Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ndGy7Q62i4YMXX15K6UmbioHbGU.roa
File:                     ndGy7Q62i4YMXX15K6UmbioHbGU.roa (raw, json)
Hash identifier:          0phtVu7WLP3qOYNHG+vu3tg+DOu/kLrFEQ7YkT+3bWg=
Subject key identifier:   9D:D1:B2:ED:0E:B6:8B:86:0C:5D:7D:79:2B:A5:26:6E:2A:07:6C:65
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019DC3CD07F8BF6AA079B57E692A90AFB1D1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ndGy7Q62i4YMXX15K6UmbioHbGU.roa
Signing time:             Sat 25 Apr 2026 08:41:27 +0000
ROA not before:           Sat 25 Apr 2026 08:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46475
IP address blocks:        93.114.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:cd:07:f8:bf:6a:a0:79:b5:7e:69:2a:90:af:b1:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 25 08:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dd1b2ed0eb68b860c5d7d792ba5266e2a076c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3d:d7:65:33:52:42:a2:75:51:34:3f:28:0f:
                    6f:63:1c:e7:dc:8b:8c:0b:6c:81:67:a5:de:73:d3:
                    52:9b:4b:ee:6a:f1:85:c8:79:f8:01:80:63:4c:e7:
                    ed:d5:85:e9:55:75:bc:2a:8f:68:5a:4c:2f:c9:8e:
                    48:04:c3:a9:65:c7:53:68:b7:07:da:40:71:a0:67:
                    be:bb:88:13:73:11:bf:20:a7:e0:61:7a:d1:79:80:
                    c9:50:40:1c:89:d9:a5:2d:6e:9b:8a:72:c3:21:6b:
                    7b:77:67:42:c3:74:7a:29:ee:44:56:03:e3:99:be:
                    8f:76:31:c5:49:ff:29:a2:06:bc:ed:2a:eb:ce:21:
                    9d:b8:80:72:39:2c:68:48:a1:b9:41:7f:bc:ef:8e:
                    3b:ae:70:12:bc:03:92:23:23:ea:ac:f5:28:37:e3:
                    41:80:ca:08:2e:f6:b5:26:f9:9a:86:99:a9:71:e1:
                    67:71:5c:44:66:c1:f7:73:c2:0a:28:7d:5d:f0:18:
                    b6:1a:cd:91:2b:41:6c:b4:0a:e2:29:97:8d:81:ce:
                    28:de:f1:6a:3d:33:77:38:51:e2:b6:e9:b8:f8:3f:
                    c9:54:3d:ed:d5:d8:4e:35:dc:cf:cd:8d:fe:8f:06:
                    ba:e5:17:3a:10:88:67:be:64:d5:7b:a4:90:53:50:
                    66:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D1:B2:ED:0E:B6:8B:86:0C:5D:7D:79:2B:A5:26:6E:2A:07:6C:65
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ndGy7Q62i4YMXX15K6UmbioHbGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c2:16:67:f6:24:b9:11:1e:9f:ed:b7:80:e2:6f:0a:ca:bc:
         cb:aa:a0:f0:77:40:52:9e:1c:a6:f8:fb:a8:4e:5c:31:95:33:
         1e:08:e9:6f:e8:2e:b5:03:45:7a:d6:34:7e:33:84:8f:b0:b1:
         5c:8f:2e:c2:c4:cb:5a:a0:b2:0d:66:f0:42:69:ce:c5:69:9c:
         c1:4d:62:d1:12:62:0b:63:e3:87:23:f4:0f:b0:ca:15:71:9c:
         1d:65:65:1a:91:39:27:58:0d:3b:df:61:29:1b:18:fd:da:99:
         8d:0a:b4:fb:10:fb:18:79:ef:5f:f1:8c:ec:9a:af:f4:15:81:
         bc:bd:e7:4b:71:26:07:dd:db:34:bd:68:c4:42:7f:f1:43:6a:
         02:1c:8b:46:b1:09:0d:6b:6a:3b:fb:c6:ea:f2:fd:fb:20:9e:
         10:b0:73:74:2c:fb:08:c2:9c:f6:cf:0b:f7:5d:90:b9:fb:69:
         0f:14:c9:43:83:bb:6f:4c:8c:4b:d1:4c:9c:e7:2c:b4:ee:76:
         86:f3:a6:00:7e:be:33:27:99:8a:7f:1b:42:34:e5:33:32:86:
         48:a2:ff:6d:20:73:de:df:c9:c3:e7:9f:b9:af:fb:89:81:e2:
         41:cf:04:ad:90:b8:cc:64:15:2e:59:84:23:77:6d:9e:14:dd:
         dd:c9:be:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DzQf4v2qgebV+aSqQr7HRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDI1MDg0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQxYjJlZDBlYjY4Yjg2MGM1ZDdkNzkyYmE1MjY2ZTJhMDc2YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0z3XZTNSQqJ1UTQ/KA9vYxzn3IuM
C2yBZ6Xec9NSm0vuavGFyHn4AYBjTOft1YXpVXW8Ko9oWkwvyY5IBMOpZcdTaLcH
2kBxoGe+u4gTcxG/IKfgYXrReYDJUEAcidmlLW6binLDIWt7d2dCw3R6Ke5EVgPj
mb6PdjHFSf8poga87SrrziGduIByOSxoSKG5QX+87447rnASvAOSIyPqrPUoN+NB
gMoILva1JvmahpmpceFncVxEZsH3c8IKKH1d8Bi2Gs2RK0FstAriKZeNgc4o3vFq
PTN3OFHitum4+D/JVD3t1dhONdzPzY3+jwa65Rc6EIhnvmTVe6SQU1BmoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3Rsu0OtouGDF19eSulJm4qB2xlMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbmRHeTdRNjJpNFlNWFgxNUs2VW1iaW9IYkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXLAMA0G
CSqGSIb3DQEBCwUAA4IBAQCPwhZn9iS5ER6f7beA4m8KyrzLqqDwd0BSnhym+Puo
TlwxlTMeCOlv6C61A0V61jR+M4SPsLFcjy7CxMtaoLINZvBCac7FaZzBTWLREmIL
Y+OHI/QPsMoVcZwdZWUakTknWA0732EpGxj92pmNCrT7EPsYee9f8Yzsmq/0FYG8
vedLcSYH3ds0vWjEQn/xQ2oCHItGsQkNa2o7+8bq8v37IJ4QsHN0LPsIwpz2zwv3
XZC5+2kPFMlDg7tvTIxL0Uyc5yy07naG86YAfr4zJ5mKfxtCNOUzMoZIov9tIHPe
38nD55+5r/uJgeJBzwStkLjMZBUuWYQjd22eFN3dyb6l
-----END CERTIFICATE-----