Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NWKttL7Gn7EtVBeXvJJBlxe5iBw.roa
File:                     NWKttL7Gn7EtVBeXvJJBlxe5iBw.roa (raw, json)
Hash identifier:          3S/Hi8KvgXTq75Mymsv25y0qt7ICLz7YcTEcqbDy+B4=
Subject key identifier:   35:62:AD:B4:BE:C6:9F:B1:2D:54:17:97:BC:92:41:97:17:B9:88:1C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01988D90FBF19FCFE618059411E562B9DD12
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NWKttL7Gn7EtVBeXvJJBlxe5iBw.roa
Signing time:             Sat 09 Aug 2025 06:42:25 +0000
ROA not before:           Sat 09 Aug 2025 06:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214957
IP address blocks:        94.183.150.0/24 maxlen: 24
                          94.183.162.0/24 maxlen: 24
                          94.183.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8d:90:fb:f1:9f:cf:e6:18:05:94:11:e5:62:b9:dd:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  9 06:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3562adb4bec69fb12d541797bc92419717b9881c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a2:e8:c9:75:c3:4c:b8:84:10:cd:a4:0d:8b:
                    68:fa:0a:47:af:7a:ca:2f:d1:ce:c1:dc:9c:f0:45:
                    ee:fa:d5:ee:f3:7b:87:67:f6:3c:fc:3e:a9:5b:a0:
                    7c:64:79:8c:68:83:07:02:5c:d4:f0:2a:d9:79:d0:
                    1b:ee:f9:8e:c9:4f:51:c1:be:be:80:29:4b:b8:07:
                    2b:b9:f4:92:82:54:26:04:bb:3d:32:26:a3:35:70:
                    65:9c:75:28:07:82:3e:b3:bd:a4:ee:0f:12:ac:88:
                    88:a4:63:6a:41:18:fd:f1:36:72:92:c2:f0:b6:9f:
                    02:85:9a:10:bc:6f:60:bf:07:ef:3d:1d:ab:cd:22:
                    82:d6:dd:58:45:76:63:17:c7:42:2f:c4:40:39:77:
                    f0:4d:87:cd:d3:14:44:ef:05:37:6a:d4:76:39:be:
                    84:19:cc:0e:0d:bc:25:38:af:c9:48:8f:72:2d:82:
                    c9:17:1c:24:8a:89:f7:42:3b:80:ec:37:db:83:00:
                    b5:a2:a9:33:dd:e3:e3:4e:b7:17:98:83:91:68:b8:
                    5f:92:d7:20:3e:e9:c1:49:28:34:16:07:ac:0b:f6:
                    6b:0b:61:d4:60:f5:ef:36:a6:f3:b0:b2:a2:9b:b3:
                    df:27:d0:b3:0d:b5:c6:91:bc:78:4c:a1:77:bb:90:
                    fc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:62:AD:B4:BE:C6:9F:B1:2D:54:17:97:BC:92:41:97:17:B9:88:1C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NWKttL7Gn7EtVBeXvJJBlxe5iBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.150.0/24
                  94.183.162.0/24
                  94.183.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:44:dd:8f:64:b2:0e:33:8c:77:2f:07:5c:c8:dd:7a:d9:9d:
         a5:75:c9:da:af:c2:49:85:52:8d:56:73:2e:26:56:fe:a1:b1:
         12:55:09:da:83:7a:16:70:e0:0d:6c:24:38:4f:5c:14:8b:67:
         51:56:c4:2e:ec:4e:a1:03:dc:a4:09:4d:5c:47:51:ec:b2:4b:
         83:41:3f:a7:e9:b0:b5:12:8e:2e:86:46:1c:b8:a3:15:92:29:
         4e:7c:e2:d8:2c:f8:30:8c:9f:88:94:22:2e:a6:06:bb:e9:46:
         e0:3d:35:9e:dd:75:e1:4f:56:63:d2:02:5c:c3:ee:48:ab:83:
         7b:3c:1c:3a:c4:0a:bb:e4:71:17:e5:f0:49:b4:35:3d:5e:fa:
         21:8e:4e:5e:83:ff:6a:84:2c:7a:f9:54:26:f0:66:49:de:09:
         4a:65:09:28:f3:03:00:f7:d1:db:0c:a3:b6:8c:9e:59:17:27:
         1d:ae:d0:3c:e6:c9:ae:e6:9a:42:73:bf:1c:f9:58:d9:ed:b4:
         1b:a1:0b:41:bd:f2:a7:51:f5:fb:aa:b9:69:de:40:4e:73:9c:
         b7:ce:32:c4:89:33:df:1b:0a:bb:0e:df:00:5c:e2:e6:88:e7:
         d8:25:7b:62:a3:3a:31:b1:aa:0e:cc:6c:1a:f6:c1:7b:e7:c9:
         3d:f2:38:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiNkPvxn8/mGAWUEeViud0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODA5MDY0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTYyYWRiNGJlYzY5ZmIxMmQ1NDE3OTdiYzkyNDE5NzE3Yjk4ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6LoyXXDTLiEEM2kDYto+gpHr3rK
L9HOwdyc8EXu+tXu83uHZ/Y8/D6pW6B8ZHmMaIMHAlzU8CrZedAb7vmOyU9Rwb6+
gClLuAcrufSSglQmBLs9MiajNXBlnHUoB4I+s72k7g8SrIiIpGNqQRj98TZyksLw
tp8ChZoQvG9gvwfvPR2rzSKC1t1YRXZjF8dCL8RAOXfwTYfN0xRE7wU3atR2Ob6E
GcwODbwlOK/JSI9yLYLJFxwkion3QjuA7DfbgwC1oqkz3ePjTrcXmIORaLhfktcg
PunBSSg0FgesC/ZrC2HUYPXvNqbzsLKim7PfJ9CzDbXGkbx4TKF3u5D8aQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDVirbS+xp+xLVQXl7ySQZcXuYgcMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTldLdHRMN0duN0V0VkJlWHZKSkJseGU1aUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXreWAwQA
XreiAwQAXre0MA0GCSqGSIb3DQEBCwUAA4IBAQBBRN2PZLIOM4x3LwdcyN162Z2l
dcnar8JJhVKNVnMuJlb+obESVQnag3oWcOANbCQ4T1wUi2dRVsQu7E6hA9ykCU1c
R1HsskuDQT+n6bC1Eo4uhkYcuKMVkilOfOLYLPgwjJ+IlCIupga76UbgPTWe3XXh
T1Zj0gJcw+5Iq4N7PBw6xAq75HEX5fBJtDU9Xvohjk5eg/9qhCx6+VQm8GZJ3glK
ZQko8wMA99HbDKO2jJ5ZFycdrtA85smu5ppCc78c+VjZ7bQboQtBvfKnUfX7qrlp
3kBOc5y3zjLEiTPfGwq7Dt8AXOLmiOfYJXtiozoxsaoOzGwa9sF758k98jg/
-----END CERTIFICATE-----