Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/NPNldLRV_V4G_RwnjwM4p2omEjA.roa
File:                     NPNldLRV_V4G_RwnjwM4p2omEjA.roa (raw, json)
Hash identifier:          0f1XhHb3kouwxcYG1tzNCN6nK7sgQJkdv37b60qyxWg=
Subject key identifier:   34:F3:65:74:B4:55:FD:5E:06:FD:1C:27:8F:03:38:A7:6A:26:12:30
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019C75D0A2FA21102124E82357A88C013068
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/NPNldLRV_V4G_RwnjwM4p2omEjA.roa
Signing time:             Thu 19 Feb 2026 12:12:13 +0000
ROA not before:           Thu 19 Feb 2026 12:12:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        104.239.55.0/24 maxlen: 24
                          104.249.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 12:12:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:75:d0:a2:fa:21:10:21:24:e8:23:57:a8:8c:01:30:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Feb 19 12:12:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34f36574b455fd5e06fd1c278f0338a76a261230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:50:70:7c:65:22:85:33:89:90:c3:70:6e:40:
                    e6:0b:32:e1:e5:e6:ac:00:74:98:bb:fb:1d:94:bd:
                    94:5e:71:44:53:0e:37:ed:e1:36:a9:d7:2c:df:09:
                    ee:65:c2:48:d0:dd:5c:b4:e2:8b:19:3a:a8:5e:71:
                    c1:ca:1c:be:26:b7:ce:c9:af:48:b8:ad:fd:3f:e7:
                    f2:9c:97:d7:42:2c:41:3e:84:6f:b0:ce:88:d6:18:
                    67:de:33:03:86:76:0c:c2:cd:e8:d0:49:7c:74:e2:
                    64:41:2b:e3:60:66:93:06:18:ae:af:fa:e6:5c:43:
                    56:c8:80:b3:03:52:30:65:fe:40:66:cb:51:71:3f:
                    c9:84:03:cc:63:93:45:0d:42:82:c2:c3:a7:2e:d1:
                    25:3f:8f:45:a2:38:96:aa:7d:a9:1b:b9:bf:5f:17:
                    cd:cc:16:56:48:6a:ef:ce:7e:b3:2d:7f:ca:08:af:
                    96:3c:da:2d:4a:8c:16:60:72:23:55:38:16:3b:ab:
                    db:d9:49:dd:bf:ea:e4:15:a7:00:5b:ae:3d:bc:ee:
                    4d:89:1c:a6:93:41:4e:4a:11:f5:21:26:ab:71:52:
                    4f:59:40:00:c2:d7:c5:74:1d:09:94:6e:41:98:ed:
                    11:a9:00:19:85:c1:8d:22:84:78:33:18:2e:9a:a4:
                    4b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F3:65:74:B4:55:FD:5E:06:FD:1C:27:8F:03:38:A7:6A:26:12:30
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/NPNldLRV_V4G_RwnjwM4p2omEjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.239.55.0/24
                  104.249.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:87:e7:20:23:90:dd:2f:1c:db:e2:52:ff:48:d5:b4:b0:e9:
         80:00:78:95:48:0e:a0:08:d3:8e:7b:ca:ec:05:1a:4a:f3:73:
         ab:b8:63:eb:fa:9f:d8:1f:6b:fb:e9:ef:a2:9c:0b:2a:f0:fb:
         aa:a4:12:19:3f:67:60:62:71:f7:23:d0:e0:cb:a4:44:a4:46:
         7e:6b:39:ea:2c:ae:d0:28:ee:41:a8:87:9c:40:0b:ea:95:24:
         2a:fd:55:9c:07:65:1a:1b:ae:63:b0:4f:a2:d8:a0:81:c1:40:
         ee:72:87:6d:01:99:f2:ec:a8:88:1a:ba:61:5d:35:6f:b4:1a:
         7d:cc:74:44:81:fe:02:1a:81:53:5f:22:17:85:c3:ec:35:09:
         af:a9:31:17:35:75:b2:9f:96:3c:3b:8e:ba:2f:f5:4e:07:3e:
         cc:df:48:71:4c:4f:55:c9:47:2e:d4:ca:6e:6d:8b:d0:f7:28:
         1c:37:de:54:e7:e3:61:54:46:70:39:15:4e:97:a5:b5:9b:06:
         1e:68:74:6d:61:6b:e6:c4:6f:67:ad:3c:eb:80:44:13:1e:f0:
         5f:f8:cb:44:a7:75:1c:c3:cd:1b:fd:af:2e:3c:64:1a:49:8c:
         41:b2:31:d5:4e:3a:ef:75:e7:c2:27:42:ee:46:0b:93:87:88:
         95:01:fd:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx10KL6IRAhJOgjV6iMATBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMjE5MTIxMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYzNjU3NGI0NTVmZDVlMDZmZDFjMjc4ZjAzMzhhNzZhMjYxMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VBwfGUihTOJkMNwbkDmCzLh5eas
AHSYu/sdlL2UXnFEUw437eE2qdcs3wnuZcJI0N1ctOKLGTqoXnHByhy+JrfOya9I
uK39P+fynJfXQixBPoRvsM6I1hhn3jMDhnYMws3o0El8dOJkQSvjYGaTBhiur/rm
XENWyICzA1IwZf5AZstRcT/JhAPMY5NFDUKCwsOnLtElP49FojiWqn2pG7m/XxfN
zBZWSGrvzn6zLX/KCK+WPNotSowWYHIjVTgWO6vb2Undv+rkFacAW649vO5NiRym
k0FOShH1ISarcVJPWUAAwtfFdB0JlG5BmO0RqQAZhcGNIoR4MxgumqRL7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTzZXS0Vf1eBv0cJ48DOKdqJhIwMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvTlBObGRMUlZfVjRHX1J3bmp3TTRwMm9tRWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaO83AwQA
aPkXMA0GCSqGSIb3DQEBCwUAA4IBAQCAh+cgI5DdLxzb4lL/SNW0sOmAAHiVSA6g
CNOOe8rsBRpK83OruGPr+p/YH2v76e+inAsq8PuqpBIZP2dgYnH3I9Dgy6REpEZ+
aznqLK7QKO5BqIecQAvqlSQq/VWcB2UaG65jsE+i2KCBwUDucodtAZny7KiIGrph
XTVvtBp9zHREgf4CGoFTXyIXhcPsNQmvqTEXNXWyn5Y8O466L/VOBz7M30hxTE9V
yUcu1MpubYvQ9ygcN95U5+NhVEZwORVOl6W1mwYeaHRtYWvmxG9nrTzrgEQTHvBf
+MtEp3Ucw80b/a8uPGQaSYxBsjHVTjrvdefCJ0LuRguTh4iVAf1L
-----END CERTIFICATE-----