Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N3BMqylkh9bvWHMwFiLf-gKt05c.roa
File:                     N3BMqylkh9bvWHMwFiLf-gKt05c.roa (raw, json)
Hash identifier:          hbID2qn5kDk4YQKXpd21YknUsj5EZcvRK/uXiyYmeQs=
Subject key identifier:   37:70:4C:AB:29:64:87:D6:EF:58:73:30:16:22:DF:FA:02:AD:D3:97
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0199C7B085EE332942ACE97C0EBEB7682C52
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N3BMqylkh9bvWHMwFiLf-gKt05c.roa
Signing time:             Thu 09 Oct 2025 06:37:38 +0000
ROA not before:           Thu 09 Oct 2025 06:37:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        88.209.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:b0:85:ee:33:29:42:ac:e9:7c:0e:be:b7:68:2c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct  9 06:37:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37704cab296487d6ef5873301622dffa02add397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7a:98:56:4b:f4:2d:89:73:da:4a:9f:d3:b4:
                    5d:ff:82:f0:e0:4f:a7:e0:99:d4:6c:9a:17:d0:e7:
                    80:a6:30:08:af:22:8b:20:81:a4:c2:5c:bc:76:a6:
                    52:4d:4e:8c:ac:9a:bf:ca:d9:84:42:f2:15:74:26:
                    b4:d7:04:bb:9b:b9:6a:5e:72:45:53:de:1d:f4:f1:
                    2c:1b:51:18:b0:db:64:40:2a:9f:73:c7:95:5f:1e:
                    96:a4:a1:74:c4:94:9e:a3:83:ea:43:05:9a:81:80:
                    f0:2b:62:1f:7a:b1:a0:39:71:b6:31:dd:13:55:fa:
                    ab:22:28:b4:49:ae:20:8a:58:44:8f:40:25:a5:df:
                    ab:42:43:b0:ba:89:2f:61:11:31:8c:84:43:af:9c:
                    1b:4b:68:6d:20:f0:a8:1e:b8:c5:29:f7:35:58:c9:
                    03:0b:f5:2d:3f:a1:74:6c:57:61:93:7b:cb:f1:b1:
                    b5:aa:a3:cb:76:55:91:57:16:af:42:bc:fb:79:79:
                    e3:e1:f3:ad:41:ec:38:07:4c:fb:cf:ab:07:dc:f6:
                    87:9b:9b:ff:4c:9b:eb:b8:d7:89:36:a1:b3:f1:0f:
                    e1:fa:55:84:df:a0:f3:64:1f:fe:58:0b:a9:ea:35:
                    01:c7:e2:04:e1:2b:53:a0:ae:0e:18:89:67:72:ed:
                    b5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:70:4C:AB:29:64:87:D6:EF:58:73:30:16:22:DF:FA:02:AD:D3:97
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N3BMqylkh9bvWHMwFiLf-gKt05c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:2b:98:6a:18:48:8b:52:c9:18:30:44:fc:3b:56:91:16:d9:
         18:de:78:83:76:0a:c4:cb:ae:ba:e3:c1:84:16:02:2d:9c:97:
         48:cb:ed:f0:51:92:87:74:a2:d4:c6:e2:a7:c7:98:90:8f:b9:
         b2:22:96:af:4c:0e:06:45:6f:b7:e0:53:5c:7c:c4:a5:80:3e:
         88:6c:f9:9f:86:c4:5c:d6:92:1f:1b:f2:a8:f6:ca:6f:b4:e5:
         ab:53:31:bb:35:7f:f6:5c:ba:19:c0:5c:c8:b5:9e:05:4a:a1:
         d4:ca:cf:36:70:64:8c:3c:96:e4:64:fe:f1:52:11:c3:45:37:
         2c:40:ec:5b:b1:61:db:9e:bc:60:36:43:c1:ad:02:de:dd:2d:
         31:49:4e:cc:90:23:fb:93:4e:81:72:e8:36:85:71:a4:a9:be:
         69:17:60:6b:00:59:fa:3a:3c:05:ce:e5:30:ad:24:1b:7f:ac:
         2b:25:fa:3e:f2:a8:65:73:24:67:bb:61:12:5d:38:d0:77:63:
         ca:ec:3c:61:ae:59:7b:8a:56:8b:81:19:26:0d:7b:e6:a7:fc:
         1e:72:14:04:f4:1b:32:4c:22:ed:a0:da:5a:9c:a1:85:38:1e:
         e0:a7:ed:6e:c3:d0:1b:35:48:7b:b7:84:83:79:1d:1d:2b:d0:
         6c:a8:b6:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnHsIXuMylCrOl8Dr63aCxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMDA5MDYzNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzcwNGNhYjI5NjQ4N2Q2ZWY1ODczMzAxNjIyZGZmYTAyYWRkMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnqYVkv0LYlz2kqf07Rd/4Lw4E+n
4JnUbJoX0OeApjAIryKLIIGkwly8dqZSTU6MrJq/ytmEQvIVdCa01wS7m7lqXnJF
U94d9PEsG1EYsNtkQCqfc8eVXx6WpKF0xJSeo4PqQwWagYDwK2IferGgOXG2Md0T
VfqrIii0Sa4gilhEj0Alpd+rQkOwuokvYRExjIRDr5wbS2htIPCoHrjFKfc1WMkD
C/UtP6F0bFdhk3vL8bG1qqPLdlWRVxavQrz7eXnj4fOtQew4B0z7z6sH3PaHm5v/
TJvruNeJNqGz8Q/h+lWE36DzZB/+WAup6jUBx+IE4StToK4OGIlncu21bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdwTKspZIfW71hzMBYi3/oCrdOXMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTjNCTXF5bGtoOWJ2V0hNd0ZpTGYtZ0t0MDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNH3MA0G
CSqGSIb3DQEBCwUAA4IBAQBNK5hqGEiLUskYMET8O1aRFtkY3niDdgrEy66648GE
FgItnJdIy+3wUZKHdKLUxuKnx5iQj7myIpavTA4GRW+34FNcfMSlgD6IbPmfhsRc
1pIfG/Ko9spvtOWrUzG7NX/2XLoZwFzItZ4FSqHUys82cGSMPJbkZP7xUhHDRTcs
QOxbsWHbnrxgNkPBrQLe3S0xSU7MkCP7k06Bcug2hXGkqb5pF2BrAFn6OjwFzuUw
rSQbf6wrJfo+8qhlcyRnu2ESXTjQd2PK7Dxhrll7ilaLgRkmDXvmp/wechQE9Bsy
TCLtoNpanKGFOB7gp+1uw9AbNUh7t4SDeR0dK9BsqLaJ
-----END CERTIFICATE-----