Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/NXwlVXiim_zGBDcqjx0eFIuUGWk.roa
File:                     NXwlVXiim_zGBDcqjx0eFIuUGWk.roa (raw, json)
Hash identifier:          mei7vYH+6OQG8yo3aepSsguWF4MAUBo4s0J/dbzC4gk=
Subject key identifier:   35:7C:25:55:78:A2:9B:FC:C6:04:37:2A:8F:1D:1E:14:8B:94:19:69
Certificate issuer:       /CN=d681fa66be2cea34b5883c21c6f83f3464e2eee1
Certificate serial:       0198A39AA818BB065E08BB28C60316C5A59D
Authority key identifier: D6:81:FA:66:BE:2C:EA:34:B5:88:3C:21:C6:F8:3F:34:64:E2:EE:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/NXwlVXiim_zGBDcqjx0eFIuUGWk.roa
Signing time:             Wed 13 Aug 2025 13:24:38 +0000
ROA not before:           Wed 13 Aug 2025 13:24:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64442
IP address blocks:        185.161.100.0/22 maxlen: 22
                          185.161.100.0/24 maxlen: 24
                          2a07:c180::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:9a:a8:18:bb:06:5e:08:bb:28:c6:03:16:c5:a5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d681fa66be2cea34b5883c21c6f83f3464e2eee1
        Validity
            Not Before: Aug 13 13:24:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=357c255578a29bfcc604372a8f1d1e148b941969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e8:97:f0:ed:58:0b:c8:15:3c:78:7c:5e:50:
                    63:4a:e4:d3:3b:7d:9e:05:dc:9f:f7:a5:10:fe:6e:
                    2f:20:8d:05:8c:aa:e1:0e:a2:e6:91:6a:0a:cd:7d:
                    15:ea:36:ac:74:25:b6:2c:aa:f2:dd:d4:8f:60:73:
                    97:55:e9:d5:14:ba:ae:6b:fb:b3:bc:b1:19:40:57:
                    7f:54:a0:13:fd:93:42:e6:a6:78:eb:05:bc:75:84:
                    aa:04:d1:b5:ad:ed:32:ec:6f:6d:81:40:56:e3:6d:
                    26:ef:34:ee:17:cf:d1:c3:99:e0:fb:81:97:26:62:
                    41:bc:ed:c6:7b:10:7e:62:70:33:dc:e9:ec:ae:1e:
                    f8:96:ca:5e:54:dd:ae:98:e2:b7:35:08:2e:c4:d9:
                    56:13:99:84:97:b5:b9:6e:28:a3:96:e0:fe:8a:fb:
                    9e:e4:d2:cc:bd:21:51:82:1f:11:e4:4e:62:0f:8a:
                    9c:4c:0a:6c:e1:21:e0:cd:1e:86:ea:27:f6:0e:92:
                    f9:07:e6:34:5c:ad:94:e4:5e:bd:5b:ff:cc:9a:92:
                    c8:a9:7f:61:4a:b5:66:e0:6a:19:04:29:55:47:06:
                    d6:cf:d6:a7:c4:42:a3:76:2d:72:68:8e:b4:9c:11:
                    4c:61:b6:7c:f8:a5:48:fb:76:3d:5c:9f:7f:6d:fa:
                    fe:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7C:25:55:78:A2:9B:FC:C6:04:37:2A:8F:1D:1E:14:8B:94:19:69
            X509v3 Authority Key Identifier:
                keyid:D6:81:FA:66:BE:2C:EA:34:B5:88:3C:21:C6:F8:3F:34:64:E2:EE:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/NXwlVXiim_zGBDcqjx0eFIuUGWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/240165-d974-429b-a1c1-a3ef0a4a3119/1/1oH6Zr4s6jS1iDwhxvg_NGTi7uE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.100.0/22
                IPv6:
                  2a07:c180::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:03:e0:67:e1:71:67:16:6f:c7:df:e2:8e:13:b1:c1:dd:08:
         b8:f9:c5:46:a0:fa:6f:d8:66:9b:6c:bc:51:ee:50:23:d0:5b:
         d5:6e:21:eb:d7:6c:9d:05:ef:4d:c1:79:ce:fb:d3:f8:4b:9c:
         c9:da:ed:a0:a8:fd:43:4d:b3:a2:b7:ea:35:76:59:ee:a2:6c:
         49:d7:9f:45:9e:00:e0:4b:5b:1e:de:f4:a4:43:5f:33:6a:de:
         32:da:6f:b6:dc:ad:f8:c8:3f:b1:e5:cf:b9:dc:ce:b2:26:84:
         8a:3e:6b:f5:21:f1:cd:5f:a1:fc:9d:a3:fb:59:63:1b:c6:9e:
         7e:4f:b9:85:93:cf:e4:fd:b1:d8:7f:62:31:ba:37:64:b8:2f:
         0a:ff:61:00:be:9a:7a:44:c0:4a:37:b6:b5:77:2a:0a:d2:25:
         6a:6c:c8:b6:2d:4b:23:cc:4e:b8:e8:fc:04:1c:cb:9b:3a:df:
         9f:0e:4f:fd:5c:8b:1b:bc:13:ea:56:05:85:59:02:5d:c9:8c:
         79:f0:20:59:27:4c:b5:6d:8f:dc:01:af:af:80:60:db:cc:d1:
         01:50:1b:e6:18:6b:b1:01:12:0e:57:39:32:0a:e5:c3:ae:5c:
         b1:7c:db:4b:ed:a6:10:ff:c4:33:3b:1b:d8:c4:2e:5a:92:6c:
         d3:ab:10:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZijmqgYuwZeCLsoxgMWxaWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ODFmYTY2YmUyY2VhMzRiNTg4M2MyMWM2ZjgzZjM0NjRl
MmVlZTEwHhcNMjUwODEzMTMyNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTdjMjU1NTc4YTI5YmZjYzYwNDM3MmE4ZjFkMWUxNDhiOTQxOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+iX8O1YC8gVPHh8XlBjSuTTO32e
Bdyf96UQ/m4vII0FjKrhDqLmkWoKzX0V6jasdCW2LKry3dSPYHOXVenVFLqua/uz
vLEZQFd/VKAT/ZNC5qZ46wW8dYSqBNG1re0y7G9tgUBW420m7zTuF8/Rw5ng+4GX
JmJBvO3GexB+YnAz3Onsrh74lspeVN2umOK3NQguxNlWE5mEl7W5biijluD+ivue
5NLMvSFRgh8R5E5iD4qcTAps4SHgzR6G6if2DpL5B+Y0XK2U5F69W//MmpLIqX9h
SrVm4GoZBClVRwbWz9anxEKjdi1yaI60nBFMYbZ8+KVI+3Y9XJ9/bfr+UQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDV8JVV4opv8xgQ3Ko8dHhSLlBlpMB8GA1UdIwQY
MBaAFNaB+ma+LOo0tYg8Icb4PzRk4u7hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW9INlpyNHM2alMxaUR3aHh2Z19OR1RpN3VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNDAxNjUtZDk3NC00MjliLWExYzEt
YTNlZjBhNGEzMTE5LzEvTlh3bFZYaWltX3pHQkRjcWp4MGVGSXVVR1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNDAxNjUtZDk3NC00MjliLWExYzEtYTNlZjBhNGEzMTE5
LzEvMW9INlpyNHM2alMxaUR3aHh2Z19OR1RpN3VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaFkMA0E
AgACMAcDBQMqB8GAMA0GCSqGSIb3DQEBCwUAA4IBAQBvA+Bn4XFnFm/H3+KOE7HB
3Qi4+cVGoPpv2GabbLxR7lAj0FvVbiHr12ydBe9NwXnO+9P4S5zJ2u2gqP1DTbOi
t+o1dlnuomxJ159FngDgS1se3vSkQ18zat4y2m+23K34yD+x5c+53M6yJoSKPmv1
IfHNX6H8naP7WWMbxp5+T7mFk8/k/bHYf2IxujdkuC8K/2EAvpp6RMBKN7a1dyoK
0iVqbMi2LUsjzE646PwEHMubOt+fDk/9XIsbvBPqVgWFWQJdyYx58CBZJ0y1bY/c
Aa+vgGDbzNEBUBvmGGuxARIOVzkyCuXDrlyxfNtL7aYQ/8QzOxvYxC5akmzTqxCu
-----END CERTIFICATE-----