Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/Ns32wREZDoYfJNViYzKanjGGcVY.roa
File:                     Ns32wREZDoYfJNViYzKanjGGcVY.roa (raw, json)
Hash identifier:          ocFxy8ShgvilXSa3rSwC0D5vcssnTH48yUdQOR/8oDQ=
Subject key identifier:   36:CD:F6:C1:11:19:0E:86:1F:24:D5:62:63:32:9A:9E:31:86:71:56
Certificate issuer:       /CN=4e7856d295580936916a553fb9bfb59f3a176804
Certificate serial:       019CC28E99E46220D690DFCDAD64F4224D86
Authority key identifier: 4E:78:56:D2:95:58:09:36:91:6A:55:3F:B9:BF:B5:9F:3A:17:68:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TnhW0pVYCTaRalU_ub-1nzoXaAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/Ns32wREZDoYfJNViYzKanjGGcVY.roa
Signing time:             Fri 06 Mar 2026 09:50:51 +0000
ROA not before:           Fri 06 Mar 2026 09:50:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212320
IP address blocks:        89.39.128.0/21 maxlen: 23
                          89.39.128.0/22 maxlen: 23
                          89.39.128.0/23 maxlen: 23
                          2a14:9e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/TnhW0pVYCTaRalU_ub-1nzoXaAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/TnhW0pVYCTaRalU_ub-1nzoXaAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TnhW0pVYCTaRalU_ub-1nzoXaAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:8e:99:e4:62:20:d6:90:df:cd:ad:64:f4:22:4d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e7856d295580936916a553fb9bfb59f3a176804
        Validity
            Not Before: Mar  6 09:50:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36cdf6c111190e861f24d56263329a9e31867156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ac:38:4e:2f:cd:e1:53:66:87:74:67:8d:2c:
                    ac:29:df:a0:5e:19:9a:ff:d8:53:14:61:25:5d:63:
                    32:63:81:1f:55:4b:e4:3a:9a:fe:86:0a:b0:e2:1a:
                    ea:9d:be:eb:4a:6c:ab:ea:61:85:01:4f:aa:ec:f9:
                    0a:18:f6:d5:af:53:d9:a8:37:ba:0a:5d:2a:90:bf:
                    d9:07:42:45:8a:38:25:54:dc:9f:44:87:30:3c:ed:
                    46:da:38:ad:c1:4a:34:40:43:85:63:04:59:ed:60:
                    12:9c:dd:9f:0c:a6:8c:96:25:8a:a8:b7:96:1f:1f:
                    1e:5b:35:85:fa:31:ca:b4:d6:19:dd:4a:de:9b:60:
                    95:22:c7:1a:5a:b9:a6:a9:3e:de:2f:cf:d0:ad:4b:
                    16:fe:23:ed:d4:8b:3b:41:1b:79:7f:d7:7d:ca:a8:
                    a3:9f:be:80:58:24:2d:53:7e:dd:71:c8:ca:8c:be:
                    22:6b:e0:1b:0c:56:51:66:fe:c8:9f:05:63:b2:a0:
                    c5:0c:24:5d:a6:3f:13:9a:5b:c2:f8:1a:d0:f3:86:
                    c5:c6:c7:53:87:d1:3f:7c:f8:bf:57:08:bd:89:0b:
                    3a:e4:11:36:37:50:39:c1:25:ed:b6:85:c2:2c:6e:
                    6d:fa:6d:e0:9e:66:51:a1:48:9e:6b:76:c9:0b:6a:
                    6a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CD:F6:C1:11:19:0E:86:1F:24:D5:62:63:32:9A:9E:31:86:71:56
            X509v3 Authority Key Identifier:
                keyid:4E:78:56:D2:95:58:09:36:91:6A:55:3F:B9:BF:B5:9F:3A:17:68:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TnhW0pVYCTaRalU_ub-1nzoXaAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/Ns32wREZDoYfJNViYzKanjGGcVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/7f9be1-b72b-4585-a2bd-e4da8ac2b3db/1/TnhW0pVYCTaRalU_ub-1nzoXaAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.128.0/21
                IPv6:
                  2a14:9e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:d0:00:f4:34:64:56:7a:ae:49:59:16:ea:77:14:5b:40:52:
         c5:7f:a0:b1:b1:14:75:89:08:22:68:64:d6:aa:c7:a4:86:eb:
         50:dc:aa:3e:d8:2b:d7:c0:e8:64:10:ef:f5:97:f4:39:db:e6:
         fa:13:75:6b:ac:a2:35:33:4a:b3:d2:c8:50:2d:8f:b9:2c:62:
         d8:7d:be:0f:f6:53:ff:43:fa:ec:a7:b4:be:de:f0:93:c6:aa:
         71:0c:ee:dd:d9:e8:ac:81:b8:d8:0c:40:bd:b0:0a:48:f9:9c:
         d5:5e:ec:9f:2d:ad:c4:9d:73:1e:28:d2:22:3d:ba:f8:e1:cc:
         9d:8b:71:b9:3c:ad:fc:db:87:dc:12:8f:e9:6f:b9:7d:a5:aa:
         3b:75:39:92:a3:26:6f:3c:eb:bf:3c:a2:4f:eb:94:d4:60:44:
         00:6c:4a:51:1e:17:17:b8:e4:90:2c:aa:30:78:53:f8:f7:e1:
         73:a9:0a:7a:57:5d:ab:3d:bb:19:75:02:12:a4:29:f9:7a:55:
         dd:ab:72:fb:ba:85:35:35:79:59:e4:44:e9:8f:fb:d9:84:ba:
         d0:99:37:07:9a:dd:b5:47:c4:32:0e:44:ff:b3:e6:3c:fb:b8:
         9e:dc:27:4a:d5:07:ac:b2:be:5f:bc:9b:76:53:e3:b3:42:7c:
         77:db:c7:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzCjpnkYiDWkN/NrWT0Ik2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNzg1NmQyOTU1ODA5MzY5MTZhNTUzZmI5YmZiNTlmM2Ex
NzY4MDQwHhcNMjYwMzA2MDk1MDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNkZjZjMTExMTkwZTg2MWYyNGQ1NjI2MzMyOWE5ZTMxODY3MTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6w4Ti/N4VNmh3RnjSysKd+gXhma
/9hTFGElXWMyY4EfVUvkOpr+hgqw4hrqnb7rSmyr6mGFAU+q7PkKGPbVr1PZqDe6
Cl0qkL/ZB0JFijglVNyfRIcwPO1G2jitwUo0QEOFYwRZ7WASnN2fDKaMliWKqLeW
Hx8eWzWF+jHKtNYZ3Urem2CVIscaWrmmqT7eL8/QrUsW/iPt1Is7QRt5f9d9yqij
n76AWCQtU37dccjKjL4ia+AbDFZRZv7InwVjsqDFDCRdpj8TmlvC+BrQ84bFxsdT
h9E/fPi/Vwi9iQs65BE2N1A5wSXttoXCLG5t+m3gnmZRoUiea3bJC2pqKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDbN9sERGQ6GHyTVYmMymp4xhnFWMB8GA1UdIwQY
MBaAFE54VtKVWAk2kWpVP7m/tZ86F2gEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG5oVzBwVllDVGFSYWxVX3ViLTFuem9YYUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC83ZjliZTEtYjcyYi00NTg1LWEyYmQt
ZTRkYThhYzJiM2RiLzEvTnMzMndSRVpEb1lmSk5WaVl6S2FuakdHY1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC83ZjliZTEtYjcyYi00NTg1LWEyYmQtZTRkYThhYzJiM2Ri
LzEvVG5oVzBwVllDVGFSYWxVX3ViLTFuem9YYUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWSeAMA0E
AgACMAcDBQMqFJ6AMA0GCSqGSIb3DQEBCwUAA4IBAQA90AD0NGRWeq5JWRbqdxRb
QFLFf6CxsRR1iQgiaGTWqsekhutQ3Ko+2CvXwOhkEO/1l/Q52+b6E3VrrKI1M0qz
0shQLY+5LGLYfb4P9lP/Q/rsp7S+3vCTxqpxDO7d2eisgbjYDEC9sApI+ZzVXuyf
La3EnXMeKNIiPbr44cydi3G5PK3824fcEo/pb7l9pao7dTmSoyZvPOu/PKJP65TU
YEQAbEpRHhcXuOSQLKoweFP49+FzqQp6V12rPbsZdQISpCn5elXdq3L7uoU1NXlZ
5ETpj/vZhLrQmTcHmt21R8QyDkT/s+Y8+7ie3CdK1Qessr5fvJt2U+OzQnx328e6
-----END CERTIFICATE-----