Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nxg4bteaOKkFMyTVY4G-wWax8cU.roa
File:                     nxg4bteaOKkFMyTVY4G-wWax8cU.roa (raw, json)
Hash identifier:          BywB8xQMMJScKr5VQb2CsLmnDhYxMwzf3T3moa7N6Hc=
Subject key identifier:   9F:18:38:6E:D7:9A:38:A9:05:33:24:D5:63:81:BE:C1:66:B1:F1:C5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019ED9FE665BA86BFE1DCE581BAAAC9C58E2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nxg4bteaOKkFMyTVY4G-wWax8cU.roa
Signing time:             Thu 18 Jun 2026 09:09:48 +0000
ROA not before:           Thu 18 Jun 2026 09:09:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        45.8.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d9:fe:66:5b:a8:6b:fe:1d:ce:58:1b:aa:ac:9c:58:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 18 09:09:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f18386ed79a38a9053324d56381bec166b1f1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:92:0c:55:01:c3:28:cb:19:4b:59:8e:a6:
                    5a:b2:48:71:bc:cb:0a:c9:da:62:1a:ff:90:43:14:
                    1e:09:a9:59:05:3b:c0:04:49:26:cc:9e:eb:6f:5a:
                    b4:c3:c4:92:68:85:7a:c5:9b:bc:e6:96:bc:30:4c:
                    eb:74:0c:02:3f:f5:0f:6a:a1:06:86:b9:52:4f:39:
                    cb:24:06:30:e3:1c:3b:74:2a:38:ac:7e:ea:eb:6f:
                    80:58:2d:d7:d9:f4:07:28:33:0e:6e:ac:32:69:c4:
                    c0:e0:2d:6c:2d:0d:fe:0b:d7:45:40:13:4d:cf:61:
                    db:50:a4:d8:f6:f9:49:ca:2b:21:7e:af:09:33:80:
                    2c:23:a3:d2:fd:ee:98:d4:fc:81:f9:f3:09:2f:d9:
                    63:2a:6c:40:4c:b4:75:f7:7e:21:7a:9b:be:15:f6:
                    5b:b6:10:dc:5c:41:fe:89:95:b3:ef:0d:07:7e:1b:
                    2e:de:48:27:d4:cc:dc:73:b0:88:0c:aa:ad:f5:74:
                    71:ba:65:a6:5b:00:f2:4c:3d:a5:76:64:f3:03:ac:
                    d1:32:c9:80:eb:ce:6a:59:11:b6:dd:07:20:ac:c5:
                    a1:a2:88:10:15:6a:03:76:52:38:c7:78:98:b2:76:
                    ac:93:9f:5e:50:50:13:13:68:f5:ac:56:68:a7:ac:
                    c4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:18:38:6E:D7:9A:38:A9:05:33:24:D5:63:81:BE:C1:66:B1:F1:C5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/nxg4bteaOKkFMyTVY4G-wWax8cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d2:ed:08:ce:c9:95:14:09:05:3a:fe:6a:c9:07:ba:d2:e5:
         28:46:99:7e:8a:cd:e9:b3:2e:8b:59:37:a1:e5:fc:e6:5f:c0:
         eb:53:b1:7e:ad:1a:70:d1:45:92:bc:6e:f1:01:b7:32:96:46:
         dc:a0:f6:10:37:92:50:fe:c2:40:da:8b:3c:95:df:6f:ea:ed:
         87:a8:13:bb:12:b0:b8:42:d4:b4:48:b5:fe:39:5f:69:e9:2b:
         8c:89:53:7a:96:58:c8:05:15:06:41:dd:09:03:ac:ae:ee:b8:
         b8:34:85:0a:5a:71:81:b3:c7:e3:57:73:16:28:25:9f:9b:7d:
         08:74:4d:39:76:46:0a:32:52:6d:47:89:30:b6:28:b1:83:89:
         68:f2:48:20:a5:4c:57:b6:b9:f0:28:c6:94:90:a5:98:7a:49:
         29:54:e7:cf:a6:7e:58:92:43:be:39:6d:b2:a4:62:6d:55:9d:
         78:36:b7:0e:b3:75:1c:81:e1:fc:01:b5:fc:5d:43:bb:fb:84:
         ed:7d:2d:b9:95:95:30:3c:6a:47:07:9d:38:af:32:7f:d3:79:
         c0:06:66:52:59:76:2c:74:a2:71:06:4b:cc:22:10:89:92:3c:
         c2:56:55:38:cb:cc:e2:be:53:24:bf:ad:90:b3:a0:b7:0f:3c:
         65:d2:88:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Z/mZbqGv+Hc5YG6qsnFjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNjE4MDkwOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE4Mzg2ZWQ3OWEzOGE5MDUzMzI0ZDU2MzgxYmVjMTY2YjFmMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEmSDFUBwyjLGUtZjqZaskhxvMsK
ydpiGv+QQxQeCalZBTvABEkmzJ7rb1q0w8SSaIV6xZu85pa8MEzrdAwCP/UPaqEG
hrlSTznLJAYw4xw7dCo4rH7q62+AWC3X2fQHKDMObqwyacTA4C1sLQ3+C9dFQBNN
z2HbUKTY9vlJyishfq8JM4AsI6PS/e6Y1PyB+fMJL9ljKmxATLR1934hepu+FfZb
thDcXEH+iZWz7w0Hfhsu3kgn1Mzcc7CIDKqt9XRxumWmWwDyTD2ldmTzA6zRMsmA
685qWRG23QcgrMWhoogQFWoDdlI4x3iYsnask59eUFATE2j1rFZop6zEGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8YOG7XmjipBTMk1WOBvsFmsfHFMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbnhnNGJ0ZWFPS2tGTXlUVlk0Ry13V2F4OGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgXMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0u0IzsmVFAkFOv5qyQe60uUoRpl+is3psy6LWTeh
5fzmX8DrU7F+rRpw0UWSvG7xAbcylkbcoPYQN5JQ/sJA2os8ld9v6u2HqBO7ErC4
QtS0SLX+OV9p6SuMiVN6lljIBRUGQd0JA6yu7ri4NIUKWnGBs8fjV3MWKCWfm30I
dE05dkYKMlJtR4kwtiixg4lo8kggpUxXtrnwKMaUkKWYekkpVOfPpn5YkkO+OW2y
pGJtVZ14NrcOs3UcgeH8AbX8XUO7+4TtfS25lZUwPGpHB504rzJ/03nABmZSWXYs
dKJxBkvMIhCJkjzCVlU4y8zivlMkv62Qs6C3Dzxl0ohE
-----END CERTIFICATE-----