75:
         d7:63:ff:7f:84:cb:c9:0c:f2:8b:94:9c:7d:de:b1:b1:da:dc:
         c2:cf:63:d9:06:6e:17:e9:c2:a6:e5:07:0f:80:81:f0:0d:4c:
         04:5d:41:6e:a2:59:db:b5:81:64:a5:db:c2:f4:84:f7:2e:96:
         af:a5:45:50:bd:e3:95:95:2c:40:fd:f5:f3:0a:3a:2a:b6:e5:
         b9:1d:91:09:5e:ca:35:bb:a1:6c:4c:a6:8b:44:2f:1e:32:0f:
         4a:b8:4c:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3fMHkvmR2WgucSfxabUNvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjYwNDMwMTYxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgzNjIyOTQ2NGZmMzdjNDQ3Yzc5ZjBkOGZjNWUyYmY5NTdiMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCbOY40plvbawTSJq5tpuYzpERv6
DpyVjSdfxMeYWtlNXk7QMsikW6LCZcpqnylwWxx2svKzAbLig1fXqx9GvtPXP5fW
HxLtMD5TIoVmfVEh9Ai54h34jeu+B7t6QUXPzZRANYa7hHiu3r3O1eaZ9EpQXNER
Dzt4vvtGKXNnkWp4VxXd6qFTQL6usnMQniOyYgTWwtAuJPqHP2rJM0WKKwq3lU76
x8S1uPMtZOXUR0e/B61r7SwuaGScN7QoJ7r60TtPVRHFEDZNMfgWrXVgog/c5aVi
X892z/ZRCfZUflcxviZXeUtB23KuYQzTJJTWlSMM5QUKxj0amV6U/DKy6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqDYilGT/N8RHx58Nj8Xiv5V7CMMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvYW9OaUtVWlA4M3hFZkhudzJQeGVLX2xYc0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPdLAwQA
WZU/MA0GCSqGSIb3DQEBCwUAA4IBAQBMPNvH/ovwBsDHRqPwsdO1mCDC863oVEEy
FzX/FBAyRNu9gpPa501P9MedwYFYmx9KAsSIMlU9Mum/heOhWrMK5eUA8ZhtrZG4
3/giJRP8okGg+9Rbr0orfu6QmbuzcjvHD3AVO/gMfpvUVuY5L9/4zSPgcDUbdYIE
OzpukRa1sKHGu9sf20XM8oTaBVYkuM+v5h6wYkmXBwOlkIRvU1RFaXXXY/9/hMvJ
DPKLlJx93rGx2tzCz2PZBm4X6cKm5QcPgIHwDUwEXUFuolnbtYFkpdvC9IT3Lpav
pUVQveOVlSxA/fXzCjoqtuW5HZEJXso1u6FsTKaLRC8eMg9KuExW
-----END CERTIFICATE-----