Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/NcvL-cWiOsIwbHlPpjJOxwZQhdo.roa
File:                     NcvL-cWiOsIwbHlPpjJOxwZQhdo.roa (raw, json)
Hash identifier:          Esp//dlbeL22yi1M90HkNJoPvC1Y47F4dd714WYg0sw=
Subject key identifier:   35:CB:CB:F9:C5:A2:3A:C2:30:6C:79:4F:A6:32:4E:C7:06:50:85:DA
Certificate issuer:       /CN=1a70a721d1b53ed91d85b6c535ac72b4904f9c3d
Certificate serial:       019A017F6BB422AF27908327F073FA707953
Authority key identifier: 1A:70:A7:21:D1:B5:3E:D9:1D:85:B6:C5:35:AC:72:B4:90:4F:9C:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/NcvL-cWiOsIwbHlPpjJOxwZQhdo.roa
Signing time:             Mon 20 Oct 2025 12:01:59 +0000
ROA not before:           Mon 20 Oct 2025 12:01:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        193.23.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:7f:6b:b4:22:af:27:90:83:27:f0:73:fa:70:79:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a70a721d1b53ed91d85b6c535ac72b4904f9c3d
        Validity
            Not Before: Oct 20 12:01:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35cbcbf9c5a23ac2306c794fa6324ec7065085da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:69:3e:79:26:c7:22:c8:83:65:70:82:66:1c:
                    35:34:f9:1c:3d:1f:99:e7:57:1c:bb:71:f8:d8:c6:
                    db:0d:99:7b:17:63:5e:5b:7c:af:71:89:25:e1:e9:
                    06:dc:27:0f:85:e6:58:37:d1:f2:55:6b:8c:fb:0e:
                    8d:17:84:04:48:52:b5:2d:64:91:c4:94:86:78:b2:
                    08:f3:3e:32:73:71:c3:57:99:4b:f3:ad:a4:70:a0:
                    b8:ae:2d:d7:77:88:fc:97:14:45:8e:8d:c3:31:f0:
                    56:c7:fd:b4:60:b3:6e:9b:5b:19:5f:79:68:68:f4:
                    5a:87:ad:71:91:b3:1d:08:3d:59:48:3a:a6:75:f5:
                    53:95:c3:c7:8c:64:62:8f:7b:a4:57:e5:4a:dc:fe:
                    d6:52:ba:04:ce:3b:b1:eb:e5:78:5d:29:8f:19:67:
                    85:3d:4e:4c:63:9d:1a:f3:c2:2e:d4:0f:22:a1:8c:
                    97:47:0b:72:31:d1:6b:be:74:34:53:6a:d7:07:bb:
                    05:ba:7b:98:c6:01:39:90:e1:4b:9a:85:f6:6a:12:
                    9f:07:e6:87:8f:d9:e4:df:90:92:e7:68:f2:fb:6f:
                    44:f3:a8:35:ad:99:27:5a:df:7f:fa:08:2e:15:aa:
                    d7:77:a1:ff:cb:18:06:cc:cf:16:01:42:97:09:61:
                    d6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:CB:CB:F9:C5:A2:3A:C2:30:6C:79:4F:A6:32:4E:C7:06:50:85:DA
            X509v3 Authority Key Identifier:
                keyid:1A:70:A7:21:D1:B5:3E:D9:1D:85:B6:C5:35:AC:72:B4:90:4F:9C:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/NcvL-cWiOsIwbHlPpjJOxwZQhdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:c5:ed:1a:da:27:02:2e:76:b3:41:33:50:99:04:44:20:92:
         08:4e:7e:a2:6a:1b:c9:53:94:59:6a:a6:c1:93:de:a4:ae:a8:
         9d:0b:87:3e:44:63:6a:b0:b9:c0:90:84:82:5d:c3:19:6d:bd:
         46:6a:44:51:6f:7c:3a:7c:d5:d3:47:73:53:eb:37:bb:1e:7b:
         d2:a2:96:68:32:7b:d7:40:99:d1:30:bd:05:20:4f:df:8b:3c:
         b2:63:65:dc:87:29:f9:ff:e8:52:7c:c9:1e:71:59:c3:55:45:
         ee:1f:22:01:a3:a4:89:68:8e:84:ba:0d:e6:fb:d5:4d:07:37:
         c6:6a:5b:14:2d:7f:06:b9:3e:14:82:b6:1e:17:10:be:3f:8d:
         e4:64:81:2f:d3:f8:17:60:a7:39:9e:91:c4:7e:7d:8a:a6:f0:
         c8:6c:d4:fb:d6:e4:ef:ca:a6:79:b9:76:ab:fb:03:1c:b2:39:
         07:c4:85:80:88:29:78:dc:9e:2f:32:56:69:c7:a6:27:f4:e2:
         7b:f5:32:86:72:62:4c:c9:d2:f8:b2:7a:52:c2:fb:2b:84:58:
         e6:30:d9:53:ba:c9:d9:fa:0a:72:15:7b:56:66:f3:82:fb:92:
         a5:be:78:16:1a:a8:9b:8d:ee:ee:3d:74:13:44:5e:55:80:7a:
         32:58:7a:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoBf2u0Iq8nkIMn8HP6cHlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNzBhNzIxZDFiNTNlZDkxZDg1YjZjNTM1YWM3MmI0OTA0
ZjljM2QwHhcNMjUxMDIwMTIwMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWNiY2JmOWM1YTIzYWMyMzA2Yzc5NGZhNjMyNGVjNzA2NTA4NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2k+eSbHIsiDZXCCZhw1NPkcPR+Z
51ccu3H42MbbDZl7F2NeW3yvcYkl4ekG3CcPheZYN9HyVWuM+w6NF4QESFK1LWSR
xJSGeLII8z4yc3HDV5lL862kcKC4ri3Xd4j8lxRFjo3DMfBWx/20YLNum1sZX3lo
aPRah61xkbMdCD1ZSDqmdfVTlcPHjGRij3ukV+VK3P7WUroEzjux6+V4XSmPGWeF
PU5MY50a88Iu1A8ioYyXRwtyMdFrvnQ0U2rXB7sFunuYxgE5kOFLmoX2ahKfB+aH
j9nk35CS52jy+29E86g1rZknWt9/+gguFarXd6H/yxgGzM8WAUKXCWHW3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXLy/nFojrCMGx5T6YyTscGUIXaMB8GA1UdIwQY
MBaAFBpwpyHRtT7ZHYW2xTWscrSQT5w9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR25DbklkRzFQdGtkaGJiRk5heHl0SkJQbkQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wZTA5NWItNjg5MS00NWM1LWEzYTEt
ZjBjNGViMTU0MjYxLzEvTmN2TC1jV2lPc0l3YkhsUHBqSk94d1pRaGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wZTA5NWItNjg5MS00NWM1LWEzYTEtZjBjNGViMTU0MjYx
LzEvR25DbklkRzFQdGtkaGJiRk5heHl0SkJQbkQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRcYMA0G
CSqGSIb3DQEBCwUAA4IBAQBAxe0a2icCLnazQTNQmQREIJIITn6iahvJU5RZaqbB
k96krqidC4c+RGNqsLnAkISCXcMZbb1GakRRb3w6fNXTR3NT6ze7HnvSopZoMnvX
QJnRML0FIE/fizyyY2Xchyn5/+hSfMkecVnDVUXuHyIBo6SJaI6Eug3m+9VNBzfG
alsULX8GuT4UgrYeFxC+P43kZIEv0/gXYKc5npHEfn2KpvDIbNT71uTvyqZ5uXar
+wMcsjkHxIWAiCl43J4vMlZpx6Yn9OJ79TKGcmJMydL4snpSwvsrhFjmMNlTusnZ
+gpyFXtWZvOC+5KlvngWGqibje7uPXQTRF5VgHoyWHq5
-----END CERTIFICATE-----