Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/NvJ45ro7s6M4_38H0FslYBVTTPs.roa
File:                     NvJ45ro7s6M4_38H0FslYBVTTPs.roa (raw, json)
Hash identifier:          M3reiTgWBh27DHKW4KHQ5BITsFkVwNA247gsKU17JNM=
Subject key identifier:   36:F2:78:E6:BA:3B:B3:A3:38:FF:7F:07:D0:5B:25:60:15:53:4C:FB
Certificate issuer:       /CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
Certificate serial:       0198A2A42B7157D84FF8CFB0E524F4938CAD
Authority key identifier: B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/NvJ45ro7s6M4_38H0FslYBVTTPs.roa
Signing time:             Wed 13 Aug 2025 08:55:24 +0000
ROA not before:           Wed 13 Aug 2025 08:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        89.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:a4:2b:71:57:d8:4f:f8:cf:b0:e5:24:f4:93:8c:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
        Validity
            Not Before: Aug 13 08:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36f278e6ba3bb3a338ff7f07d05b256015534cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:8d:d9:9c:b0:2f:6b:fc:48:a6:57:c3:c7:
                    2c:dd:28:06:99:12:fb:cd:95:07:7f:c5:18:71:f3:
                    0d:5f:34:47:6e:87:08:df:68:2d:51:f7:4b:60:fb:
                    fb:a5:5d:62:f3:ff:cf:f1:86:bf:70:8e:54:e4:9c:
                    0e:7e:c0:e6:db:60:2d:74:16:27:0f:de:a6:3c:5b:
                    e5:9f:28:5b:b4:c1:c6:46:52:d3:77:fd:88:c1:f5:
                    92:be:29:91:bc:48:4a:90:ac:0a:e9:c7:f8:fe:9c:
                    6a:16:46:41:94:86:e9:05:42:0c:e1:a3:98:81:ef:
                    96:92:4a:4c:62:93:55:5c:d6:19:67:16:4b:41:fd:
                    d3:62:76:0d:fc:bf:c0:20:16:22:b5:96:41:94:9b:
                    6b:28:3e:a9:38:6f:e6:99:4f:f9:e0:bb:c7:27:81:
                    13:74:d4:84:a8:92:7b:0a:10:73:2c:af:c9:1c:96:
                    bf:93:9f:5e:ae:04:0e:2b:0c:17:a1:fb:db:41:2c:
                    77:22:e2:21:ed:5b:6d:6f:74:b9:97:87:0d:91:e9:
                    6d:02:e9:b9:21:69:f4:cc:d4:6b:98:f1:52:5c:4e:
                    6f:0e:1b:9b:2a:59:d8:b2:1b:f3:93:dd:9e:e8:26:
                    fd:ac:6d:ec:84:f6:63:07:17:fe:f5:db:26:d8:dc:
                    d0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F2:78:E6:BA:3B:B3:A3:38:FF:7F:07:D0:5B:25:60:15:53:4C:FB
            X509v3 Authority Key Identifier:
                keyid:B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/NvJ45ro7s6M4_38H0FslYBVTTPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:26:b4:f0:8c:f9:13:e8:8f:70:4a:72:db:c6:3d:6f:5b:b7:
         bf:91:a6:76:c2:bf:9a:97:25:73:79:0e:0f:80:30:3c:32:e9:
         2b:b2:e5:64:76:14:87:a8:b3:90:39:05:a6:23:4f:43:12:ae:
         d7:66:62:86:c2:76:86:69:47:a2:5f:8a:84:81:fa:c2:71:8f:
         78:ab:44:6a:77:f8:95:95:5a:87:25:a7:37:75:73:73:d8:21:
         18:09:5e:30:b7:4a:d1:0e:b1:0c:e0:c2:94:86:01:f4:bd:8b:
         fc:53:db:10:cf:ad:08:b5:4d:20:92:74:d9:5e:a2:a1:09:80:
         49:04:3c:d5:a0:fc:50:e7:db:38:02:34:6c:c6:a0:81:da:3f:
         7d:ef:c5:1b:e2:a2:32:67:ce:5a:63:2b:9f:40:62:e4:56:7b:
         c7:15:27:55:1d:c9:ce:86:79:1c:76:e7:b3:31:b0:75:61:90:
         23:4b:1d:e5:7e:f4:c2:bc:59:47:69:2b:0f:72:a2:fc:30:55:
         26:07:5b:71:ca:80:66:4e:61:ec:21:5f:a4:bb:12:a6:92:f4:
         23:0c:37:24:17:7b:7f:ef:57:00:1e:ca:cb:29:40:9b:a7:88:
         08:0d:01:9d:71:66:a8:8d:f2:a3:a9:4e:d4:7d:69:43:d6:4d:
         19:33:11:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiipCtxV9hP+M+w5ST0k4ytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhhYTE4NzMwZjRhODNlMjg1MmM1NjkyNTUxYWJiNWIx
ZWU3ZWEwHhcNMjUwODEzMDg1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmYyNzhlNmJhM2JiM2EzMzhmZjdmMDdkMDViMjU2MDE1NTM0Y2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9aN2ZywL2v8SKZXw8cs3SgGmRL7
zZUHf8UYcfMNXzRHbocI32gtUfdLYPv7pV1i8//P8Ya/cI5U5JwOfsDm22AtdBYn
D96mPFvlnyhbtMHGRlLTd/2IwfWSvimRvEhKkKwK6cf4/pxqFkZBlIbpBUIM4aOY
ge+WkkpMYpNVXNYZZxZLQf3TYnYN/L/AIBYitZZBlJtrKD6pOG/mmU/54LvHJ4ET
dNSEqJJ7ChBzLK/JHJa/k59ergQOKwwXofvbQSx3IuIh7Vttb3S5l4cNkeltAum5
IWn0zNRrmPFSXE5vDhubKlnYshvzk92e6Cb9rG3shPZjBxf+9dsm2NzQQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbyeOa6O7OjOP9/B9BbJWAVU0z7MB8GA1UdIwQY
MBaAFLjIqhhzD0qD4oUsVpJVGrtbHufqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODkt
YTU3NjA0YTNmNmJiLzEvTnZKNDVybzdzNk00XzM4SDBGc2xZQlZUVFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODktYTU3NjA0YTNmNmJi
LzEvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSYoMA0G
CSqGSIb3DQEBCwUAA4IBAQAzJrTwjPkT6I9wSnLbxj1vW7e/kaZ2wr+alyVzeQ4P
gDA8MukrsuVkdhSHqLOQOQWmI09DEq7XZmKGwnaGaUeiX4qEgfrCcY94q0Rqd/iV
lVqHJac3dXNz2CEYCV4wt0rRDrEM4MKUhgH0vYv8U9sQz60ItU0gknTZXqKhCYBJ
BDzVoPxQ59s4AjRsxqCB2j9978Ub4qIyZ85aYyufQGLkVnvHFSdVHcnOhnkcduez
MbB1YZAjSx3lfvTCvFlHaSsPcqL8MFUmB1txyoBmTmHsIV+kuxKmkvQjDDckF3t/
71cAHsrLKUCbp4gIDQGdcWaojfKjqU7UfWlD1k0ZMxEG
-----END CERTIFICATE-----