Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/nUDA_fVQAq7u5DtvMgTU2n6GNZo.roa
File:                     nUDA_fVQAq7u5DtvMgTU2n6GNZo.roa (raw, json)
Hash identifier:          8r/gTOIQVfb9/uVsDnl2O2ydLcKyMbec0yYUjkpHhaI=
Subject key identifier:   9D:40:C0:FD:F5:50:02:AE:EE:E4:3B:6F:32:04:D4:DA:7E:86:35:9A
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019D0582C6A07919CEC891717EB9E31A0C8F
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/nUDA_fVQAq7u5DtvMgTU2n6GNZo.roa
Signing time:             Thu 19 Mar 2026 09:52:29 +0000
ROA not before:           Thu 19 Mar 2026 09:52:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401838
IP address blocks:        46.34.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:82:c6:a0:79:19:ce:c8:91:71:7e:b9:e3:1a:0c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Mar 19 09:52:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d40c0fdf55002aeeee43b6f3204d4da7e86359a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:03:95:35:46:db:30:e4:e7:a4:42:01:5e:a8:
                    0f:5a:d1:a8:c9:a1:30:74:0c:dd:fb:a7:db:b4:eb:
                    fa:2c:ed:8b:43:35:a6:c4:4b:5d:9f:32:26:85:ec:
                    a1:a3:e3:da:cd:7a:c3:b7:07:d1:a2:41:29:29:71:
                    b7:b7:38:ab:46:19:80:9d:d8:e6:7a:db:9c:07:a8:
                    71:68:de:e7:68:da:26:6f:c4:9c:c5:f9:d3:26:fb:
                    8c:48:f4:89:05:98:5e:01:23:47:ce:f6:b3:e9:de:
                    72:8c:38:d1:4d:e4:0d:9f:91:69:b1:88:39:c2:04:
                    62:8b:64:49:f9:dc:c6:9b:24:88:52:32:9d:53:b1:
                    d9:04:c4:5e:71:93:41:1d:1e:f2:8f:e8:26:7f:10:
                    f1:38:fc:ed:1a:e3:08:0a:f2:52:15:a7:04:e3:a6:
                    cd:0e:a4:bd:aa:dd:dd:e4:e4:a8:a8:e6:e3:25:c6:
                    a7:18:af:e4:3d:72:a1:2c:b2:a7:36:b9:33:6f:11:
                    e9:2e:19:8d:54:cc:59:a0:e0:25:62:80:d4:8c:f9:
                    3a:4b:27:77:cf:69:85:29:43:a9:cf:53:8c:51:2c:
                    05:41:56:fb:c8:df:90:dc:c6:0e:cc:85:c6:74:b6:
                    d2:b1:b6:c9:88:e0:d5:df:20:fb:ae:fa:16:47:90:
                    d2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:40:C0:FD:F5:50:02:AE:EE:E4:3B:6F:32:04:D4:DA:7E:86:35:9A
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/nUDA_fVQAq7u5DtvMgTU2n6GNZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:84:91:02:b8:2e:17:c8:a9:94:34:fe:87:73:51:a0:9c:2a:
         a6:1f:8b:e0:88:5e:87:77:8a:91:91:47:67:91:63:48:31:98:
         02:92:d8:c8:11:94:66:b7:f9:ef:b8:63:ca:ce:9d:32:d8:d5:
         05:25:0d:a3:c5:05:c5:19:db:78:41:13:c9:0a:4a:c4:b2:65:
         fb:d3:0f:9b:62:75:85:48:2d:e3:8a:a5:ed:c7:1f:b1:b8:f4:
         c5:38:ba:18:0a:7c:74:6d:18:a4:d4:6b:01:26:61:1b:ea:e2:
         25:cc:39:53:e4:58:08:3e:86:6b:50:f4:2d:1c:47:4a:c1:07:
         9b:7e:a5:95:56:c4:45:97:84:8a:83:d4:2c:b4:32:d2:2f:22:
         9c:bd:68:79:38:d7:fe:c1:f0:a8:1a:ff:30:db:59:08:e3:46:
         7e:c7:c0:5d:e3:51:d3:95:e1:ab:64:36:ce:1d:1d:38:62:7c:
         f3:87:e9:3f:ad:49:bc:1d:a3:df:a3:82:26:cd:32:69:54:75:
         c0:90:97:68:8e:fa:dd:b6:96:02:e1:7a:11:3e:3d:78:f3:6f:
         96:de:c9:45:79:bb:ee:20:2a:a7:f4:83:cd:4e:07:7c:e5:8d:
         79:0e:b8:1c:78:16:22:2b:fa:9c:c7:1b:03:bf:64:24:3f:3c:
         1f:e9:57:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0FgsageRnOyJFxfrnjGgyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwMzE5MDk1MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQwYzBmZGY1NTAwMmFlZWVlNDNiNmYzMjA0ZDRkYTdlODYzNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugOVNUbbMOTnpEIBXqgPWtGoyaEw
dAzd+6fbtOv6LO2LQzWmxEtdnzImheyho+PazXrDtwfRokEpKXG3tzirRhmAndjm
etucB6hxaN7naNomb8ScxfnTJvuMSPSJBZheASNHzvaz6d5yjDjRTeQNn5FpsYg5
wgRii2RJ+dzGmySIUjKdU7HZBMRecZNBHR7yj+gmfxDxOPztGuMICvJSFacE46bN
DqS9qt3d5OSoqObjJcanGK/kPXKhLLKnNrkzbxHpLhmNVMxZoOAlYoDUjPk6Syd3
z2mFKUOpz1OMUSwFQVb7yN+Q3MYOzIXGdLbSsbbJiODV3yD7rvoWR5DSrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1AwP31UAKu7uQ7bzIE1Np+hjWaMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvblVEQV9mVlFBcTd1NUR0dk1nVFUybjZHTlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIlMA0G
CSqGSIb3DQEBCwUAA4IBAQA/hJECuC4XyKmUNP6Hc1GgnCqmH4vgiF6Hd4qRkUdn
kWNIMZgCktjIEZRmt/nvuGPKzp0y2NUFJQ2jxQXFGdt4QRPJCkrEsmX70w+bYnWF
SC3jiqXtxx+xuPTFOLoYCnx0bRik1GsBJmEb6uIlzDlT5FgIPoZrUPQtHEdKwQeb
fqWVVsRFl4SKg9QstDLSLyKcvWh5ONf+wfCoGv8w21kI40Z+x8Bd41HTleGrZDbO
HR04Ynzzh+k/rUm8HaPfo4ImzTJpVHXAkJdojvrdtpYC4XoRPj1482+W3slFebvu
ICqn9IPNTgd85Y15DrgceBYiK/qcxxsDv2QkPzwf6Vct
-----END CERTIFICATE-----