Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/NVB0QUSWgn0ALHFZa2k8iucL56s.roa
File:                     NVB0QUSWgn0ALHFZa2k8iucL56s.roa (raw, json)
Hash identifier:          SyvOCJbzAEZ79Mu8MDdowadmy7cSY/kE23r919PmAwQ=
Subject key identifier:   35:50:74:41:44:96:82:7D:00:2C:71:59:6B:69:3C:8A:E7:0B:E7:AB
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019D520A15E71C2F08E5C9A6A202943B4A6F
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/NVB0QUSWgn0ALHFZa2k8iucL56s.roa
Signing time:             Fri 03 Apr 2026 06:31:25 +0000
ROA not before:           Fri 03 Apr 2026 06:31:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        109.205.9.0/24 maxlen: 24
                          185.36.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:0a:15:e7:1c:2f:08:e5:c9:a6:a2:02:94:3b:4a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Apr  3 06:31:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=355074414496827d002c71596b693c8ae70be7ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:d0:77:81:d8:7b:74:1a:59:b2:8b:a9:19:
                    26:4f:7a:0b:2b:1e:00:4b:08:bc:90:df:ee:ce:77:
                    c2:56:b0:7e:a4:d0:36:26:aa:a2:49:6b:5e:9b:aa:
                    6d:b6:c2:c6:30:24:9a:65:9b:da:4a:94:74:e0:55:
                    f1:5b:c0:8b:55:ce:7f:28:51:20:b8:40:5f:59:64:
                    6b:cf:2f:4f:ea:00:38:62:0a:19:77:1e:5c:7e:6e:
                    a1:cb:4b:0b:07:80:23:3b:e4:b9:b9:4e:aa:a2:60:
                    f6:7e:83:7f:58:19:af:7d:7d:1d:a2:e2:a5:1a:cf:
                    a6:df:e9:32:95:e7:52:92:61:e4:bc:0b:d7:56:90:
                    9b:60:84:a4:da:dd:0c:1a:e8:12:5d:96:d9:f3:95:
                    16:01:82:01:fb:a0:0e:c7:ae:f8:03:84:3f:dc:22:
                    da:81:a6:26:16:2a:8d:e4:97:45:46:df:d3:72:9f:
                    d4:61:4e:4b:a1:ac:ef:40:06:32:3a:9d:c2:55:5a:
                    76:80:d2:b4:75:cf:88:26:de:2b:7c:d7:03:37:70:
                    3f:9a:f1:f0:fc:d5:93:1d:88:43:e5:6d:8d:04:24:
                    26:f1:1e:e3:64:ad:d3:a3:6e:27:2a:4e:87:69:e1:
                    68:9b:9c:0b:9b:46:95:fa:a3:39:5f:fa:61:b4:20:
                    df:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:50:74:41:44:96:82:7D:00:2C:71:59:6B:69:3C:8A:E7:0B:E7:AB
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/NVB0QUSWgn0ALHFZa2k8iucL56s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.9.0/24
                  185.36.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:98:9c:3a:f7:95:82:b6:77:7c:51:18:f0:8d:2a:5a:e8:f2:
         96:6a:f6:9b:3e:1b:52:01:ae:bf:7e:b9:7c:30:08:ec:07:5e:
         93:ff:ff:a7:d2:4a:22:9b:bf:48:75:47:11:47:bd:39:dc:df:
         5c:0e:5e:0b:f0:ce:8a:fc:ce:0a:84:1a:64:e6:83:89:b6:33:
         48:90:1c:bd:fb:6b:af:be:f1:4d:47:b4:d9:40:92:ba:df:f7:
         2f:54:23:8e:a5:fe:a6:11:7a:34:94:ad:6f:81:2c:52:e2:7e:
         82:e7:25:92:59:96:d9:2c:a7:57:26:30:00:34:52:b0:c7:6d:
         32:ee:1b:d6:52:38:70:77:d5:ee:f1:f9:54:7e:a8:a8:9e:c7:
         1a:99:47:48:bf:4d:59:ee:c1:08:62:f1:a5:4f:5b:6c:3d:7b:
         eb:92:53:ae:c2:01:fc:a6:d3:56:de:c7:3d:9c:b6:77:43:0e:
         e0:1c:76:5d:35:ca:30:05:09:df:da:76:18:92:7e:e4:f2:ee:
         b4:b6:52:df:64:39:ed:66:93:b7:d1:ae:80:e4:c8:26:0f:bd:
         05:a5:d3:da:2f:f3:fa:93:bc:65:fa:24:34:ea:c0:e4:f7:e4:
         b5:9b:ea:50:43:c6:84:2f:8e:71:42:64:6c:26:c4:e6:ac:2e:
         07:c6:2f:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1SChXnHC8I5cmmogKUO0pvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjYwNDAzMDYzMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTUwNzQ0MTQ0OTY4MjdkMDAyYzcxNTk2YjY5M2M4YWU3MGJlN2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLTQd4HYe3QaWbKLqRkmT3oLKx4A
Swi8kN/uznfCVrB+pNA2JqqiSWtem6pttsLGMCSaZZvaSpR04FXxW8CLVc5/KFEg
uEBfWWRrzy9P6gA4YgoZdx5cfm6hy0sLB4AjO+S5uU6qomD2foN/WBmvfX0douKl
Gs+m3+kyledSkmHkvAvXVpCbYISk2t0MGugSXZbZ85UWAYIB+6AOx674A4Q/3CLa
gaYmFiqN5JdFRt/Tcp/UYU5LoazvQAYyOp3CVVp2gNK0dc+IJt4rfNcDN3A/mvHw
/NWTHYhD5W2NBCQm8R7jZK3To24nKk6HaeFom5wLm0aV+qM5X/phtCDfhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDVQdEFEloJ9ACxxWWtpPIrnC+erMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvTlZCMFFVU1dnbjBBTEhGWmEyazhpdWNMNTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbc0JAwQA
uSR+MA0GCSqGSIb3DQEBCwUAA4IBAQCcmJw695WCtnd8URjwjSpa6PKWavabPhtS
Aa6/frl8MAjsB16T//+n0koim79IdUcRR7053N9cDl4L8M6K/M4KhBpk5oOJtjNI
kBy9+2uvvvFNR7TZQJK63/cvVCOOpf6mEXo0lK1vgSxS4n6C5yWSWZbZLKdXJjAA
NFKwx20y7hvWUjhwd9Xu8flUfqionscamUdIv01Z7sEIYvGlT1tsPXvrklOuwgH8
ptNW3sc9nLZ3Qw7gHHZdNcowBQnf2nYYkn7k8u60tlLfZDntZpO30a6A5MgmD70F
pdPaL/P6k7xl+iQ06sDk9+S1m+pQQ8aEL45xQmRsJsTmrC4Hxi8C
-----END CERTIFICATE-----