Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/m-Ncfpuw9lyFAGvhN6SO1U82ZPI.roa
File:                     m-Ncfpuw9lyFAGvhN6SO1U82ZPI.roa (raw, json)
Hash identifier:          /M7ImEM1ZD0v5nu/Nb9bLOvnyebMcwld8IBc6QoNAjU=
Subject key identifier:   9B:E3:5C:7E:9B:B0:F6:5C:85:00:6B:E1:37:A4:8E:D5:4F:36:64:F2
Certificate issuer:       /CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Certificate serial:       019898216EC557060D73F902C7F91574F8B9
Authority key identifier: 23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/m-Ncfpuw9lyFAGvhN6SO1U82ZPI.roa
Signing time:             Mon 11 Aug 2025 07:56:24 +0000
ROA not before:           Mon 11 Aug 2025 07:56:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213097
IP address blocks:        91.240.92.0/24 maxlen: 24
                          2a0a:d881::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:21:6e:c5:57:06:0d:73:f9:02:c7:f9:15:74:f8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
        Validity
            Not Before: Aug 11 07:56:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9be35c7e9bb0f65c85006be137a48ed54f3664f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a5:dd:48:21:0e:a5:2a:a4:84:45:34:89:f7:
                    38:f9:80:fd:92:c2:f9:56:4b:14:ec:41:d6:ea:78:
                    13:5c:89:15:aa:0b:4e:a3:0d:ea:55:cf:f1:d6:8c:
                    06:9a:67:79:cc:47:60:41:cd:b7:b6:cd:c7:ed:44:
                    02:68:82:99:e3:cd:de:c5:93:a5:f2:bb:1a:e0:ac:
                    b2:26:3a:c7:30:ec:c3:c0:1e:5e:33:75:ab:f5:c5:
                    20:9c:ca:d3:f5:76:f1:90:2b:8f:3e:3d:2e:07:f5:
                    12:80:1f:3d:e7:50:c9:59:d2:e7:46:39:a2:d4:ff:
                    a0:2e:a9:98:8a:29:c6:b3:36:5b:2f:5d:c2:7c:82:
                    95:21:14:0c:9f:f8:16:fd:45:6f:e1:16:b3:a3:c1:
                    82:c1:31:28:ac:88:70:c0:f6:a6:ed:f4:98:9b:3f:
                    51:47:c0:3f:49:01:99:d1:c6:1b:b2:f4:ea:1d:3d:
                    17:84:19:84:3b:f1:a2:e1:b3:96:4a:83:7d:e9:4e:
                    4e:8b:29:28:fd:ef:7f:0c:09:77:5d:19:8f:a2:3b:
                    b4:30:03:ba:7b:b7:99:ef:f4:4e:d0:47:9d:a4:c0:
                    bf:4e:bf:cf:17:7b:5e:b4:87:a9:23:3d:75:72:1d:
                    6e:b9:5e:98:bc:d9:6c:61:84:f1:99:30:55:c9:89:
                    23:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E3:5C:7E:9B:B0:F6:5C:85:00:6B:E1:37:A4:8E:D5:4F:36:64:F2
            X509v3 Authority Key Identifier:
                keyid:23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/m-Ncfpuw9lyFAGvhN6SO1U82ZPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.92.0/24
                IPv6:
                  2a0a:d881::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:bf:cb:88:2a:4f:d9:2a:45:9a:06:8c:b5:04:41:a4:7e:86:
         f6:e6:48:63:ce:59:36:10:97:94:d7:6d:65:ad:a8:e8:47:68:
         f1:a6:1a:54:2f:77:6a:25:5d:58:3c:9c:9a:4e:65:f7:c3:33:
         62:d6:ab:89:f1:af:16:cf:4c:33:06:f7:d6:5a:e3:39:dc:a8:
         78:9b:c7:48:6c:1b:77:2b:09:00:f2:be:d8:ea:57:a4:81:ca:
         c5:eb:3c:03:43:35:38:c5:d2:e4:79:fe:ee:89:f8:91:c6:b1:
         8b:ae:ff:c8:3a:e3:75:90:8f:ff:bd:05:ce:f6:b4:b2:bb:90:
         f4:a1:18:2f:83:b3:1b:6e:62:bf:46:88:49:14:80:61:98:75:
         95:c7:c7:4c:0b:35:c7:59:c2:a8:b4:81:e5:4b:2d:d6:da:9c:
         07:99:6b:44:d0:1d:1c:ae:e4:9b:2f:a5:2b:f8:b4:59:d3:98:
         32:1f:c3:7c:f5:75:5d:07:bc:8c:52:ce:1b:42:2d:16:a0:5b:
         9f:ef:67:63:cf:f9:93:79:bf:66:d5:65:17:56:1a:4d:6d:ec:
         21:31:55:08:e9:38:ec:a6:13:8d:1a:d7:b9:04:66:6a:35:79:
         c4:6c:27:cb:d3:44:16:9c:bb:fc:69:42:66:64:a0:14:69:b0:
         94:0a:64:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZiYIW7FVwYNc/kCx/kVdPi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNjYyYzlhOTgwYWQ3NTg0NjUwYWJhYTM1NDViOWVhOTFk
M2UzNWUwHhcNMjUwODExMDc1NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmUzNWM3ZTliYjBmNjVjODUwMDZiZTEzN2E0OGVkNTRmMzY2NGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKXdSCEOpSqkhEU0ifc4+YD9ksL5
VksU7EHW6ngTXIkVqgtOow3qVc/x1owGmmd5zEdgQc23ts3H7UQCaIKZ483exZOl
8rsa4KyyJjrHMOzDwB5eM3Wr9cUgnMrT9XbxkCuPPj0uB/USgB8951DJWdLnRjmi
1P+gLqmYiinGszZbL13CfIKVIRQMn/gW/UVv4Razo8GCwTEorIhwwPam7fSYmz9R
R8A/SQGZ0cYbsvTqHT0XhBmEO/Gi4bOWSoN96U5Oiyko/e9/DAl3XRmPoju0MAO6
e7eZ7/RO0EedpMC/Tr/PF3tetIepIz11ch1uuV6YvNlsYYTxmTBVyYkjTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJvjXH6bsPZchQBr4TekjtVPNmTyMB8GA1UdIwQY
MBaAFCNmLJqYCtdYRlCrqjVFueqR0+NeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEt
ODIzMmUzNTBkNDU4LzEvbS1OY2ZwdXc5bHlGQUd2aE42U08xVTgyWlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEtODIzMmUzNTBkNDU4
LzEvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/BcMA8E
AgACMAkDBwAqCtiBAAAwDQYJKoZIhvcNAQELBQADggEBAJu/y4gqT9kqRZoGjLUE
QaR+hvbmSGPOWTYQl5TXbWWtqOhHaPGmGlQvd2olXVg8nJpOZffDM2LWq4nxrxbP
TDMG99Za4zncqHibx0hsG3crCQDyvtjqV6SBysXrPANDNTjF0uR5/u6J+JHGsYuu
/8g643WQj/+9Bc72tLK7kPShGC+DsxtuYr9GiEkUgGGYdZXHx0wLNcdZwqi0geVL
LdbanAeZa0TQHRyu5JsvpSv4tFnTmDIfw3z1dV0HvIxSzhtCLRagW5/vZ2PP+ZN5
v2bVZRdWGk1t7CExVQjpOOymE40a17kEZmo1ecRsJ8vTRBacu/xpQmZkoBRpsJQK
ZHs=
-----END CERTIFICATE-----