Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/NCGBgWXRVgbgMAgfdWE4jwZPG0I.roa
File:                     NCGBgWXRVgbgMAgfdWE4jwZPG0I.roa (raw, json)
Hash identifier:          JGFZNQOApb7/WqwWE/c/9V/F0GH77gyItWPb/xZX69Q=
Subject key identifier:   34:21:81:81:65:D1:56:06:E0:30:08:1F:75:61:38:8F:06:4F:1B:42
Certificate issuer:       /CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
Certificate serial:       019C052AB44BB0710465BBC1D679547E985E
Authority key identifier: D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/NCGBgWXRVgbgMAgfdWE4jwZPG0I.roa
Signing time:             Wed 28 Jan 2026 15:13:30 +0000
ROA not before:           Wed 28 Jan 2026 15:13:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        109.68.67.0/24 maxlen: 24
                          109.68.69.0/24 maxlen: 24
                          109.68.70.0/24 maxlen: 24
                          109.68.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:05:2a:b4:4b:b0:71:04:65:bb:c1:d6:79:54:7e:98:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
        Validity
            Not Before: Jan 28 15:13:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3421818165d15606e030081f7561388f064f1b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:6e:b7:53:02:37:96:7b:73:bd:fd:ed:30:
                    68:49:f7:ad:0c:9b:ce:e8:fc:8b:3d:a9:45:7d:10:
                    fd:07:56:ed:03:2c:33:0e:43:bd:76:a6:3e:90:d1:
                    7e:f9:b1:42:bf:de:07:97:e6:20:70:a9:7b:81:f3:
                    8f:33:e7:68:d0:50:65:bb:d9:67:d5:b1:28:8d:23:
                    d8:ef:28:f5:a8:7a:c2:cb:cb:a0:73:8f:ca:9a:68:
                    18:0a:ac:7d:13:40:8e:58:30:e0:17:9c:70:8b:d1:
                    af:f7:52:d3:2b:e2:0a:19:50:2f:54:ba:73:2c:91:
                    5c:9d:ad:d4:4f:8d:1c:6c:ad:a9:8c:cd:3a:e0:51:
                    22:74:5d:fd:d7:1b:07:26:61:5b:50:2c:48:51:03:
                    5f:d1:dc:7f:24:98:f0:4a:e5:ec:dc:3c:d5:78:dd:
                    8e:84:d1:cf:10:f7:79:c0:b3:25:0c:47:76:aa:d7:
                    49:d3:2d:c1:fe:a3:4a:0f:92:ee:62:6b:b4:c7:98:
                    11:4c:b1:ce:e6:8a:6d:65:25:51:7a:bb:81:96:1e:
                    8e:e6:f5:64:e9:1e:0a:41:2d:4f:0f:0b:98:74:15:
                    92:9f:19:2a:4c:88:08:5a:53:11:d1:5a:0e:b5:34:
                    55:9b:8d:a2:b1:6b:9d:5f:6f:a0:3a:9e:e6:43:65:
                    19:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:21:81:81:65:D1:56:06:E0:30:08:1F:75:61:38:8F:06:4F:1B:42
            X509v3 Authority Key Identifier:
                keyid:D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/NCGBgWXRVgbgMAgfdWE4jwZPG0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.67.0/24
                  109.68.69.0-109.68.71.255

    Signature Algorithm: sha256WithRSAEncryption
         77:71:d9:c5:0c:fa:95:7a:f5:c0:c3:a7:ad:3b:39:db:fb:62:
         76:e5:85:64:79:7b:92:99:73:fb:9c:0f:86:56:2b:96:3c:b9:
         0c:e3:b1:40:eb:26:65:10:90:27:f5:42:e5:80:04:b6:6b:df:
         4c:92:f8:cb:3e:44:ba:3e:76:ad:50:9b:85:48:88:fc:71:62:
         b4:37:dc:a7:85:b6:39:92:bf:77:1b:2f:1f:8b:79:8b:72:76:
         6f:9b:cb:f9:08:48:5d:65:a5:8b:af:27:a0:ee:c9:29:5c:e6:
         25:e7:8e:9d:54:b3:84:8c:ca:16:a1:64:4d:63:f6:10:87:64:
         04:85:32:5f:be:99:b1:94:f0:fa:62:d1:c1:6f:0e:bc:10:e4:
         05:c3:be:b1:10:8c:9c:a6:6d:03:19:99:45:01:52:19:fd:ea:
         e6:f3:96:b6:c0:c5:d8:4c:0c:80:a7:f5:23:05:82:30:a5:61:
         8c:4a:c3:04:cf:b9:27:e0:f8:83:84:7c:06:d7:23:62:09:f2:
         54:cb:76:74:a9:86:46:2c:2d:dc:88:4f:17:6a:af:ef:f5:14:
         3c:30:5f:38:09:95:2e:a3:c4:72:88:a3:03:e3:46:bd:5f:0a:
         b2:91:f6:af:0f:b0:a3:34:9a:6b:98:e3:58:69:6d:59:94:57:
         4c:d8:c6:f2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZwFKrRLsHEEZbvB1nlUfpheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjZjYTVkNTNjMWI1MzA4ZTJjOWM3OTFjNjMwYTBmMjIz
Mzc5NDMwHhcNMjYwMTI4MTUxMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIxODE4MTY1ZDE1NjA2ZTAzMDA4MWY3NTYxMzg4ZjA2NGYxYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbhut1MCN5Z7c7397TBoSfetDJvO
6PyLPalFfRD9B1btAywzDkO9dqY+kNF++bFCv94Hl+YgcKl7gfOPM+do0FBlu9ln
1bEojSPY7yj1qHrCy8ugc4/KmmgYCqx9E0COWDDgF5xwi9Gv91LTK+IKGVAvVLpz
LJFcna3UT40cbK2pjM064FEidF391xsHJmFbUCxIUQNf0dx/JJjwSuXs3DzVeN2O
hNHPEPd5wLMlDEd2qtdJ0y3B/qNKD5LuYmu0x5gRTLHO5optZSVReruBlh6O5vVk
6R4KQS1PDwuYdBWSnxkqTIgIWlMR0VoOtTRVm42isWudX2+gOp7mQ2UZiQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDQhgYFl0VYG4DAIH3VhOI8GTxtCMB8GA1UdIwQY
MBaAFNgmyl1TwbUwjiyceRxjCg8iM3lDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGIt
NThkMmVlOTgyODc5LzEvTkNHQmdXWFJWZ2JnTUFnZmRXRTRqd1pQRzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGItNThkMmVlOTgyODc5
LzEvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAbURDMAwD
BABtREUDBANtREAwDQYJKoZIhvcNAQELBQADggEBAHdx2cUM+pV69cDDp607Odv7
YnblhWR5e5KZc/ucD4ZWK5Y8uQzjsUDrJmUQkCf1QuWABLZr30yS+Ms+RLo+dq1Q
m4VIiPxxYrQ33KeFtjmSv3cbLx+LeYtydm+by/kISF1lpYuvJ6DuySlc5iXnjp1U
s4SMyhahZE1j9hCHZASFMl++mbGU8Ppi0cFvDrwQ5AXDvrEQjJymbQMZmUUBUhn9
6ubzlrbAxdhMDICn9SMFgjClYYxKwwTPuSfg+IOEfAbXI2IJ8lTLdnSphkYsLdyI
Txdqr+/1FDwwXzgJlS6jxHKIowPjRr1fCrKR9q8PsKM0mmuY41hpbVmUV0zYxvI=
-----END CERTIFICATE-----