Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/NVWKSQ6XeTs9oBM9mH9GDWql-4U.roa
File:                     NVWKSQ6XeTs9oBM9mH9GDWql-4U.roa (raw, json)
Hash identifier:          9ZIbG9al1rdRHLFehJy3ARx4hRFjcesPVT2nGXw1rKM=
Subject key identifier:   35:55:8A:49:0E:97:79:3B:3D:A0:13:3D:98:7F:46:0D:6A:A5:FB:85
Certificate issuer:       /CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
Certificate serial:       019D1B5A09EAB2FB54F1DB071F4A1F91146A
Authority key identifier: 06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/NVWKSQ6XeTs9oBM9mH9GDWql-4U.roa
Signing time:             Mon 23 Mar 2026 15:39:38 +0000
ROA not before:           Mon 23 Mar 2026 15:39:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3337
IP address blocks:        185.124.196.0/24 maxlen: 24
                          185.124.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:5a:09:ea:b2:fb:54:f1:db:07:1f:4a:1f:91:14:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
        Validity
            Not Before: Mar 23 15:39:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35558a490e97793b3da0133d987f460d6aa5fb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ab:a1:af:cd:bf:fa:60:15:43:14:72:c2:67:
                    c0:e5:02:d0:82:7f:54:aa:37:be:9f:97:d0:b9:e1:
                    df:95:3f:45:f6:0a:dd:f1:f3:41:f9:16:45:6e:b9:
                    7d:2e:5c:89:3c:9c:be:83:da:ed:c3:59:d8:86:99:
                    d1:09:b9:a4:0e:de:b0:d4:77:68:4b:10:47:5d:82:
                    ef:55:62:26:d9:2f:32:2f:88:84:12:98:d9:6f:58:
                    74:95:65:b7:84:aa:dc:f9:89:93:da:5f:d1:27:a4:
                    27:9b:0c:1a:d7:0a:a4:a1:06:18:f9:9d:41:9c:39:
                    49:d5:23:f1:75:a8:16:0c:dd:04:3d:c2:f2:cb:36:
                    47:0a:6c:0d:8f:d3:eb:1b:eb:9f:15:7c:59:19:bd:
                    98:58:c4:89:fc:c8:df:ee:d6:64:ac:c5:fc:12:99:
                    25:17:2b:ff:a4:52:2d:42:0f:47:5f:6f:f6:c5:f7:
                    01:c2:2c:26:50:06:be:cc:98:cc:1f:cb:c4:e0:a1:
                    e7:13:43:7d:55:03:da:2f:07:5d:7c:33:34:3a:e2:
                    10:f3:37:04:73:4e:8c:f7:88:1d:3d:15:1b:40:0d:
                    4c:4c:64:e1:21:9c:25:c1:ab:b4:0a:e1:a3:ec:ef:
                    79:fa:96:20:0e:93:19:79:9f:90:42:e9:90:8d:58:
                    d5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:55:8A:49:0E:97:79:3B:3D:A0:13:3D:98:7F:46:0D:6A:A5:FB:85
            X509v3 Authority Key Identifier:
                keyid:06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/NVWKSQ6XeTs9oBM9mH9GDWql-4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:b8:6f:68:1a:c4:86:1c:af:dd:29:41:1f:0e:8c:80:a3:a8:
         54:70:cc:f3:70:73:07:80:ca:a1:ff:75:f9:e8:69:d2:76:fe:
         ce:12:55:84:3c:72:c5:9d:3d:89:84:f1:c2:c9:12:c3:17:76:
         f7:07:e8:83:85:ca:65:82:e0:00:43:52:37:3e:e4:12:bc:9b:
         40:3b:ae:9c:1b:73:5f:03:00:f6:42:ac:87:05:20:f5:a2:5f:
         68:98:76:ef:26:fd:81:ff:de:32:d9:55:87:26:01:ab:5d:54:
         58:a7:92:5f:11:b5:55:44:ba:11:9f:f9:75:14:98:43:8a:07:
         e3:a8:54:e3:a1:a9:a1:3f:00:d1:6a:1c:ab:83:ca:b3:05:bc:
         5d:99:30:69:0b:e4:64:82:0f:f5:4c:a8:4f:1d:6d:a8:e5:95:
         5f:68:8a:1c:20:05:f0:9e:f6:69:3e:e1:ca:e3:73:5a:a4:da:
         63:4a:dd:cf:75:d8:ce:f9:42:bd:e9:75:f9:fd:51:28:ee:a5:
         53:51:55:a8:33:e6:a7:5b:7d:00:74:c3:17:0b:44:fa:5c:86:
         32:ee:28:7f:a2:0d:05:a7:e0:04:71:4a:04:2d:3e:f2:3e:44:
         62:de:a7:61:d3:c7:42:ad:00:4f:85:51:5a:e9:0e:ab:ee:e6:
         34:9d:bb:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bWgnqsvtU8dsHH0ofkRRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzFmYWMyNGUzMGQ5MjU4ZWIyZWY3MmYzMWVkOWJkNjA4
ZmUwZGUwHhcNMjYwMzIzMTUzOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTU1OGE0OTBlOTc3OTNiM2RhMDEzM2Q5ODdmNDYwZDZhYTVmYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxquhr82/+mAVQxRywmfA5QLQgn9U
qje+n5fQueHflT9F9grd8fNB+RZFbrl9LlyJPJy+g9rtw1nYhpnRCbmkDt6w1Hdo
SxBHXYLvVWIm2S8yL4iEEpjZb1h0lWW3hKrc+YmT2l/RJ6Qnmwwa1wqkoQYY+Z1B
nDlJ1SPxdagWDN0EPcLyyzZHCmwNj9PrG+ufFXxZGb2YWMSJ/Mjf7tZkrMX8Epkl
Fyv/pFItQg9HX2/2xfcBwiwmUAa+zJjMH8vE4KHnE0N9VQPaLwddfDM0OuIQ8zcE
c06M94gdPRUbQA1MTGThIZwlwau0CuGj7O95+pYgDpMZeZ+QQumQjVjV7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVVikkOl3k7PaATPZh/Rg1qpfuFMB8GA1UdIwQY
MBaAFAbB+sJOMNkljrLvcvMe2b1gj+DeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDIt
MzQ2YTNjY2U1ZjA5LzEvTlZXS1NRNlhlVHM5b0JNOW1IOUdEV3FsLTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDItMzQ2YTNjY2U1ZjA5
LzEvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXzEMA0G
CSqGSIb3DQEBCwUAA4IBAQAkuG9oGsSGHK/dKUEfDoyAo6hUcMzzcHMHgMqh/3X5
6GnSdv7OElWEPHLFnT2JhPHCyRLDF3b3B+iDhcplguAAQ1I3PuQSvJtAO66cG3Nf
AwD2QqyHBSD1ol9omHbvJv2B/94y2VWHJgGrXVRYp5JfEbVVRLoRn/l1FJhDigfj
qFTjoamhPwDRahyrg8qzBbxdmTBpC+Rkgg/1TKhPHW2o5ZVfaIocIAXwnvZpPuHK
43NapNpjSt3PddjO+UK96XX5/VEo7qVTUVWoM+anW30AdMMXC0T6XIYy7ih/og0F
p+AEcUoELT7yPkRi3qdh08dCrQBPhVFa6Q6r7uY0nbsQ
-----END CERTIFICATE-----