Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/n5cNfAezq-PA0qRMQcD4Vk_fATk.roa
File:                     n5cNfAezq-PA0qRMQcD4Vk_fATk.roa (raw, json)
Hash identifier:          3AWrOq42owDA1epXEWxZ5qyQ/E7NiBYhiJKMNg3oKTI=
Subject key identifier:   9F:97:0D:7C:07:B3:AB:E3:C0:D2:A4:4C:41:C0:F8:56:4F:DF:01:39
Certificate issuer:       /CN=32d395c57dfd30c0cd2c30f42338ae4c14a750a1
Certificate serial:       0198E034A990AD7DB572048C9ED7143F4ADF
Authority key identifier: 32:D3:95:C5:7D:FD:30:C0:CD:2C:30:F4:23:38:AE:4C:14:A7:50:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MtOVxX39MMDNLDD0IziuTBSnUKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/n5cNfAezq-PA0qRMQcD4Vk_fATk.roa
Signing time:             Mon 25 Aug 2025 07:50:04 +0000
ROA not before:           Mon 25 Aug 2025 07:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35236
IP address blocks:        91.241.8.0/22 maxlen: 24
                          2001:678:10e0::/48 maxlen: 49
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/MtOVxX39MMDNLDD0IziuTBSnUKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/MtOVxX39MMDNLDD0IziuTBSnUKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MtOVxX39MMDNLDD0IziuTBSnUKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:34:a9:90:ad:7d:b5:72:04:8c:9e:d7:14:3f:4a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32d395c57dfd30c0cd2c30f42338ae4c14a750a1
        Validity
            Not Before: Aug 25 07:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f970d7c07b3abe3c0d2a44c41c0f8564fdf0139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e9:9c:3d:6a:c5:23:e0:81:92:d7:da:8d:aa:
                    96:ee:66:32:95:fa:25:fd:92:af:41:02:6d:60:cf:
                    63:8c:ad:c7:b6:82:49:1e:f1:cf:4c:66:8b:7c:b7:
                    b1:6b:d1:07:82:86:5e:d9:1e:98:71:3e:f9:ea:9d:
                    fe:94:bb:6e:f7:26:91:17:d4:93:2e:a4:f3:e5:fe:
                    79:22:00:aa:c8:16:92:86:de:69:35:94:75:34:da:
                    d1:c5:c8:a5:fe:b7:26:09:51:41:15:93:90:01:75:
                    94:08:ae:3d:61:a7:b7:ba:07:ed:8a:1d:1c:f5:93:
                    ee:26:5c:cf:c7:8d:d0:b9:c5:ef:1d:9a:35:28:b7:
                    05:bf:83:0c:3a:f7:ed:69:0b:2e:0d:7e:2a:51:00:
                    17:41:0a:a6:0e:55:81:a2:cd:af:4a:41:75:d1:28:
                    79:32:34:c1:b3:d6:3b:c3:45:ad:f5:57:7a:45:56:
                    d8:ec:2f:c9:e8:36:b0:f9:58:96:8d:b4:a8:57:67:
                    76:16:07:cb:3a:d2:fc:d9:37:03:94:0c:05:e7:6e:
                    86:43:7f:29:c2:60:bc:61:20:55:3b:fc:7e:2e:23:
                    2a:39:ca:50:ae:a5:bf:08:fe:1c:77:25:6b:1d:5c:
                    73:b9:1a:92:13:2d:3f:a4:9d:91:f0:65:fb:9e:20:
                    92:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:97:0D:7C:07:B3:AB:E3:C0:D2:A4:4C:41:C0:F8:56:4F:DF:01:39
            X509v3 Authority Key Identifier:
                keyid:32:D3:95:C5:7D:FD:30:C0:CD:2C:30:F4:23:38:AE:4C:14:A7:50:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MtOVxX39MMDNLDD0IziuTBSnUKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/n5cNfAezq-PA0qRMQcD4Vk_fATk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/35b49b-03a3-4101-a3fe-1d8e19df4a62/1/MtOVxX39MMDNLDD0IziuTBSnUKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.8.0/22
                IPv6:
                  2001:678:10e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:1d:3a:54:9d:dc:fa:2d:ba:48:3f:59:f3:ee:80:9c:c4:23:
         ef:bd:f6:e4:65:1c:34:ee:b6:aa:27:4a:6e:f7:1e:f5:4c:06:
         de:98:6f:f9:77:80:44:20:cd:7a:e7:c6:29:7e:6a:5a:9d:20:
         eb:d6:69:0e:4a:b1:9b:1d:1d:b5:82:42:10:58:4b:5e:1f:0d:
         d2:fa:e2:f5:76:c6:f3:60:90:b0:26:ae:6b:f1:49:f4:8d:3b:
         1f:b4:36:a6:82:ce:05:ea:ce:4e:ce:f5:cb:e6:f5:b0:07:24:
         b9:2b:d3:cf:6b:25:fe:fb:47:97:48:0e:9c:49:59:b8:e1:8f:
         6d:2f:9b:a2:05:3e:c8:d1:5c:ca:5e:d1:b0:bb:a7:76:ca:f7:
         ea:aa:c9:81:aa:14:9d:81:57:cc:76:22:49:46:bd:b2:20:c9:
         46:90:40:82:83:8e:52:b0:33:fb:0e:17:d5:00:78:f9:ad:01:
         66:58:d8:49:eb:a4:b3:7f:a0:31:6d:71:43:86:ab:48:e8:3c:
         73:ce:b4:63:35:1c:ea:d6:fd:e4:73:15:b0:95:34:d1:d2:c4:
         6f:47:aa:7b:86:35:1b:50:7f:27:ba:95:b4:d1:91:41:8c:89:
         07:a6:53:62:f3:7f:f0:d8:0c:32:84:d1:1e:9e:b4:0e:84:b4:
         17:68:2b:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZjgNKmQrX21cgSMntcUP0rfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZDM5NWM1N2RmZDMwYzBjZDJjMzBmNDIzMzhhZTRjMTRh
NzUwYTEwHhcNMjUwODI1MDc1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjk3MGQ3YzA3YjNhYmUzYzBkMmE0NGM0MWMwZjg1NjRmZGYwMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmumcPWrFI+CBktfajaqW7mYylfol
/ZKvQQJtYM9jjK3HtoJJHvHPTGaLfLexa9EHgoZe2R6YcT756p3+lLtu9yaRF9ST
LqTz5f55IgCqyBaSht5pNZR1NNrRxcil/rcmCVFBFZOQAXWUCK49Yae3ugftih0c
9ZPuJlzPx43QucXvHZo1KLcFv4MMOvftaQsuDX4qUQAXQQqmDlWBos2vSkF10Sh5
MjTBs9Y7w0Wt9Vd6RVbY7C/J6Daw+ViWjbSoV2d2FgfLOtL82TcDlAwF526GQ38p
wmC8YSBVO/x+LiMqOcpQrqW/CP4cdyVrHVxzuRqSEy0/pJ2R8GX7niCSzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ+XDXwHs6vjwNKkTEHA+FZP3wE5MB8GA1UdIwQY
MBaAFDLTlcV9/TDAzSww9CM4rkwUp1ChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXRPVnhYMzlNTUROTEREMEl6aXVUQlNuVUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zNWI0OWItMDNhMy00MTAxLWEzZmUt
MWQ4ZTE5ZGY0YTYyLzEvbjVjTmZBZXpxLVBBMHFSTVFjRDRWa19mQVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zNWI0OWItMDNhMy00MTAxLWEzZmUtMWQ4ZTE5ZGY0YTYy
LzEvTXRPVnhYMzlNTUROTEREMEl6aXVUQlNuVUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW/EIMA8E
AgACMAkDBwAgAQZ4EOAwDQYJKoZIhvcNAQELBQADggEBAJQdOlSd3Potukg/WfPu
gJzEI++99uRlHDTutqonSm73HvVMBt6Yb/l3gEQgzXrnxil+alqdIOvWaQ5KsZsd
HbWCQhBYS14fDdL64vV2xvNgkLAmrmvxSfSNOx+0NqaCzgXqzk7O9cvm9bAHJLkr
089rJf77R5dIDpxJWbjhj20vm6IFPsjRXMpe0bC7p3bK9+qqyYGqFJ2BV8x2IklG
vbIgyUaQQIKDjlKwM/sOF9UAePmtAWZY2EnrpLN/oDFtcUOGq0joPHPOtGM1HOrW
/eRzFbCVNNHSxG9HqnuGNRtQfye6lbTRkUGMiQemU2Lzf/DYDDKE0R6etA6EtBdo
KxA=
-----END CERTIFICATE-----