Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/ahNLR_0oS-0t1YKVBOVdbZiSYPY.roa
File:                     ahNLR_0oS-0t1YKVBOVdbZiSYPY.roa (raw, json)
Hash identifier:          fNNDUa3v8ykCEP/CD6DhZGRwmawCEdvB1zOAi4jYge0=
Subject key identifier:   6A:13:4B:47:FD:28:4B:ED:2D:D5:82:95:04:E5:5D:6D:98:92:60:F6
Certificate issuer:       /CN=366fa64c2bbaa725ac26a4ff6180266faed208a3
Certificate serial:       019E022CE365155930F8CF263343D70106F3
Authority key identifier: 36:6F:A6:4C:2B:BA:A7:25:AC:26:A4:FF:61:80:26:6F:AE:D2:08:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nm-mTCu6pyWsJqT_YYAmb67SCKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/ahNLR_0oS-0t1YKVBOVdbZiSYPY.roa
Signing time:             Thu 07 May 2026 11:22:36 +0000
ROA not before:           Thu 07 May 2026 11:22:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31736
IP address blocks:        185.77.92.0/23 maxlen: 23
                          185.77.94.0/24 maxlen: 24
                          185.77.95.0/24 maxlen: 24
                          2a03:53a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/Nm-mTCu6pyWsJqT_YYAmb67SCKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/Nm-mTCu6pyWsJqT_YYAmb67SCKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nm-mTCu6pyWsJqT_YYAmb67SCKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:2c:e3:65:15:59:30:f8:cf:26:33:43:d7:01:06:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=366fa64c2bbaa725ac26a4ff6180266faed208a3
        Validity
            Not Before: May  7 11:22:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a134b47fd284bed2dd5829504e55d6d989260f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:36:05:c6:80:59:36:f9:83:5c:96:6d:c9:ac:
                    94:cb:b1:39:4b:b8:6b:0a:cf:53:4d:27:cc:96:43:
                    a1:eb:55:dc:62:ac:a6:02:da:eb:74:8c:21:94:71:
                    be:ab:61:6f:fe:2e:cf:d2:9e:b1:e0:14:3f:8f:5a:
                    99:c1:7a:24:61:fc:c2:1e:bc:f9:5e:62:84:78:96:
                    f9:34:45:24:ac:72:5d:b4:3a:38:d8:a3:7f:5b:06:
                    b1:a9:35:d5:c4:f6:cf:c6:22:d0:a8:f8:73:38:89:
                    a6:7b:79:3d:31:4a:72:2b:29:10:dc:09:26:50:a3:
                    69:c3:54:d7:1d:21:e2:d0:07:f3:95:0c:81:e9:2e:
                    26:c1:f9:88:4c:ad:70:9c:0f:bc:d8:57:96:e4:9e:
                    73:01:96:93:92:ba:60:fc:73:b2:a3:77:0d:3a:4c:
                    eb:40:2e:f5:e2:da:3d:5e:6b:62:0c:72:5b:d4:c7:
                    9d:76:75:ae:24:31:db:2f:b7:b9:c3:e8:ef:f4:e7:
                    cc:50:f4:9e:a5:ae:15:5a:80:3a:4c:63:08:d9:57:
                    0b:b6:84:aa:8e:52:f7:d1:fc:d3:79:2b:71:a0:68:
                    ef:f7:14:8a:95:43:48:c7:2f:3a:95:93:f3:60:94:
                    c7:82:52:ed:bd:dd:da:d0:f9:0b:bd:47:d8:0e:a3:
                    d4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:13:4B:47:FD:28:4B:ED:2D:D5:82:95:04:E5:5D:6D:98:92:60:F6
            X509v3 Authority Key Identifier:
                keyid:36:6F:A6:4C:2B:BA:A7:25:AC:26:A4:FF:61:80:26:6F:AE:D2:08:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nm-mTCu6pyWsJqT_YYAmb67SCKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/ahNLR_0oS-0t1YKVBOVdbZiSYPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/73e51e-9894-4e78-bc22-8dd821fac6c8/1/Nm-mTCu6pyWsJqT_YYAmb67SCKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.92.0/22
                IPv6:
                  2a03:53a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:ac:a1:f7:30:b0:09:da:32:a7:44:55:c0:85:3e:76:ec:98:
         65:99:f4:c9:ff:24:f6:7e:d5:16:35:61:2e:31:ff:92:b6:ca:
         9d:b8:b8:cc:02:5b:ce:b7:6f:47:92:f1:0a:fe:49:57:cd:57:
         70:f7:69:16:3a:68:5b:69:64:b7:97:79:23:45:ee:81:e1:37:
         5a:2b:34:0f:07:ac:65:48:f0:04:73:55:23:3d:d7:99:77:cd:
         84:a6:dd:7e:63:22:c5:f5:c6:15:d8:5f:50:fd:b7:0c:17:bf:
         e7:cd:d9:3d:b2:0b:47:93:e3:a3:ec:69:6d:42:6d:ab:2c:02:
         8d:0f:cb:ff:7e:96:10:1a:d5:64:d6:74:87:64:65:f5:27:63:
         8f:09:d3:d7:42:c4:44:6d:73:11:25:56:15:7e:a4:e8:d7:cf:
         01:90:13:8d:7c:b3:fe:1f:20:06:96:a0:f9:ed:58:ad:8d:28:
         ee:f1:1f:5a:52:2b:88:44:89:b1:79:29:b1:7b:2e:e4:b1:91:
         94:e6:e9:5a:2b:b7:69:37:49:26:af:39:fb:d3:9a:60:c0:09:
         10:a5:bd:62:90:00:c2:e1:ce:85:20:eb:00:98:11:cb:ca:f0:
         b8:a7:a2:f6:a5:83:ae:31:ed:d6:21:28:27:93:63:f9:b9:27:
         20:16:ea:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4CLONlFVkw+M8mM0PXAQbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NmZhNjRjMmJiYWE3MjVhYzI2YTRmZjYxODAyNjZmYWVk
MjA4YTMwHhcNMjYwNTA3MTEyMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTEzNGI0N2ZkMjg0YmVkMmRkNTgyOTUwNGU1NWQ2ZDk4OTI2MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTYFxoBZNvmDXJZtyayUy7E5S7hr
Cs9TTSfMlkOh61XcYqymAtrrdIwhlHG+q2Fv/i7P0p6x4BQ/j1qZwXokYfzCHrz5
XmKEeJb5NEUkrHJdtDo42KN/WwaxqTXVxPbPxiLQqPhzOImme3k9MUpyKykQ3Akm
UKNpw1TXHSHi0AfzlQyB6S4mwfmITK1wnA+82FeW5J5zAZaTkrpg/HOyo3cNOkzr
QC714to9XmtiDHJb1MeddnWuJDHbL7e5w+jv9OfMUPSepa4VWoA6TGMI2VcLtoSq
jlL30fzTeStxoGjv9xSKlUNIxy86lZPzYJTHglLtvd3a0PkLvUfYDqPU3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGoTS0f9KEvtLdWClQTlXW2YkmD2MB8GA1UdIwQY
MBaAFDZvpkwruqclrCak/2GAJm+u0gijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm0tbVRDdTZweVdzSnFUX1lZQW1iNjdTQ0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83M2U1MWUtOTg5NC00ZTc4LWJjMjIt
OGRkODIxZmFjNmM4LzEvYWhOTFJfMG9TLTB0MVlLVkJPVmRiWmlTWVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83M2U1MWUtOTg5NC00ZTc4LWJjMjItOGRkODIxZmFjNmM4
LzEvTm0tbVRDdTZweVdzSnFUX1lZQW1iNjdTQ0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU1cMA0E
AgACMAcDBQAqA1OgMA0GCSqGSIb3DQEBCwUAA4IBAQASrKH3MLAJ2jKnRFXAhT52
7JhlmfTJ/yT2ftUWNWEuMf+StsqduLjMAlvOt29HkvEK/klXzVdw92kWOmhbaWS3
l3kjRe6B4TdaKzQPB6xlSPAEc1UjPdeZd82Ept1+YyLF9cYV2F9Q/bcMF7/nzdk9
sgtHk+Oj7GltQm2rLAKND8v/fpYQGtVk1nSHZGX1J2OPCdPXQsREbXMRJVYVfqTo
188BkBONfLP+HyAGlqD57VitjSju8R9aUiuIRImxeSmxey7ksZGU5ulaK7dpN0km
rzn705pgwAkQpb1ikADC4c6FIOsAmBHLyvC4p6L2pYOuMe3WISgnk2P5uScgFuqI
-----END CERTIFICATE-----