Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NwkL_RCVaGXT4imbBaIpPZw6kWg.roa
File:                     NwkL_RCVaGXT4imbBaIpPZw6kWg.roa (raw, json)
Hash identifier:          eMKiOz/oyNA6w3y0uBc35mP8Vw/9Quu64JkJ41OaQz0=
Subject key identifier:   37:09:0B:FD:10:95:68:65:D3:E2:29:9B:05:A2:29:3D:9C:3A:91:68
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0198BE712A8D17273850069DF4B842B165E2
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NwkL_RCVaGXT4imbBaIpPZw6kWg.roa
Signing time:             Mon 18 Aug 2025 18:29:04 +0000
ROA not before:           Mon 18 Aug 2025 18:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.111.40.0/23 maxlen: 23
                          109.111.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 21:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:be:71:2a:8d:17:27:38:50:06:9d:f4:b8:42:b1:65:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 18 18:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37090bfd10956865d3e2299b05a2293d9c3a9168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:2d:17:fe:60:b1:83:ba:b9:89:89:5d:eb:
                    0f:53:72:da:71:2a:4c:de:e2:b4:db:4a:79:55:f9:
                    b9:76:29:82:7e:e4:a2:df:b0:6f:7f:42:c4:5d:f8:
                    f3:22:f0:36:bb:d4:04:a3:09:9f:0f:89:38:b5:1f:
                    d1:c8:c0:68:17:ce:c7:c0:9d:5d:dd:03:13:76:62:
                    dd:ae:27:1d:fe:60:c1:a1:db:39:da:f6:a6:93:24:
                    d6:9e:52:a2:ab:0c:56:e7:21:af:a0:39:cb:ae:70:
                    20:f8:1e:1a:48:ab:79:8e:54:88:b2:65:99:49:4f:
                    23:50:64:7d:fb:96:27:fb:e0:aa:dc:75:e9:b9:50:
                    1c:58:72:c3:b7:b6:70:9a:5c:31:5d:42:61:2f:69:
                    da:c7:ac:bb:e9:d3:f1:b9:c0:87:a2:d0:a4:fd:a7:
                    82:64:85:8e:2b:5d:b3:3f:63:dd:aa:4c:8c:11:2e:
                    0d:9b:c0:c0:c0:e9:d6:6d:58:ad:b4:cd:c8:90:df:
                    0e:24:e1:67:a6:81:da:20:51:d5:74:c2:0b:08:28:
                    47:fd:54:71:3c:0f:54:95:cc:cb:69:76:ba:59:0a:
                    a1:fb:6a:e3:a9:0e:68:db:32:a6:36:68:84:d7:35:
                    4a:2c:3f:0f:1c:0c:b1:fc:f2:1a:ee:28:0f:88:25:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:09:0B:FD:10:95:68:65:D3:E2:29:9B:05:A2:29:3D:9C:3A:91:68
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NwkL_RCVaGXT4imbBaIpPZw6kWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.40.0/23
                  109.111.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3c:89:65:63:f6:23:7e:2c:83:6f:87:83:03:13:09:70:2e:88:
         cf:69:d5:f7:83:3c:65:12:20:ca:bf:6e:a9:ba:92:ea:b5:7f:
         28:15:3b:9c:cf:58:6c:cb:c9:d4:92:65:60:14:63:14:cd:c8:
         8c:91:63:c3:79:e6:1f:3a:bf:30:dd:6f:b9:14:19:7e:6f:ef:
         8c:ba:89:ae:c9:6b:d2:82:4b:eb:db:7d:87:13:b7:47:e9:b6:
         03:e0:10:a7:71:e8:05:30:53:3b:13:29:34:18:eb:ac:f9:34:
         9f:4e:04:ba:bd:c9:62:66:2d:c4:f8:0b:f8:da:cd:ea:58:f5:
         a3:29:a1:74:41:17:9b:4a:c2:31:a6:97:92:ca:ee:a8:65:f5:
         60:9a:1d:ef:ed:f5:7d:06:60:4d:a0:c0:80:d8:b8:55:fc:e7:
         94:86:1a:ea:e0:c4:f8:5e:22:b3:fc:d1:52:6f:ac:4b:0d:bb:
         7d:bd:a6:6f:da:63:81:21:f2:3e:e7:15:4e:7d:cb:12:06:65:
         0b:54:73:1a:cb:ef:94:a9:a7:12:cf:0b:c0:32:89:bf:60:85:
         bd:6a:a4:78:a2:6f:ec:90:14:0b:54:10:5c:0e:51:5e:8a:0a:
         ba:3c:09:ae:a4:92:07:ff:8c:e1:de:95:81:e9:c6:81:6c:15:
         4b:5b:1d:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZi+cSqNFyc4UAad9LhCsWXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODE4MTgyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA5MGJmZDEwOTU2ODY1ZDNlMjI5OWIwNWEyMjkzZDljM2E5MTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4QtF/5gsYO6uYmJXesPU3LacSpM
3uK020p5Vfm5dimCfuSi37Bvf0LEXfjzIvA2u9QEowmfD4k4tR/RyMBoF87HwJ1d
3QMTdmLdricd/mDBods52vamkyTWnlKiqwxW5yGvoDnLrnAg+B4aSKt5jlSIsmWZ
SU8jUGR9+5Yn++Cq3HXpuVAcWHLDt7ZwmlwxXUJhL2nax6y76dPxucCHotCk/aeC
ZIWOK12zP2PdqkyMES4Nm8DAwOnWbVittM3IkN8OJOFnpoHaIFHVdMILCChH/VRx
PA9UlczLaXa6WQqh+2rjqQ5o2zKmNmiE1zVKLD8PHAyx/PIa7igPiCXYVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcJC/0QlWhl0+IpmwWiKT2cOpFoMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTndrTF9SQ1ZhR1hUNGltYkJhSXBQWnc2a1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbW8oAwQE
bW8wMA0GCSqGSIb3DQEBCwUAA4IBAQA8iWVj9iN+LINvh4MDEwlwLojPadX3gzxl
EiDKv26pupLqtX8oFTucz1hsy8nUkmVgFGMUzciMkWPDeeYfOr8w3W+5FBl+b++M
uomuyWvSgkvr232HE7dH6bYD4BCncegFMFM7Eyk0GOus+TSfTgS6vcliZi3E+Av4
2s3qWPWjKaF0QRebSsIxppeSyu6oZfVgmh3v7fV9BmBNoMCA2LhV/OeUhhrq4MT4
XiKz/NFSb6xLDbt9vaZv2mOBIfI+5xVOfcsSBmULVHMay++UqacSzwvAMom/YIW9
aqR4om/skBQLVBBcDlFeigq6PAmupJIH/4zh3pWB6caBbBVLWx2C
-----END CERTIFICATE-----