Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/NUx7vvEWNtlf30buwcgLWtHz7GQ.roa
File:                     NUx7vvEWNtlf30buwcgLWtHz7GQ.roa (raw, json)
Hash identifier:          7mzTG7+2/G0MOcxAuxj9Gm4KPG0QM6fGkQwQnv78LHc=
Subject key identifier:   35:4C:7B:BE:F1:16:36:D9:5F:DF:46:EE:C1:C8:0B:5A:D1:F3:EC:64
Certificate issuer:       /CN=d091fe8c540c44e234f9bc668f8a3b1647acdb06
Certificate serial:       019ED6321A4DB7B1728086AFD4857B83C045
Authority key identifier: D0:91:FE:8C:54:0C:44:E2:34:F9:BC:66:8F:8A:3B:16:47:AC:DB:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0JH-jFQMROI0-bxmj4o7Fkes2wY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/NUx7vvEWNtlf30buwcgLWtHz7GQ.roa
Signing time:             Wed 17 Jun 2026 15:27:48 +0000
ROA not before:           Wed 17 Jun 2026 15:27:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60976
IP address blocks:        185.192.112.0/24 maxlen: 24
                          185.192.113.0/24 maxlen: 24
                          185.192.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/0JH-jFQMROI0-bxmj4o7Fkes2wY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/0JH-jFQMROI0-bxmj4o7Fkes2wY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0JH-jFQMROI0-bxmj4o7Fkes2wY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d6:32:1a:4d:b7:b1:72:80:86:af:d4:85:7b:83:c0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d091fe8c540c44e234f9bc668f8a3b1647acdb06
        Validity
            Not Before: Jun 17 15:27:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=354c7bbef11636d95fdf46eec1c80b5ad1f3ec64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ba:39:73:8e:33:22:37:d9:e5:74:62:25:a4:
                    a9:90:7c:44:dc:8d:1b:65:ca:dd:34:aa:b4:5e:a2:
                    ad:71:0d:90:35:5b:87:1a:dd:99:a7:83:d0:5d:9c:
                    9f:7f:31:6d:86:d2:3c:62:90:3f:c7:75:62:de:a2:
                    a3:69:29:e7:18:34:fc:79:79:18:e4:aa:de:6c:a2:
                    92:cd:24:86:5c:41:08:b4:ed:9e:7b:31:39:1c:8c:
                    fc:c0:55:ea:50:7b:51:c1:75:65:0e:25:67:fa:63:
                    04:68:a5:bc:4b:fb:44:d8:d7:61:0c:f6:a1:5f:00:
                    47:93:6b:ea:45:8f:69:08:22:07:2e:09:52:a5:39:
                    2f:92:5e:b0:0f:db:ba:f7:7f:bf:6f:0b:4d:8a:98:
                    27:f3:a2:29:05:af:26:c6:01:6a:c0:d4:18:84:92:
                    50:5a:40:9a:1b:dd:84:94:a1:6f:38:9d:c5:07:01:
                    9d:01:46:86:d9:7f:7b:3f:b3:cd:4b:40:12:6a:49:
                    81:8a:98:54:61:1c:d3:5d:c6:49:62:db:62:86:38:
                    ae:bf:4c:1b:80:3a:04:b8:5a:1b:df:80:e6:8a:5e:
                    f1:4f:a9:c9:82:70:25:3c:ef:e6:5f:21:ee:b5:af:
                    cc:f5:45:18:b6:e7:8d:24:97:5d:c4:3e:c4:84:79:
                    a4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4C:7B:BE:F1:16:36:D9:5F:DF:46:EE:C1:C8:0B:5A:D1:F3:EC:64
            X509v3 Authority Key Identifier:
                keyid:D0:91:FE:8C:54:0C:44:E2:34:F9:BC:66:8F:8A:3B:16:47:AC:DB:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0JH-jFQMROI0-bxmj4o7Fkes2wY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/NUx7vvEWNtlf30buwcgLWtHz7GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9a3aac-2a4c-4387-aea8-04e6f5764c52/1/0JH-jFQMROI0-bxmj4o7Fkes2wY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.112.0-185.192.114.255

    Signature Algorithm: sha256WithRSAEncryption
         32:3a:d7:96:7e:4d:3e:37:e9:31:9f:90:c4:fb:56:d9:93:18:
         ce:52:87:aa:ec:00:fa:0c:2c:16:5a:f2:36:02:03:e1:b5:22:
         05:22:50:8b:35:2d:49:b7:d5:1f:8a:1f:fb:7e:cd:c9:33:3b:
         b3:48:cf:32:a6:50:a3:c6:f4:d6:3a:73:7e:7f:82:f4:d6:2b:
         f7:ac:5e:50:e6:b4:af:d0:d0:62:15:c7:72:cd:d2:04:46:99:
         3e:55:34:56:34:d7:42:12:d9:a4:7a:e5:45:70:0a:cc:79:5f:
         6e:d1:7f:4e:9b:64:87:7f:12:b4:f6:d7:f9:51:46:61:00:3e:
         7f:7d:4c:05:c1:50:34:cc:b7:be:db:f2:d0:c0:5b:8f:77:aa:
         bd:12:94:40:7a:da:ae:fc:b5:ae:87:17:0e:09:ba:39:3f:4d:
         e2:75:1e:a9:2d:1d:39:57:ec:b3:33:de:f3:f7:38:92:ce:74:
         54:2e:04:81:08:e3:eb:86:29:1d:e6:7e:30:d7:71:de:48:cd:
         ed:75:f3:39:55:1a:5b:c8:47:d0:d2:3f:77:7c:7e:72:ef:59:
         87:63:fb:9c:b6:a2:fe:33:5e:d6:65:e6:42:9a:20:a3:68:25:
         31:9e:63:8b:41:40:b1:44:2f:fa:b2:e1:f6:e2:65:41:20:13:
         fc:00:b7:21
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ7WMhpNt7FygIav1IV7g8BFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOTFmZThjNTQwYzQ0ZTIzNGY5YmM2NjhmOGEzYjE2NDdh
Y2RiMDYwHhcNMjYwNjE3MTUyNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRjN2JiZWYxMTYzNmQ5NWZkZjQ2ZWVjMWM4MGI1YWQxZjNlYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bo5c44zIjfZ5XRiJaSpkHxE3I0b
ZcrdNKq0XqKtcQ2QNVuHGt2Zp4PQXZyffzFthtI8YpA/x3Vi3qKjaSnnGDT8eXkY
5KrebKKSzSSGXEEItO2eezE5HIz8wFXqUHtRwXVlDiVn+mMEaKW8S/tE2NdhDPah
XwBHk2vqRY9pCCIHLglSpTkvkl6wD9u693+/bwtNipgn86IpBa8mxgFqwNQYhJJQ
WkCaG92ElKFvOJ3FBwGdAUaG2X97P7PNS0ASakmBiphUYRzTXcZJYttihjiuv0wb
gDoEuFob34Dmil7xT6nJgnAlPO/mXyHuta/M9UUYtueNJJddxD7EhHmkbQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDVMe77xFjbZX99G7sHIC1rR8+xkMB8GA1UdIwQY
MBaAFNCR/oxUDETiNPm8Zo+KOxZHrNsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpILWpGUU1ST0kwLWJ4bWo0bzdGa2VzMndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85YTNhYWMtMmE0Yy00Mzg3LWFlYTgt
MDRlNmY1NzY0YzUyLzEvTlV4N3Z2RVdOdGxmMzBidXdjZ0xXdEh6N0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85YTNhYWMtMmE0Yy00Mzg3LWFlYTgtMDRlNmY1NzY0YzUy
LzEvMEpILWpGUU1ST0kwLWJ4bWo0bzdGa2VzMndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS5wHAD
BAC5wHIwDQYJKoZIhvcNAQELBQADggEBADI615Z+TT436TGfkMT7VtmTGM5Sh6rs
APoMLBZa8jYCA+G1IgUiUIs1LUm31R+KH/t+zckzO7NIzzKmUKPG9NY6c35/gvTW
K/esXlDmtK/Q0GIVx3LN0gRGmT5VNFY010IS2aR65UVwCsx5X27Rf06bZId/ErT2
1/lRRmEAPn99TAXBUDTMt77b8tDAW493qr0SlEB62q78ta6HFw4Jujk/TeJ1Hqkt
HTlX7LMz3vP3OJLOdFQuBIEI4+uGKR3mfjDXcd5Ize118zlVGlvIR9DSP3d8fnLv
WYdj+5y2ov4zXtZl5kKaIKNoJTGeY4tBQLFEL/qy4fbiZUEgE/wAtyE=
-----END CERTIFICATE-----