Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nKH_sxXM1uxYbMZBzn1lBWWh5Gk.roa
File:                     nKH_sxXM1uxYbMZBzn1lBWWh5Gk.roa (raw, json)
Hash identifier:          g58milGmDWRWbcSoOduM9RCTlJ8I/zXGlZd0g1v6y6Y=
Subject key identifier:   9C:A1:FF:B3:15:CC:D6:EC:58:6C:C6:41:CE:7D:65:05:65:A1:E4:69
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       0199DF3506A40C7D791E0EFA0590444AE0BE
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nKH_sxXM1uxYbMZBzn1lBWWh5Gk.roa
Signing time:             Mon 13 Oct 2025 20:13:38 +0000
ROA not before:           Mon 13 Oct 2025 20:13:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51722
IP address blocks:        46.31.78.0/24 maxlen: 24
                          185.73.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:df:35:06:a4:0c:7d:79:1e:0e:fa:05:90:44:4a:e0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Oct 13 20:13:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ca1ffb315ccd6ec586cc641ce7d650565a1e469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a4:1d:37:21:46:4a:19:08:fc:dd:22:bb:de:
                    34:87:3f:4f:34:96:8c:b7:ad:39:9e:34:19:94:8f:
                    26:b4:84:66:07:cf:3d:12:b0:c4:7e:10:3a:54:31:
                    cc:c3:cf:42:db:f0:16:59:cf:fa:cf:63:55:6f:0a:
                    e1:88:9c:6c:61:bc:80:ae:5f:0b:19:04:ef:4c:9b:
                    d7:1f:bf:ca:9d:50:ef:21:5b:d4:e3:33:fe:ce:3d:
                    3a:71:50:71:06:30:63:0b:77:03:46:fd:a5:d9:f9:
                    68:6d:5c:b9:fe:b8:e4:54:3a:bf:0d:c5:4c:0d:7f:
                    61:8a:7a:a5:81:3d:75:44:d6:e5:83:49:96:cb:dc:
                    37:41:4d:a2:d5:57:f5:80:13:9d:fa:9e:57:69:d8:
                    39:18:57:56:17:39:1e:e6:48:a6:4c:87:f1:a6:c1:
                    32:d3:29:6f:3d:8b:46:52:66:9b:df:b4:d5:af:cf:
                    c7:d4:4d:fa:49:8b:29:7b:a8:33:1f:96:ab:c3:94:
                    1e:5c:52:2d:27:94:cf:b0:1b:63:52:fa:53:80:05:
                    db:cc:ff:ac:9e:5d:dd:85:16:a4:f9:c5:d5:0b:14:
                    34:15:7f:5e:85:92:c5:2b:0d:c6:56:26:29:7d:4b:
                    a3:91:5c:1e:c0:29:b3:90:d3:ed:a6:09:4d:04:72:
                    99:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A1:FF:B3:15:CC:D6:EC:58:6C:C6:41:CE:7D:65:05:65:A1:E4:69
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nKH_sxXM1uxYbMZBzn1lBWWh5Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.78.0/24
                  185.73.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:73:5d:6e:46:39:d1:ec:25:3f:0f:b8:11:ca:52:c7:ef:b1:
         81:21:b7:53:1b:d0:bf:d1:53:4f:d6:80:02:9e:f2:30:60:d6:
         2b:85:c9:b8:7f:f7:99:88:3b:8b:00:37:16:d1:26:a3:cd:96:
         29:a0:0b:93:f3:fe:69:81:bf:41:b4:45:f7:9e:7e:5b:05:59:
         a3:57:e8:60:fb:f4:25:ac:fb:a4:8e:21:96:84:dd:cd:e2:1c:
         46:95:87:a7:db:7d:77:a1:13:ca:6f:19:34:14:86:9c:ca:74:
         6a:b0:75:cd:03:08:2f:61:2d:00:71:49:8e:1f:dc:d7:11:84:
         c4:de:8a:8c:67:da:15:e1:32:ed:18:98:86:de:38:39:e9:a8:
         9a:28:e1:96:49:70:cd:e3:8a:33:78:2b:17:4c:f9:26:bd:56:
         90:c8:ed:a8:0b:cf:48:d3:ee:ad:dc:74:48:b5:16:64:4f:0d:
         9c:9b:fa:a4:ba:75:36:9f:a2:9b:3b:36:a6:90:14:fd:97:ba:
         94:10:2d:05:ef:49:8b:f6:54:35:2d:6b:1d:67:ae:1d:79:35:
         a8:e1:70:11:b6:a0:1a:bb:0e:0d:3c:f7:40:6f:47:a7:80:ae:
         d5:68:9b:44:f8:3d:7f:ad:e7:fc:1e:8c:fd:40:08:7a:ee:55:
         96:40:a5:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnfNQakDH15Hg76BZBESuC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUxMDEzMjAxMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ExZmZiMzE1Y2NkNmVjNTg2Y2M2NDFjZTdkNjUwNTY1YTFlNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKQdNyFGShkI/N0iu940hz9PNJaM
t605njQZlI8mtIRmB889ErDEfhA6VDHMw89C2/AWWc/6z2NVbwrhiJxsYbyArl8L
GQTvTJvXH7/KnVDvIVvU4zP+zj06cVBxBjBjC3cDRv2l2flobVy5/rjkVDq/DcVM
DX9hinqlgT11RNblg0mWy9w3QU2i1Vf1gBOd+p5Xadg5GFdWFzke5kimTIfxpsEy
0ylvPYtGUmab37TVr8/H1E36SYspe6gzH5arw5QeXFItJ5TPsBtjUvpTgAXbzP+s
nl3dhRak+cXVCxQ0FX9ehZLFKw3GViYpfUujkVwewCmzkNPtpglNBHKZjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJyh/7MVzNbsWGzGQc59ZQVloeRpMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvbktIX3N4WE0xdXhZYk1aQnpuMWxCV1doNUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh9OAwQA
uUnJMA0GCSqGSIb3DQEBCwUAA4IBAQBIc11uRjnR7CU/D7gRylLH77GBIbdTG9C/
0VNP1oACnvIwYNYrhcm4f/eZiDuLADcW0SajzZYpoAuT8/5pgb9BtEX3nn5bBVmj
V+hg+/QlrPukjiGWhN3N4hxGlYen2313oRPKbxk0FIacynRqsHXNAwgvYS0AcUmO
H9zXEYTE3oqMZ9oV4TLtGJiG3jg56aiaKOGWSXDN44ozeCsXTPkmvVaQyO2oC89I
0+6t3HRItRZkTw2cm/qkunU2n6KbOzamkBT9l7qUEC0F70mL9lQ1LWsdZ64deTWo
4XARtqAauw4NPPdAb0engK7VaJtE+D1/ref8Hoz9QAh67lWWQKXb
-----END CERTIFICATE-----