Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/NGqc3PXNR68XW7YXcEn1g2VSKl8.roa
File:                     NGqc3PXNR68XW7YXcEn1g2VSKl8.roa (raw, json)
Hash identifier:          +/PHsnyXGebFnTuzYemBsGLnJ0LY3kDT60X4/tWYA0k=
Subject key identifier:   34:6A:9C:DC:F5:CD:47:AF:17:5B:B6:17:70:49:F5:83:65:52:2A:5F
Certificate issuer:       /CN=5c428846f84d818361f6b9c0a463b2e5742a149b
Certificate serial:       0199A4E962D718BB4BED13FAFCCFA84915DC
Authority key identifier: 5C:42:88:46:F8:4D:81:83:61:F6:B9:C0:A4:63:B2:E5:74:2A:14:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEKIRvhNgYNh9rnApGOy5XQqFJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/NGqc3PXNR68XW7YXcEn1g2VSKl8.roa
Signing time:             Thu 02 Oct 2025 12:33:02 +0000
ROA not before:           Thu 02 Oct 2025 12:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30795
IP address blocks:        185.225.52.0/22 maxlen: 22
                          195.88.88.0/24 maxlen: 24
                          2a01:650::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/XEKIRvhNgYNh9rnApGOy5XQqFJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/XEKIRvhNgYNh9rnApGOy5XQqFJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEKIRvhNgYNh9rnApGOy5XQqFJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:e9:62:d7:18:bb:4b:ed:13:fa:fc:cf:a8:49:15:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c428846f84d818361f6b9c0a463b2e5742a149b
        Validity
            Not Before: Oct  2 12:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=346a9cdcf5cd47af175bb6177049f58365522a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:35:03:f4:ab:7f:f3:ff:a4:6e:1f:ab:f3:
                    6a:38:46:3b:a8:12:c1:83:0d:c5:3f:40:d7:c5:92:
                    80:50:16:18:9b:c2:6c:e1:7f:bb:b0:8b:c8:8c:2f:
                    f2:58:b3:bd:19:2c:75:a0:f5:6e:2d:b6:e6:b1:3a:
                    a0:fc:e4:eb:2a:66:3d:41:df:ef:a3:dd:f9:8b:28:
                    0b:1f:f3:0a:a0:14:02:74:cc:8a:65:6b:3f:00:ba:
                    02:e3:19:27:e6:ad:bd:d8:7a:93:7f:23:ff:0e:6d:
                    63:9b:3d:39:35:ee:59:1c:f9:00:43:0f:ad:3f:73:
                    3b:31:7e:1a:a8:98:dc:34:9e:9b:9c:97:81:5c:bb:
                    89:dd:7c:b4:d9:bf:33:eb:23:02:9e:d6:89:dd:f8:
                    a0:33:c1:e4:de:63:fe:a4:76:4d:8d:45:b9:63:1c:
                    87:c3:97:a3:1a:40:ed:87:6c:5d:41:87:a1:4b:bd:
                    7a:f7:22:65:8b:e4:ab:77:57:55:04:f8:dc:61:ee:
                    be:3e:2e:77:53:95:42:af:3c:db:9c:52:c5:a9:8f:
                    e7:ee:63:b5:e6:15:75:d4:84:d1:a6:1e:d5:9a:e8:
                    c1:60:ea:a2:83:17:9f:64:1e:4f:4b:c9:f2:27:55:
                    1b:1f:37:86:f0:0c:62:b8:07:bd:f7:a1:43:4e:bf:
                    a9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:6A:9C:DC:F5:CD:47:AF:17:5B:B6:17:70:49:F5:83:65:52:2A:5F
            X509v3 Authority Key Identifier:
                keyid:5C:42:88:46:F8:4D:81:83:61:F6:B9:C0:A4:63:B2:E5:74:2A:14:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEKIRvhNgYNh9rnApGOy5XQqFJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/NGqc3PXNR68XW7YXcEn1g2VSKl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/89a872-d04d-4217-8fc4-c90db8235f39/1/XEKIRvhNgYNh9rnApGOy5XQqFJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.52.0/22
                  195.88.88.0/24
                IPv6:
                  2a01:650::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:82:b9:33:d4:01:78:a9:03:d9:bc:ee:ea:8b:42:73:f5:60:
         00:2f:02:f2:e6:5a:be:50:eb:2c:ce:88:e1:27:3e:30:8d:d9:
         33:31:c8:e1:95:7e:18:eb:d0:12:5e:6a:ba:58:84:36:61:18:
         c0:d9:09:7e:36:9a:ec:3e:a3:9b:b5:a3:20:23:96:a1:5d:33:
         2c:bf:04:ba:83:49:78:8d:55:1f:85:b2:79:ea:8a:26:8a:6a:
         88:11:55:99:ab:c4:95:d8:11:52:be:71:70:c8:64:95:06:f3:
         9c:98:14:3e:2a:80:c2:0a:2f:e7:2e:04:c0:44:c7:d0:7a:89:
         bd:b4:75:75:b1:d0:78:c0:b0:55:61:40:e4:01:30:ac:35:c6:
         9a:89:09:55:83:43:72:93:8f:19:69:24:99:82:c1:8c:ae:ce:
         4f:70:01:ac:c1:3a:c3:5f:19:65:5e:e1:b6:8b:a1:c0:26:a9:
         ce:1b:f8:cf:30:6b:7e:e4:0c:d9:5a:5e:4b:a4:0b:08:a0:4f:
         45:1b:6a:47:57:0d:00:0b:7a:64:06:fd:24:d9:c2:79:2a:16:
         9c:6f:fd:f8:55:70:80:be:3b:07:6d:07:52:a5:92:31:96:60:
         eb:28:bb:79:0d:5b:90:ff:27:16:49:ec:9b:34:35:a4:4d:af:
         d8:e7:f1:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmk6WLXGLtL7RP6/M+oSRXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNDI4ODQ2Zjg0ZDgxODM2MWY2YjljMGE0NjNiMmU1NzQy
YTE0OWIwHhcNMjUxMDAyMTIzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDZhOWNkY2Y1Y2Q0N2FmMTc1YmI2MTc3MDQ5ZjU4MzY1NTIyYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/c1A/Srf/P/pG4fq/NqOEY7qBLB
gw3FP0DXxZKAUBYYm8Js4X+7sIvIjC/yWLO9GSx1oPVuLbbmsTqg/OTrKmY9Qd/v
o935iygLH/MKoBQCdMyKZWs/ALoC4xkn5q292HqTfyP/Dm1jmz05Ne5ZHPkAQw+t
P3M7MX4aqJjcNJ6bnJeBXLuJ3Xy02b8z6yMCntaJ3figM8Hk3mP+pHZNjUW5YxyH
w5ejGkDth2xdQYehS7169yJli+Srd1dVBPjcYe6+Pi53U5VCrzzbnFLFqY/n7mO1
5hV11ITRph7VmujBYOqigxefZB5PS8nyJ1UbHzeG8AxiuAe996FDTr+pJwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDRqnNz1zUevF1u2F3BJ9YNlUipfMB8GA1UdIwQY
MBaAFFxCiEb4TYGDYfa5wKRjsuV0KhSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEVLSVJ2aE5nWU5oOXJuQXBHT3k1WFFxRkpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84OWE4NzItZDA0ZC00MjE3LThmYzQt
YzkwZGI4MjM1ZjM5LzEvTkdxYzNQWE5SNjhYVzdZWGNFbjFnMlZTS2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84OWE4NzItZDA0ZC00MjE3LThmYzQtYzkwZGI4MjM1ZjM5
LzEvWEVLSVJ2aE5nWU5oOXJuQXBHT3k1WFFxRkpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCueE0AwQA
w1hYMA0EAgACMAcDBQAqAQZQMA0GCSqGSIb3DQEBCwUAA4IBAQArgrkz1AF4qQPZ
vO7qi0Jz9WAALwLy5lq+UOsszojhJz4wjdkzMcjhlX4Y69ASXmq6WIQ2YRjA2Ql+
NprsPqObtaMgI5ahXTMsvwS6g0l4jVUfhbJ56oomimqIEVWZq8SV2BFSvnFwyGSV
BvOcmBQ+KoDCCi/nLgTARMfQeom9tHV1sdB4wLBVYUDkATCsNcaaiQlVg0Nyk48Z
aSSZgsGMrs5PcAGswTrDXxllXuG2i6HAJqnOG/jPMGt+5AzZWl5LpAsIoE9FG2pH
Vw0AC3pkBv0k2cJ5Khacb/34VXCAvjsHbQdSpZIxlmDrKLt5DVuQ/ycWSeybNDWk
Ta/Y5/G/
-----END CERTIFICATE-----