Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/NxyC245LfoIGu7NVTJi-_dDCgvs.roa
File:                     NxyC245LfoIGu7NVTJi-_dDCgvs.roa (raw, json)
Hash identifier:          Suj+SVX/zjejO/imh+c1lgrmaGy+Ijth/7DtIkk94wQ=
Subject key identifier:   37:1C:82:DB:8E:4B:7E:82:06:BB:B3:55:4C:98:BE:FD:D0:C2:82:FB
Certificate issuer:       /CN=e31c010e95015c2123641d33120a7e9c9008002d
Certificate serial:       0199E6E0FD712E9AC6152AEBF859617A2337
Authority key identifier: E3:1C:01:0E:95:01:5C:21:23:64:1D:33:12:0A:7E:9C:90:08:00:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xwBDpUBXCEjZB0zEgp-nJAIAC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/NxyC245LfoIGu7NVTJi-_dDCgvs.roa
Signing time:             Wed 15 Oct 2025 07:58:48 +0000
ROA not before:           Wed 15 Oct 2025 07:58:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21013
IP address blocks:        91.221.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/4xwBDpUBXCEjZB0zEgp-nJAIAC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/4xwBDpUBXCEjZB0zEgp-nJAIAC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xwBDpUBXCEjZB0zEgp-nJAIAC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:e0:fd:71:2e:9a:c6:15:2a:eb:f8:59:61:7a:23:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31c010e95015c2123641d33120a7e9c9008002d
        Validity
            Not Before: Oct 15 07:58:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=371c82db8e4b7e8206bbb3554c98befdd0c282fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c7:12:a9:40:b4:c4:fd:a7:58:cc:3b:5f:88:
                    1e:d2:cd:4d:f3:d6:6b:15:78:38:fb:27:d2:7c:43:
                    91:4c:99:93:94:4a:cf:90:fc:32:3f:87:56:10:53:
                    78:a1:9e:ed:91:6f:04:a2:3a:28:44:7c:a7:fa:77:
                    d9:85:52:86:b6:6d:ac:51:eb:61:04:5e:09:07:c0:
                    c2:d7:f8:6c:06:55:aa:cb:22:db:62:76:3d:c5:88:
                    01:24:97:9f:5c:d5:16:39:89:81:33:06:fb:57:12:
                    6c:a8:50:96:d6:b3:46:47:6e:99:5b:59:3d:95:11:
                    b9:ca:38:44:f5:c2:ea:bd:7c:44:59:3f:54:77:85:
                    15:04:bf:5c:c7:cc:b9:a6:5b:bd:d7:c8:6c:dc:b5:
                    49:01:8e:49:99:58:59:56:70:b2:66:96:5d:df:f9:
                    42:c9:3e:34:27:70:33:cc:13:b3:6d:a6:76:8c:3a:
                    90:8e:e5:24:fc:f9:bd:4f:a1:74:22:0b:6f:af:ac:
                    55:8c:d2:78:a7:d1:80:4f:93:36:5f:89:32:c5:37:
                    9f:fc:6e:2d:d8:d6:6d:72:f0:12:04:9b:37:a4:66:
                    07:23:42:2e:c2:b6:d0:be:c4:d0:ea:34:10:27:5c:
                    1b:fe:74:6a:37:f5:3c:50:00:a2:95:df:4b:e0:60:
                    d9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:1C:82:DB:8E:4B:7E:82:06:BB:B3:55:4C:98:BE:FD:D0:C2:82:FB
            X509v3 Authority Key Identifier:
                keyid:E3:1C:01:0E:95:01:5C:21:23:64:1D:33:12:0A:7E:9C:90:08:00:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xwBDpUBXCEjZB0zEgp-nJAIAC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/NxyC245LfoIGu7NVTJi-_dDCgvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/483806-045d-4856-b529-b47e74ed4e7e/1/4xwBDpUBXCEjZB0zEgp-nJAIAC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:30:ae:3e:bd:a0:ba:3f:76:f5:b0:c6:8f:42:11:53:ee:59:
         fb:52:df:8a:cc:28:8f:17:3b:03:89:78:e6:12:1a:a3:1b:b2:
         85:8c:53:a9:0e:99:f7:43:ee:58:f1:9d:b4:13:b5:b2:6e:aa:
         96:4a:3b:25:6a:af:94:44:b8:1c:f5:3e:c7:2f:f6:19:4b:40:
         44:1a:6f:84:5a:d7:a0:a8:19:29:a3:ca:f7:58:1e:66:47:cf:
         96:f1:3c:05:06:ca:d0:78:94:04:b4:f5:da:fb:3f:27:fa:f4:
         3c:21:4a:a5:fe:32:3a:3e:c0:af:1a:79:e3:a4:17:c3:cd:4d:
         f6:b0:ad:d4:c4:14:8a:12:00:5b:ef:42:0a:f4:91:56:5b:bf:
         ce:bf:82:50:c8:b1:5c:29:13:3e:ba:f5:1e:ca:3e:85:4a:35:
         16:83:99:16:d6:9f:08:2f:16:67:8b:16:b6:c0:49:0b:a2:0b:
         e7:00:ed:4c:52:1a:72:95:bc:e4:d9:ad:8d:df:1b:06:5a:ed:
         c0:52:4d:c9:a2:68:73:a1:45:dd:4f:af:1c:53:69:f9:5d:5e:
         38:b6:24:61:25:dc:00:60:17:5b:69:77:a9:d1:fd:45:a6:96:
         3f:89:03:80:6e:64:ec:8e:79:13:43:4c:ce:e4:2a:56:55:3e:
         62:e3:fd:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnm4P1xLprGFSrr+FlheiM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWMwMTBlOTUwMTVjMjEyMzY0MWQzMzEyMGE3ZTljOTAw
ODAwMmQwHhcNMjUxMDE1MDc1ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzFjODJkYjhlNGI3ZTgyMDZiYmIzNTU0Yzk4YmVmZGQwYzI4MmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8cSqUC0xP2nWMw7X4ge0s1N89Zr
FXg4+yfSfEORTJmTlErPkPwyP4dWEFN4oZ7tkW8EojooRHyn+nfZhVKGtm2sUeth
BF4JB8DC1/hsBlWqyyLbYnY9xYgBJJefXNUWOYmBMwb7VxJsqFCW1rNGR26ZW1k9
lRG5yjhE9cLqvXxEWT9Ud4UVBL9cx8y5plu918hs3LVJAY5JmVhZVnCyZpZd3/lC
yT40J3AzzBOzbaZ2jDqQjuUk/Pm9T6F0Igtvr6xVjNJ4p9GAT5M2X4kyxTef/G4t
2NZtcvASBJs3pGYHI0IuwrbQvsTQ6jQQJ1wb/nRqN/U8UACild9L4GDZ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDccgtuOS36CBruzVUyYvv3QwoL7MB8GA1UdIwQY
MBaAFOMcAQ6VAVwhI2QdMxIKfpyQCAAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHh3QkRwVUJYQ0VqWkIwekVncC1uSkFJQUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80ODM4MDYtMDQ1ZC00ODU2LWI1Mjkt
YjQ3ZTc0ZWQ0ZTdlLzEvTnh5QzI0NUxmb0lHdTdOVlRKaS1fZERDZ3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80ODM4MDYtMDQ1ZC00ODU2LWI1MjktYjQ3ZTc0ZWQ0ZTdl
LzEvNHh3QkRwVUJYQ0VqWkIwekVncC1uSkFJQUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW92KMA0G
CSqGSIb3DQEBCwUAA4IBAQCwMK4+vaC6P3b1sMaPQhFT7ln7Ut+KzCiPFzsDiXjm
EhqjG7KFjFOpDpn3Q+5Y8Z20E7WybqqWSjslaq+URLgc9T7HL/YZS0BEGm+EWteg
qBkpo8r3WB5mR8+W8TwFBsrQeJQEtPXa+z8n+vQ8IUql/jI6PsCvGnnjpBfDzU32
sK3UxBSKEgBb70IK9JFWW7/Ov4JQyLFcKRM+uvUeyj6FSjUWg5kW1p8ILxZnixa2
wEkLogvnAO1MUhpylbzk2a2N3xsGWu3AUk3JomhzoUXdT68cU2n5XV44tiRhJdwA
YBdbaXep0f1FppY/iQOAbmTsjnkTQ0zO5CpWVT5i4/1d
-----END CERTIFICATE-----