Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/NQlPiQqa7W0GNwaftmV4zoQEr5Q.roa
File:                     NQlPiQqa7W0GNwaftmV4zoQEr5Q.roa (raw, json)
Hash identifier:          7Wexovgikrxx9ZTPHUKr6dZYJRkqMzA38m1bxMdv2+4=
Subject key identifier:   35:09:4F:89:0A:9A:ED:6D:06:37:06:9F:B6:65:78:CE:84:04:AF:94
Certificate issuer:       /CN=318dab70f44a7eb8b1cfc137433fcd4d78a03b05
Certificate serial:       0199E805336FA6EAAB8B5F780533B27D7D1B
Authority key identifier: 31:8D:AB:70:F4:4A:7E:B8:B1:CF:C1:37:43:3F:CD:4D:78:A0:3B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MY2rcPRKfrixz8E3Qz_NTXigOwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/NQlPiQqa7W0GNwaftmV4zoQEr5Q.roa
Signing time:             Wed 15 Oct 2025 13:17:58 +0000
ROA not before:           Wed 15 Oct 2025 13:17:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209870
IP address blocks:        79.140.195.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/MY2rcPRKfrixz8E3Qz_NTXigOwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/MY2rcPRKfrixz8E3Qz_NTXigOwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MY2rcPRKfrixz8E3Qz_NTXigOwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:05:33:6f:a6:ea:ab:8b:5f:78:05:33:b2:7d:7d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=318dab70f44a7eb8b1cfc137433fcd4d78a03b05
        Validity
            Not Before: Oct 15 13:17:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35094f890a9aed6d0637069fb66578ce8404af94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1e:23:f5:bb:f1:45:60:01:2f:2f:28:20:53:
                    74:9e:7a:cb:76:39:f5:43:ae:cb:99:29:8b:fe:57:
                    65:7a:89:a4:05:18:f0:77:9b:c0:e7:94:cf:72:de:
                    7f:da:00:e5:60:6f:08:50:a4:48:6c:9d:2a:1a:97:
                    5f:16:54:ab:27:78:77:db:d8:d9:c1:0c:8e:11:6c:
                    34:20:e1:e0:36:18:a1:bd:8b:63:45:2c:00:11:3a:
                    30:07:9a:fc:70:99:ac:af:d8:f9:d0:2b:42:b3:94:
                    8d:99:d6:6a:f8:ea:cd:83:12:7e:d0:c3:26:d5:9a:
                    dd:55:14:d8:de:ce:ae:2e:c6:1a:a9:73:31:70:26:
                    ce:bc:a4:da:9b:24:40:16:77:19:b9:48:14:fb:41:
                    95:6a:b1:6e:42:09:b4:3f:c9:98:93:77:1c:54:b2:
                    3c:72:b3:ae:25:6b:14:43:30:dd:2a:ca:39:21:b2:
                    38:c4:7c:72:bd:d5:92:97:ec:5f:85:ed:a1:63:fb:
                    67:a1:e0:05:1e:74:50:40:a1:bb:91:73:04:81:81:
                    88:70:f4:35:f1:12:bf:fa:71:19:8a:3c:0b:f0:e1:
                    1a:52:98:85:16:12:ed:6e:d7:ee:75:24:82:10:38:
                    90:c0:5b:b0:c1:af:85:15:30:3b:db:a2:5e:13:b9:
                    14:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:09:4F:89:0A:9A:ED:6D:06:37:06:9F:B6:65:78:CE:84:04:AF:94
            X509v3 Authority Key Identifier:
                keyid:31:8D:AB:70:F4:4A:7E:B8:B1:CF:C1:37:43:3F:CD:4D:78:A0:3B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MY2rcPRKfrixz8E3Qz_NTXigOwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/NQlPiQqa7W0GNwaftmV4zoQEr5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/44f874-446c-4646-8db0-d99f66ef606c/1/MY2rcPRKfrixz8E3Qz_NTXigOwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:12:bf:18:f6:33:66:71:64:76:94:8b:4e:3d:30:4f:0e:90:
         fe:bd:86:69:80:ae:66:12:34:a1:fc:67:57:28:b6:58:29:e5:
         b3:b7:d1:88:20:7c:e6:e6:bc:ac:f9:c5:87:7d:6b:fb:62:d9:
         9d:31:1d:09:4f:5d:06:d2:0b:ad:b3:04:33:d1:88:02:f9:a4:
         17:35:62:db:42:d0:9a:85:d5:a7:16:af:b5:65:f5:9f:e7:26:
         38:90:5e:86:a3:f2:fd:8a:4b:d5:3a:24:77:07:0f:f4:b4:09:
         eb:a7:16:59:0c:78:60:fe:a3:4f:2b:24:49:eb:24:d7:52:04:
         cd:31:a8:04:74:4b:0c:dd:0a:a2:c9:f9:68:02:f5:d0:ae:aa:
         7a:bc:1e:73:94:cc:5b:62:7f:d4:5a:c3:63:00:af:81:e7:23:
         01:3d:72:92:dc:0f:29:37:26:02:3d:c2:60:82:f6:7c:4a:60:
         1b:16:0d:f8:c8:54:a4:47:55:00:70:90:ae:bf:83:05:5d:a3:
         b2:3d:4e:2c:cb:49:88:8d:7e:0c:2c:92:64:e0:da:4b:a7:c7:
         9f:14:49:5d:92:0b:07:de:db:d3:71:89:72:4e:de:b8:b8:a1:
         10:26:ca:a0:92:ca:58:e3:c5:9b:36:47:ae:12:06:05:ff:a0:
         a7:3d:a0:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnoBTNvpuqri194BTOyfX0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxOGRhYjcwZjQ0YTdlYjhiMWNmYzEzNzQzM2ZjZDRkNzhh
MDNiMDUwHhcNMjUxMDE1MTMxNzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA5NGY4OTBhOWFlZDZkMDYzNzA2OWZiNjY1NzhjZTg0MDRhZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB4j9bvxRWABLy8oIFN0nnrLdjn1
Q67LmSmL/ldleomkBRjwd5vA55TPct5/2gDlYG8IUKRIbJ0qGpdfFlSrJ3h329jZ
wQyOEWw0IOHgNhihvYtjRSwAETowB5r8cJmsr9j50CtCs5SNmdZq+OrNgxJ+0MMm
1ZrdVRTY3s6uLsYaqXMxcCbOvKTamyRAFncZuUgU+0GVarFuQgm0P8mYk3ccVLI8
crOuJWsUQzDdKso5IbI4xHxyvdWSl+xfhe2hY/tnoeAFHnRQQKG7kXMEgYGIcPQ1
8RK/+nEZijwL8OEaUpiFFhLtbtfudSSCEDiQwFuwwa+FFTA726JeE7kUlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUJT4kKmu1tBjcGn7ZleM6EBK+UMB8GA1UdIwQY
MBaAFDGNq3D0Sn64sc/BN0M/zU14oDsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVkycmNQUktmcml4ejhFM1F6X05UWGlnT3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NGY4NzQtNDQ2Yy00NjQ2LThkYjAt
ZDk5ZjY2ZWY2MDZjLzEvTlFsUGlRcWE3VzBHTndhZnRtVjR6b1FFcjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NGY4NzQtNDQ2Yy00NjQ2LThkYjAtZDk5ZjY2ZWY2MDZj
LzEvTVkycmNQUktmcml4ejhFM1F6X05UWGlnT3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4zDMA0G
CSqGSIb3DQEBCwUAA4IBAQCwEr8Y9jNmcWR2lItOPTBPDpD+vYZpgK5mEjSh/GdX
KLZYKeWzt9GIIHzm5rys+cWHfWv7YtmdMR0JT10G0gutswQz0YgC+aQXNWLbQtCa
hdWnFq+1ZfWf5yY4kF6Go/L9ikvVOiR3Bw/0tAnrpxZZDHhg/qNPKyRJ6yTXUgTN
MagEdEsM3QqiyfloAvXQrqp6vB5zlMxbYn/UWsNjAK+B5yMBPXKS3A8pNyYCPcJg
gvZ8SmAbFg34yFSkR1UAcJCuv4MFXaOyPU4sy0mIjX4MLJJk4NpLp8efFEldkgsH
3tvTcYlyTt64uKEQJsqgkspY48WbNkeuEgYF/6CnPaAY
-----END CERTIFICATE-----