Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/NS0OG_158yBgKw1hv5HZLbP9gNU.roa
File:                     NS0OG_158yBgKw1hv5HZLbP9gNU.roa (raw, json)
Hash identifier:          hWWft4kE5qapcxE+YsKdnh8JxcvLJHffpGfQiJ+unY4=
Subject key identifier:   35:2D:0E:1B:FD:79:F3:20:60:2B:0D:61:BF:91:D9:2D:B3:FD:80:D5
Certificate issuer:       /CN=b19b647fe0a10b3400a903faf2eb64a3c58feb07
Certificate serial:       019CE6F438D290EDBD13159AD25CBBE13D1C
Authority key identifier: B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/NS0OG_158yBgKw1hv5HZLbP9gNU.roa
Signing time:             Fri 13 Mar 2026 11:28:10 +0000
ROA not before:           Fri 13 Mar 2026 11:28:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211275
IP address blocks:        2a14:7240:410::/48 maxlen: 48
                          2a14:7240:412::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:f4:38:d2:90:ed:bd:13:15:9a:d2:5c:bb:e1:3d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b19b647fe0a10b3400a903faf2eb64a3c58feb07
        Validity
            Not Before: Mar 13 11:28:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=352d0e1bfd79f320602b0d61bf91d92db3fd80d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8c:82:26:36:45:53:50:0f:c2:5e:6c:d1:79:
                    9c:c6:f9:06:7d:7a:c6:de:a4:bb:25:ba:76:11:5d:
                    72:38:fb:6c:50:23:47:cc:a0:5d:15:80:ff:5a:6b:
                    be:ac:0d:7e:17:af:59:9e:fc:9a:f6:e6:13:8d:ad:
                    5c:c6:a2:1b:4e:c0:a4:35:08:6f:44:1d:fa:4c:b1:
                    71:13:ec:6c:d1:24:fd:ac:81:63:2e:63:a3:97:bd:
                    e3:36:c7:63:53:cb:74:3b:40:74:8d:0c:3b:85:b4:
                    1b:50:a0:4c:ac:11:d7:db:a4:02:54:3f:2c:99:2b:
                    f7:94:29:fb:34:8f:e2:95:bc:d0:da:3a:67:3e:b6:
                    0a:e2:a3:92:2b:eb:bc:e0:85:a7:8b:c6:3f:49:23:
                    5a:b7:5a:02:7b:7e:f9:23:dc:92:a4:fd:e4:f9:e6:
                    95:c9:5b:fa:49:01:2c:87:ec:80:fa:81:f2:92:11:
                    50:49:0b:ae:86:6d:d5:8e:8e:4e:37:bf:1f:7a:20:
                    d2:a6:c7:47:2c:f3:91:0c:05:2d:d6:25:1a:0e:0a:
                    2a:e1:e3:1f:7f:bf:d4:42:4c:21:65:7a:a9:d6:ec:
                    30:0d:51:e0:2c:33:62:6e:b7:61:d0:15:2e:84:9f:
                    4b:00:63:24:3b:bc:3b:5e:68:7f:c0:cf:25:2f:7b:
                    a3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2D:0E:1B:FD:79:F3:20:60:2B:0D:61:BF:91:D9:2D:B3:FD:80:D5
            X509v3 Authority Key Identifier:
                keyid:B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/NS0OG_158yBgKw1hv5HZLbP9gNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240:410::/48
                  2a14:7240:412::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:fe:a5:74:9b:ac:9a:29:b8:02:ac:a4:df:6b:4a:2d:e9:65:
         71:09:36:d1:9e:c1:bf:09:3e:6e:11:9b:63:32:21:cf:88:6b:
         5c:2e:90:fe:68:27:b5:46:eb:a5:34:b1:e2:54:b9:be:ec:3b:
         0a:37:af:18:01:3e:e9:a8:f3:73:aa:99:61:58:d4:f9:94:35:
         2d:52:26:f6:e2:2c:05:eb:bc:61:32:30:5e:f4:58:ba:83:f8:
         74:8c:0a:2f:2c:82:56:6f:91:6b:7a:c9:9b:d6:3d:c4:d6:a7:
         70:24:3f:78:e3:35:9e:bf:94:18:8f:50:87:dc:bd:d4:fb:66:
         32:c2:90:ac:01:af:89:b8:98:69:11:fb:41:4c:c0:ce:60:72:
         39:95:e0:87:1e:8e:e3:f3:ce:e0:d4:a4:98:fe:da:2e:0d:bc:
         bc:e9:17:13:b9:a4:41:7d:cb:12:52:8a:d9:25:4c:57:06:ff:
         a9:38:7c:ce:5a:bc:42:cc:cb:63:13:f8:93:2f:3b:a9:11:63:
         81:a2:23:8d:15:ca:84:e6:67:da:72:29:54:63:1a:d9:03:7c:
         25:f7:f8:68:50:d7:53:e4:52:27:68:c1:3d:12:37:c3:be:4b:
         15:3b:60:57:a2:7d:35:6b:a6:dc:59:8b:71:d6:e6:cf:2d:31:
         0f:b5:cd:07
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzm9DjSkO29ExWa0ly74T0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWI2NDdmZTBhMTBiMzQwMGE5MDNmYWYyZWI2NGEzYzU4
ZmViMDcwHhcNMjYwMzEzMTEyODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJkMGUxYmZkNzlmMzIwNjAyYjBkNjFiZjkxZDkyZGIzZmQ4MGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYyCJjZFU1APwl5s0XmcxvkGfXrG
3qS7Jbp2EV1yOPtsUCNHzKBdFYD/Wmu+rA1+F69Znvya9uYTja1cxqIbTsCkNQhv
RB36TLFxE+xs0ST9rIFjLmOjl73jNsdjU8t0O0B0jQw7hbQbUKBMrBHX26QCVD8s
mSv3lCn7NI/ilbzQ2jpnPrYK4qOSK+u84IWni8Y/SSNat1oCe375I9ySpP3k+eaV
yVv6SQEsh+yA+oHykhFQSQuuhm3Vjo5ON78feiDSpsdHLPORDAUt1iUaDgoq4eMf
f7/UQkwhZXqp1uwwDVHgLDNibrdh0BUuhJ9LAGMkO7w7Xmh/wM8lL3ujSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDUtDhv9efMgYCsNYb+R2S2z/YDVMB8GA1UdIwQY
MBaAFLGbZH/goQs0AKkD+vLrZKPFj+sHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1p0a2YtQ2hDelFBcVFQNjh1dGtvOFdQNndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zN2IzM2QtZDlhMC00ZmFlLTkwN2Qt
MGNjYTk3ZWZkYzU3LzEvTlMwT0dfMTU4eUJnS3cxaHY1SFpMYlA5Z05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zN2IzM2QtZDlhMC00ZmFlLTkwN2QtMGNjYTk3ZWZkYzU3
LzEvc1p0a2YtQ2hDelFBcVFQNjh1dGtvOFdQNndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhRyQAQQ
AwcAKhRyQAQSMA0GCSqGSIb3DQEBCwUAA4IBAQBm/qV0m6yaKbgCrKTfa0ot6WVx
CTbRnsG/CT5uEZtjMiHPiGtcLpD+aCe1RuulNLHiVLm+7DsKN68YAT7pqPNzqplh
WNT5lDUtUib24iwF67xhMjBe9Fi6g/h0jAovLIJWb5Fresmb1j3E1qdwJD944zWe
v5QYj1CH3L3U+2YywpCsAa+JuJhpEftBTMDOYHI5leCHHo7j887g1KSY/touDby8
6RcTuaRBfcsSUorZJUxXBv+pOHzOWrxCzMtjE/iTLzupEWOBoiONFcqE5mfacilU
YxrZA3wl9/hoUNdT5FInaME9EjfDvksVO2BXon01a6bcWYtx1ubPLTEPtc0H
-----END CERTIFICATE-----