Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/nNvy4OnXZsPPsHmgtJ6neNHsOkM.roa
File:                     nNvy4OnXZsPPsHmgtJ6neNHsOkM.roa (raw, json)
Hash identifier:          H0ljXWROUGXh2E1yXNWC3iRsSDukooTQamHMABEMtq8=
Subject key identifier:   9C:DB:F2:E0:E9:D7:66:C3:CF:B0:79:A0:B4:9E:A7:78:D1:EC:3A:43
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0198D5C526D58E1FBBE9F231C18C1B78EA19
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/nNvy4OnXZsPPsHmgtJ6neNHsOkM.roa
Signing time:             Sat 23 Aug 2025 07:12:04 +0000
ROA not before:           Sat 23 Aug 2025 07:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        5.56.26.0/24 maxlen: 24
                          109.122.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:c5:26:d5:8e:1f:bb:e9:f2:31:c1:8c:1b:78:ea:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Aug 23 07:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cdbf2e0e9d766c3cfb079a0b49ea778d1ec3a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:30:ab:12:50:d9:e3:28:0b:6a:74:6b:02:a5:
                    93:87:1f:e4:9e:ac:4b:57:04:86:6e:ee:62:24:c4:
                    e6:1f:e3:ed:4a:d0:27:a1:e3:0e:84:2b:69:cc:26:
                    e4:4e:9d:cb:4d:06:aa:25:d5:47:01:99:07:43:ad:
                    5b:64:5c:e8:47:22:c8:55:80:47:8c:11:41:9c:2d:
                    60:bc:01:9a:5d:10:ba:1e:35:d0:1c:63:9f:65:8c:
                    5a:20:88:07:a6:45:e1:96:c1:ec:8c:86:35:86:39:
                    be:d8:88:84:99:40:c3:5b:6a:39:42:1b:ac:e4:d9:
                    07:ae:62:be:9e:9a:86:b6:86:76:32:89:c1:3e:b8:
                    af:ca:29:44:4d:65:18:64:83:cb:13:d2:a8:6f:eb:
                    db:b7:d4:36:9e:77:a9:99:59:43:56:55:cd:b2:5e:
                    48:78:d3:10:3d:01:51:7d:22:bb:f0:37:09:b9:40:
                    02:bc:ad:49:70:2c:ce:c9:a7:9f:a9:50:a1:a7:d8:
                    a8:91:da:f0:e0:2d:48:14:33:0e:56:45:78:b2:d6:
                    44:c9:19:55:e8:41:ac:36:a3:15:d8:d1:92:48:e1:
                    e7:db:62:01:3c:97:23:17:92:71:dc:67:89:19:30:
                    be:df:99:32:05:71:71:a8:83:37:df:28:39:4e:b7:
                    d9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DB:F2:E0:E9:D7:66:C3:CF:B0:79:A0:B4:9E:A7:78:D1:EC:3A:43
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/nNvy4OnXZsPPsHmgtJ6neNHsOkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.26.0/24
                  109.122.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:c3:97:15:db:95:ff:49:02:19:86:2b:be:62:c1:38:04:ef:
         9f:be:db:2b:9a:85:e8:95:03:7a:41:33:7d:4f:d0:7a:1e:10:
         d9:83:e1:40:f8:12:85:0a:0d:8d:58:c8:84:59:42:75:a8:1a:
         2b:1a:5a:0e:cf:7b:ce:91:e2:6a:48:fd:2c:68:30:aa:0f:08:
         cb:37:64:98:2e:72:0b:e2:e2:b6:a2:42:f0:7d:cc:84:d4:46:
         c6:8d:be:21:97:06:35:3d:b9:10:31:98:3d:25:39:da:9b:79:
         db:bd:6f:3e:95:92:98:1c:4f:23:57:30:c0:91:71:5f:d3:0e:
         6d:5a:6f:12:eb:fe:58:b6:46:0d:91:a3:bc:c1:7b:07:43:eb:
         c1:4d:9f:a8:ac:4d:32:95:e4:8a:34:a0:fd:07:7a:39:55:bb:
         a9:5c:1b:02:33:52:ce:74:df:58:38:0b:92:ec:b5:d0:24:c3:
         ee:88:19:10:aa:60:d8:08:77:67:cc:3f:36:a0:03:aa:18:ec:
         66:54:a4:e8:b3:fe:e5:57:94:65:61:f4:ab:8e:23:a5:c4:66:
         c6:d2:87:29:93:37:ef:74:4e:f0:36:a2:ac:1a:52:fb:88:36:
         c9:2f:3e:58:6b:3e:f5:98:ad:99:aa:42:e5:08:c5:d1:b3:ae:
         ee:74:42:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjVxSbVjh+76fIxwYwbeOoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwODIzMDcxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RiZjJlMGU5ZDc2NmMzY2ZiMDc5YTBiNDllYTc3OGQxZWMzYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTCrElDZ4ygLanRrAqWThx/knqxL
VwSGbu5iJMTmH+PtStAnoeMOhCtpzCbkTp3LTQaqJdVHAZkHQ61bZFzoRyLIVYBH
jBFBnC1gvAGaXRC6HjXQHGOfZYxaIIgHpkXhlsHsjIY1hjm+2IiEmUDDW2o5Qhus
5NkHrmK+npqGtoZ2MonBPrivyilETWUYZIPLE9Kob+vbt9Q2nnepmVlDVlXNsl5I
eNMQPQFRfSK78DcJuUACvK1JcCzOyaefqVChp9iokdrw4C1IFDMOVkV4stZEyRlV
6EGsNqMV2NGSSOHn22IBPJcjF5Jx3GeJGTC+35kyBXFxqIM33yg5TrfZkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJzb8uDp12bDz7B5oLSep3jR7DpDMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvbk52eTRPblhac1BQc0htZ3RKNm5lTkhzT2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTgaAwQA
bXo9MA0GCSqGSIb3DQEBCwUAA4IBAQDPw5cV25X/SQIZhiu+YsE4BO+fvtsrmoXo
lQN6QTN9T9B6HhDZg+FA+BKFCg2NWMiEWUJ1qBorGloOz3vOkeJqSP0saDCqDwjL
N2SYLnIL4uK2okLwfcyE1EbGjb4hlwY1PbkQMZg9JTnam3nbvW8+lZKYHE8jVzDA
kXFf0w5tWm8S6/5YtkYNkaO8wXsHQ+vBTZ+orE0yleSKNKD9B3o5VbupXBsCM1LO
dN9YOAuS7LXQJMPuiBkQqmDYCHdnzD82oAOqGOxmVKTos/7lV5RlYfSrjiOlxGbG
0ocpkzfvdE7wNqKsGlL7iDbJLz5Yaz71mK2ZqkLlCMXRs67udEJA
-----END CERTIFICATE-----