Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/NGjB506tQD4M9JyQ0y5L8sd4Coc.roa
File:                     NGjB506tQD4M9JyQ0y5L8sd4Coc.roa (raw, json)
Hash identifier:          bikmvDPhCClihvHahEW9OUu5noBCQJiGJ2NSrdBDNrY=
Subject key identifier:   34:68:C1:E7:4E:AD:40:3E:0C:F4:9C:90:D3:2E:4B:F2:C7:78:0A:87
Certificate issuer:       /CN=d32d1eb0ec8ef5a230457a9702e7aa396858180c
Certificate serial:       019B7C125DF87F4B8D87B8B36782B95B4F2D
Authority key identifier: D3:2D:1E:B0:EC:8E:F5:A2:30:45:7A:97:02:E7:AA:39:68:58:18:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0y0esOyO9aIwRXqXAueqOWhYGAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/NGjB506tQD4M9JyQ0y5L8sd4Coc.roa
Signing time:             Fri 02 Jan 2026 00:18:57 +0000
ROA not before:           Fri 02 Jan 2026 00:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201099
IP address blocks:        193.111.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/0y0esOyO9aIwRXqXAueqOWhYGAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/0y0esOyO9aIwRXqXAueqOWhYGAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0y0esOyO9aIwRXqXAueqOWhYGAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:5d:f8:7f:4b:8d:87:b8:b3:67:82:b9:5b:4f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d32d1eb0ec8ef5a230457a9702e7aa396858180c
        Validity
            Not Before: Jan  2 00:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3468c1e74ead403e0cf49c90d32e4bf2c7780a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4c:05:d5:73:e5:8c:e0:9d:c0:df:8d:24:1a:
                    c5:b2:80:92:86:15:ef:ac:f3:08:37:9d:74:10:48:
                    00:51:88:17:50:2f:7d:78:4b:20:5e:69:6a:b3:69:
                    12:c2:9b:d2:e1:bf:05:78:1f:a8:56:52:49:4d:a6:
                    cc:73:a6:01:bc:b3:e1:fc:06:5c:52:4b:43:30:59:
                    49:3f:ae:4a:8f:c9:47:35:83:99:a9:3c:07:07:b9:
                    cf:bf:9a:22:66:4a:fb:07:18:22:b8:e7:bd:5b:5e:
                    21:0d:20:9b:dd:7d:00:6e:8c:48:86:e1:31:78:b4:
                    96:49:1a:3f:ca:37:6e:0e:19:27:bc:a8:c0:9d:f6:
                    61:d3:04:93:62:3e:ec:b3:78:20:85:85:61:a9:04:
                    72:72:67:30:d3:cd:40:39:af:d5:ef:d7:75:36:35:
                    a8:8f:46:dd:7e:a6:10:71:9b:0c:59:5b:94:86:48:
                    2b:fd:43:87:5a:60:d8:37:79:26:ca:ef:12:e9:80:
                    00:66:b2:ef:3e:bd:f4:59:d8:8d:5c:7b:fa:2b:b2:
                    62:ad:17:b3:ea:ff:da:25:0c:35:4d:1d:dd:1c:2d:
                    0b:9d:68:f8:64:36:c6:de:a5:4c:50:d9:d3:17:0e:
                    94:98:2f:9b:00:db:43:6e:5b:78:3f:ce:7f:c2:59:
                    34:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:68:C1:E7:4E:AD:40:3E:0C:F4:9C:90:D3:2E:4B:F2:C7:78:0A:87
            X509v3 Authority Key Identifier:
                keyid:D3:2D:1E:B0:EC:8E:F5:A2:30:45:7A:97:02:E7:AA:39:68:58:18:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0y0esOyO9aIwRXqXAueqOWhYGAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/NGjB506tQD4M9JyQ0y5L8sd4Coc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/51d445-f070-4ca9-a02b-2e1f9be95573/1/0y0esOyO9aIwRXqXAueqOWhYGAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:f7:5d:07:84:e4:f9:e6:97:e0:3c:fa:52:fd:9b:bd:9c:8b:
         56:59:57:0f:f8:d5:57:13:45:ef:70:2c:6a:56:7c:76:7a:f3:
         b7:8d:75:fa:a1:82:bf:d4:bb:67:0b:25:d7:d6:05:d5:19:f2:
         3b:99:b6:e1:69:a4:f4:56:57:be:1a:8e:93:6a:09:02:92:ca:
         c7:39:fd:ed:04:31:08:b9:34:23:dc:5a:59:a2:2a:b9:ea:94:
         f0:04:44:29:14:bd:4e:41:fc:c3:fe:88:bb:be:a6:6c:2b:67:
         d1:84:8d:7f:40:eb:3a:3e:4e:22:63:d1:0f:f6:dd:86:2d:9b:
         1b:3d:dc:a4:84:25:c0:31:2f:a2:2f:37:8c:42:6a:60:fa:b1:
         9c:14:15:eb:ae:4e:36:a7:ea:db:2a:1a:bb:50:35:23:c6:4a:
         84:02:40:67:c5:95:ea:81:a0:d8:c5:3a:ae:6b:af:8a:16:be:
         7d:dc:87:7e:dc:22:6b:84:94:40:64:86:4c:22:66:de:0c:ec:
         1c:49:79:19:bc:eb:cc:cd:11:f5:16:0d:7d:78:5b:48:0a:a8:
         b4:96:e7:e4:fc:30:0b:a3:14:c8:df:b2:8f:04:ca:dc:ce:04:
         56:a5:0b:d6:e6:e4:86:29:2f:ad:78:57:89:f0:1d:89:b0:2a:
         3a:ea:91:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8El34f0uNh7izZ4K5W08tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMmQxZWIwZWM4ZWY1YTIzMDQ1N2E5NzAyZTdhYTM5Njg1
ODE4MGMwHhcNMjYwMTAyMDAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDY4YzFlNzRlYWQ0MDNlMGNmNDljOTBkMzJlNGJmMmM3NzgwYTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUwF1XPljOCdwN+NJBrFsoCShhXv
rPMIN510EEgAUYgXUC99eEsgXmlqs2kSwpvS4b8FeB+oVlJJTabMc6YBvLPh/AZc
UktDMFlJP65Kj8lHNYOZqTwHB7nPv5oiZkr7BxgiuOe9W14hDSCb3X0AboxIhuEx
eLSWSRo/yjduDhknvKjAnfZh0wSTYj7ss3gghYVhqQRycmcw081AOa/V79d1NjWo
j0bdfqYQcZsMWVuUhkgr/UOHWmDYN3kmyu8S6YAAZrLvPr30WdiNXHv6K7JirRez
6v/aJQw1TR3dHC0LnWj4ZDbG3qVMUNnTFw6UmC+bANtDblt4P85/wlk0qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRowedOrUA+DPSckNMuS/LHeAqHMB8GA1UdIwQY
MBaAFNMtHrDsjvWiMEV6lwLnqjloWBgMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHkwZXNPeU85YUl3UlhxWEF1ZXFPV2hZR0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81MWQ0NDUtZjA3MC00Y2E5LWEwMmIt
MmUxZjliZTk1NTczLzEvTkdqQjUwNnRRRDRNOUp5UTB5NUw4c2Q0Q29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81MWQ0NDUtZjA3MC00Y2E5LWEwMmItMmUxZjliZTk1NTcz
LzEvMHkwZXNPeU85YUl3UlhxWEF1ZXFPV2hZR0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW9CMA0G
CSqGSIb3DQEBCwUAA4IBAQCP910HhOT55pfgPPpS/Zu9nItWWVcP+NVXE0XvcCxq
Vnx2evO3jXX6oYK/1LtnCyXX1gXVGfI7mbbhaaT0Vle+Go6TagkCksrHOf3tBDEI
uTQj3FpZoiq56pTwBEQpFL1OQfzD/oi7vqZsK2fRhI1/QOs6Pk4iY9EP9t2GLZsb
PdykhCXAMS+iLzeMQmpg+rGcFBXrrk42p+rbKhq7UDUjxkqEAkBnxZXqgaDYxTqu
a6+KFr593Id+3CJrhJRAZIZMImbeDOwcSXkZvOvMzRH1Fg19eFtICqi0lufk/DAL
oxTI37KPBMrczgRWpQvW5uSGKS+teFeJ8B2JsCo66pFi
-----END CERTIFICATE-----