Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/NffDktQuVy0NogDD09U6PC5HmAQ.roa
File:                     NffDktQuVy0NogDD09U6PC5HmAQ.roa (raw, json)
Hash identifier:          y6i7rh8IsEpcOTBzp8E42OtcSaXWP9UqmHzWItp6aDk=
Subject key identifier:   35:F7:C3:92:D4:2E:57:2D:0D:A2:00:C3:D3:D5:3A:3C:2E:47:98:04
Certificate issuer:       /CN=823a6dc9c6275d6f24f99de416609c62285896df
Certificate serial:       019960E1A114D3B6A9A4ADAA147E96987C0B
Authority key identifier: 82:3A:6D:C9:C6:27:5D:6F:24:F9:9D:E4:16:60:9C:62:28:58:96:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gjptycYnXW8k-Z3kFmCcYihYlt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/NffDktQuVy0NogDD09U6PC5HmAQ.roa
Signing time:             Fri 19 Sep 2025 07:30:23 +0000
ROA not before:           Fri 19 Sep 2025 07:30:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208458
IP address blocks:        149.232.243.0/24 maxlen: 24
                          2a05:6040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/gjptycYnXW8k-Z3kFmCcYihYlt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/gjptycYnXW8k-Z3kFmCcYihYlt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gjptycYnXW8k-Z3kFmCcYihYlt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:60:e1:a1:14:d3:b6:a9:a4:ad:aa:14:7e:96:98:7c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=823a6dc9c6275d6f24f99de416609c62285896df
        Validity
            Not Before: Sep 19 07:30:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35f7c392d42e572d0da200c3d3d53a3c2e479804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:0f:e7:48:15:4b:18:3d:c1:99:4d:a4:8f:
                    f7:e9:35:ee:89:d3:81:84:8c:8b:cb:9e:5c:25:e5:
                    e2:2f:b1:6f:a7:66:34:c4:80:79:df:23:c6:78:e0:
                    eb:b9:e1:5b:fd:f8:d8:9c:1e:13:be:35:78:5e:5f:
                    31:c6:15:bc:b7:23:95:f3:f9:f0:72:c7:0f:53:aa:
                    1a:1c:b1:1e:33:a9:91:b7:8e:29:01:9f:a7:8c:d0:
                    5a:7e:44:03:c5:af:7d:26:34:99:93:f7:5b:0b:15:
                    06:1a:19:ca:69:d9:bf:d4:8d:2a:35:f7:54:45:71:
                    a4:b8:ac:d0:d8:01:bd:22:83:6f:21:75:23:b9:8e:
                    a6:a4:23:e7:6c:55:bf:d5:f0:c0:62:5d:0a:3b:f4:
                    9f:bc:97:0c:b7:bc:42:38:1e:88:6a:8c:12:de:76:
                    b5:46:d2:e6:e6:06:dd:6b:9e:8e:fc:f6:c2:87:c8:
                    b3:a3:8b:37:11:49:67:ba:2a:3f:ad:c5:49:94:fd:
                    a2:4a:0c:20:df:81:c9:b1:49:82:33:1b:93:cd:60:
                    d9:fa:01:f8:cd:6f:e7:f7:33:7b:52:f8:af:57:a1:
                    43:1f:79:66:ad:b2:2d:6b:8a:dc:97:8e:dc:7a:ea:
                    c2:d0:29:46:56:79:1e:09:2f:21:54:19:d8:cc:b8:
                    04:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F7:C3:92:D4:2E:57:2D:0D:A2:00:C3:D3:D5:3A:3C:2E:47:98:04
            X509v3 Authority Key Identifier:
                keyid:82:3A:6D:C9:C6:27:5D:6F:24:F9:9D:E4:16:60:9C:62:28:58:96:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gjptycYnXW8k-Z3kFmCcYihYlt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/NffDktQuVy0NogDD09U6PC5HmAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9b99d8-d26f-4a49-ae36-ef68bdfc1c44/1/gjptycYnXW8k-Z3kFmCcYihYlt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.243.0/24
                IPv6:
                  2a05:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:af:1b:84:db:33:e3:93:92:b2:b7:06:89:3c:16:db:d7:af:
         56:e4:db:7c:4f:2b:e5:02:b1:0f:01:a8:53:87:13:e7:ba:6d:
         da:1e:81:5c:03:ae:05:cf:b2:77:32:22:89:96:c3:e8:ef:ea:
         5c:8c:63:ff:65:44:c2:8b:5a:92:20:d5:74:1b:7f:93:1e:3f:
         02:5a:9d:45:84:23:45:71:cb:c1:b6:d3:8b:a0:58:b4:03:34:
         f0:c0:40:83:5c:b4:39:42:22:70:cc:05:d8:f1:78:c0:8b:f3:
         a7:5a:ca:be:55:e7:88:2d:b7:d5:c1:fc:1e:14:28:77:4a:d4:
         01:cd:e6:f0:8b:a5:20:df:63:06:55:68:1e:7f:ca:aa:08:86:
         b2:06:83:c2:8c:15:73:08:10:b5:46:6d:99:89:a0:7b:8e:6b:
         f3:3d:77:82:d6:72:41:0f:83:09:97:97:7f:a5:2e:79:aa:a5:
         e5:25:46:e5:4a:7d:e6:f1:09:38:6a:74:26:c8:e3:5d:7f:d2:
         c5:51:c5:a7:df:50:fe:68:18:64:4e:15:30:56:b2:52:d3:73:
         f8:9a:70:92:00:60:48:2d:50:58:ee:c1:58:22:f8:12:8f:6d:
         ed:16:e1:b8:17:88:57:9d:7b:a9:f7:4d:a5:fc:d1:13:19:39:
         e9:25:d9:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlg4aEU07appK2qFH6WmHwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyM2E2ZGM5YzYyNzVkNmYyNGY5OWRlNDE2NjA5YzYyMjg1
ODk2ZGYwHhcNMjUwOTE5MDczMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY3YzM5MmQ0MmU1NzJkMGRhMjAwYzNkM2Q1M2EzYzJlNDc5ODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncQP50gVSxg9wZlNpI/36TXuidOB
hIyLy55cJeXiL7Fvp2Y0xIB53yPGeODrueFb/fjYnB4TvjV4Xl8xxhW8tyOV8/nw
cscPU6oaHLEeM6mRt44pAZ+njNBafkQDxa99JjSZk/dbCxUGGhnKadm/1I0qNfdU
RXGkuKzQ2AG9IoNvIXUjuY6mpCPnbFW/1fDAYl0KO/SfvJcMt7xCOB6IaowS3na1
RtLm5gbda56O/PbCh8izo4s3EUlnuio/rcVJlP2iSgwg34HJsUmCMxuTzWDZ+gH4
zW/n9zN7UvivV6FDH3lmrbIta4rcl47ceurC0ClGVnkeCS8hVBnYzLgEowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDX3w5LULlctDaIAw9PVOjwuR5gEMB8GA1UdIwQY
MBaAFII6bcnGJ11vJPmd5BZgnGIoWJbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2pwdHljWW5YVzhrLVoza0ZtQ2NZaWhZbHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy85Yjk5ZDgtZDI2Zi00YTQ5LWFlMzYt
ZWY2OGJkZmMxYzQ0LzEvTmZmRGt0UXVWeTBOb2dERDA5VTZQQzVIbUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy85Yjk5ZDgtZDI2Zi00YTQ5LWFlMzYtZWY2OGJkZmMxYzQ0
LzEvZ2pwdHljWW5YVzhrLVoza0ZtQ2NZaWhZbHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAlejzMA0E
AgACMAcDBQMqBWBAMA0GCSqGSIb3DQEBCwUAA4IBAQBJrxuE2zPjk5KytwaJPBbb
169W5Nt8TyvlArEPAahThxPnum3aHoFcA64Fz7J3MiKJlsPo7+pcjGP/ZUTCi1qS
INV0G3+THj8CWp1FhCNFccvBttOLoFi0AzTwwECDXLQ5QiJwzAXY8XjAi/OnWsq+
VeeILbfVwfweFCh3StQBzebwi6Ug32MGVWgef8qqCIayBoPCjBVzCBC1Rm2ZiaB7
jmvzPXeC1nJBD4MJl5d/pS55qqXlJUblSn3m8Qk4anQmyONdf9LFUcWn31D+aBhk
ThUwVrJS03P4mnCSAGBILVBY7sFYIvgSj23tFuG4F4hXnXup902l/NETGTnpJdl3
-----END CERTIFICATE-----