Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NcH441XZRW65XEQquDBnoFY4lvU.roa
File:                     NcH441XZRW65XEQquDBnoFY4lvU.roa (raw, json)
Hash identifier:          JH0uzPhwy0pQo6vZQZbWwv/0a4S233gOYVnYhhviClY=
Subject key identifier:   35:C1:F8:E3:55:D9:45:6E:B9:5C:44:2A:B8:30:67:A0:56:38:96:F5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019EDB4E663A23C82335D36B5EC3AE15A644
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NcH441XZRW65XEQquDBnoFY4lvU.roa
Signing time:             Thu 18 Jun 2026 15:16:48 +0000
ROA not before:           Thu 18 Jun 2026 15:16:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211798
IP address blocks:        45.144.230.0/24 maxlen: 24
                          185.225.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:db:4e:66:3a:23:c8:23:35:d3:6b:5e:c3:ae:15:a6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 18 15:16:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35c1f8e355d9456eb95c442ab83067a0563896f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dd:e1:ec:a1:2e:44:1e:fe:12:52:74:1a:98:
                    eb:3f:66:b8:5f:1c:d4:5b:e3:4a:9a:8c:e2:38:06:
                    92:67:34:60:1e:e7:ae:01:0b:5f:22:ef:03:51:d4:
                    f8:55:7e:4f:ca:3f:16:ab:f7:96:25:0a:c2:fd:9d:
                    1f:0e:67:1b:df:a9:29:af:29:71:f1:35:e5:65:f4:
                    32:0a:4c:58:fd:d7:6a:e1:5d:7d:f4:59:c6:6f:28:
                    2b:40:57:fb:46:0e:44:56:21:eb:78:ca:81:73:da:
                    a1:b3:6a:75:10:63:91:c0:a7:67:9d:1f:17:39:68:
                    10:3c:90:2f:0a:72:21:5e:50:44:af:fa:e5:68:00:
                    a1:6f:aa:fc:38:ea:44:ac:38:e0:c6:0b:e4:12:ed:
                    05:c2:fc:80:64:58:db:b4:d0:5c:cc:b0:8f:8b:17:
                    dd:96:06:d9:d5:53:76:a7:c0:5c:df:f6:91:cf:cb:
                    50:2b:2f:e5:f5:3a:de:f8:2d:f2:77:32:da:43:f7:
                    c0:f5:e4:8b:bb:fd:ea:17:f9:e4:a8:b9:30:88:cd:
                    ce:19:18:f7:07:56:86:8c:d6:fc:97:f6:0c:01:b7:
                    20:cc:28:85:0c:90:57:d3:ad:1c:67:af:6e:d8:e7:
                    44:ab:48:c2:8a:56:63:e0:15:56:77:f8:23:99:cb:
                    b1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C1:F8:E3:55:D9:45:6E:B9:5C:44:2A:B8:30:67:A0:56:38:96:F5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NcH441XZRW65XEQquDBnoFY4lvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.230.0/24
                  185.225.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:04:98:5f:96:4c:c2:1f:7f:d7:14:c6:f9:92:bb:9e:ea:65:
         42:14:6a:d3:06:bc:6b:69:88:e9:d7:4a:0d:ae:d7:0a:33:71:
         d8:75:bc:9d:07:a6:26:4d:aa:6f:45:b3:86:42:6e:fb:4e:7b:
         ba:96:c8:11:4d:b2:ef:06:59:0c:d8:a8:80:61:d3:1b:99:ad:
         3a:21:e8:54:68:39:01:3f:f1:f3:f3:1e:d2:ab:3c:0c:0b:8b:
         73:41:4d:1d:cc:6c:aa:37:d2:fd:65:63:fc:0e:f1:41:1d:ec:
         f4:16:72:38:c3:8c:72:06:21:48:41:62:77:5e:80:a7:96:d7:
         61:52:98:ff:6f:28:f5:df:da:11:49:63:c5:f2:93:d7:b0:57:
         a3:fd:d5:f4:76:8c:c5:70:06:63:91:2d:c4:64:97:83:78:71:
         62:78:2b:6e:7d:c6:82:07:a8:76:e0:bc:c3:a1:a8:c4:63:dc:
         c2:e4:4b:3e:52:e4:06:b8:57:92:71:87:8a:ac:95:0f:16:44:
         b8:f3:0a:07:28:2b:d4:ca:3f:84:9b:71:c2:fc:fb:f5:fd:de:
         96:d2:89:37:92:8e:33:d2:42:bb:4a:05:2f:af:c1:7f:2e:6d:
         f5:5d:f7:74:7f:df:bb:59:2b:bb:47:75:d6:db:98:49:15:d3:
         7b:08:42:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7bTmY6I8gjNdNrXsOuFaZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNjE4MTUxNjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWMxZjhlMzU1ZDk0NTZlYjk1YzQ0MmFiODMwNjdhMDU2Mzg5NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt3h7KEuRB7+ElJ0GpjrP2a4XxzU
W+NKmoziOAaSZzRgHueuAQtfIu8DUdT4VX5Pyj8Wq/eWJQrC/Z0fDmcb36kprylx
8TXlZfQyCkxY/ddq4V199FnGbygrQFf7Rg5EViHreMqBc9qhs2p1EGORwKdnnR8X
OWgQPJAvCnIhXlBEr/rlaAChb6r8OOpErDjgxgvkEu0FwvyAZFjbtNBczLCPixfd
lgbZ1VN2p8Bc3/aRz8tQKy/l9Tre+C3ydzLaQ/fA9eSLu/3qF/nkqLkwiM3OGRj3
B1aGjNb8l/YMAbcgzCiFDJBX060cZ69u2OdEq0jCilZj4BVWd/gjmcuxOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDXB+ONV2UVuuVxEKrgwZ6BWOJb1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTmNINDQxWFpSVzY1WEVRcXVEQm5vRlk0bHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZDmAwQA
ueECMA0GCSqGSIb3DQEBCwUAA4IBAQCnBJhflkzCH3/XFMb5krue6mVCFGrTBrxr
aYjp10oNrtcKM3HYdbydB6YmTapvRbOGQm77Tnu6lsgRTbLvBlkM2KiAYdMbma06
IehUaDkBP/Hz8x7SqzwMC4tzQU0dzGyqN9L9ZWP8DvFBHez0FnI4w4xyBiFIQWJ3
XoCnltdhUpj/byj139oRSWPF8pPXsFej/dX0dozFcAZjkS3EZJeDeHFieCtufcaC
B6h24LzDoajEY9zC5Es+UuQGuFeScYeKrJUPFkS48woHKCvUyj+Em3HC/Pv1/d6W
0ok3ko4z0kK7SgUvr8F/Lm31Xfd0f9+7WSu7R3XW25hJFdN7CELm
-----END CERTIFICATE-----