Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/N_353yN0ZVbWs_anZKkB7VFDxu4.roa
File:                     N_353yN0ZVbWs_anZKkB7VFDxu4.roa (raw, json)
Hash identifier:          hMwRKapbkWsadMleA5KvqY1DK5C4Jjvpw+7CS/Z4ugY=
Subject key identifier:   37:FD:F9:DF:23:74:65:56:D6:B3:F6:A7:64:A9:01:ED:51:43:C6:EE
Certificate issuer:       /CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
Certificate serial:       019A0BAB3D9EEADB1EEC5A12B6588D182D59
Authority key identifier: D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/N_353yN0ZVbWs_anZKkB7VFDxu4.roa
Signing time:             Wed 22 Oct 2025 11:26:03 +0000
ROA not before:           Wed 22 Oct 2025 11:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        178.20.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:ab:3d:9e:ea:db:1e:ec:5a:12:b6:58:8d:18:2d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
        Validity
            Not Before: Oct 22 11:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37fdf9df23746556d6b3f6a764a901ed5143c6ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3b:f5:61:03:8a:e6:83:44:e3:f6:36:73:4c:
                    25:2e:b1:e1:b0:5c:ac:92:3f:91:37:9e:c9:da:27:
                    1e:b6:a2:5a:43:b4:3b:4b:46:cf:23:19:be:f3:e2:
                    36:b3:8f:78:76:f7:dd:9b:f9:57:b7:82:31:4c:19:
                    d9:af:7b:0c:0c:dc:f8:ed:9e:8b:1a:30:cb:13:be:
                    2a:5c:0f:e2:b9:be:ed:b6:38:30:f0:c0:8a:f2:f8:
                    46:93:68:5e:39:95:5e:a0:8a:66:4e:80:09:07:a0:
                    f0:8a:5b:e0:9e:b7:2d:25:f5:d9:4f:43:89:9e:67:
                    15:bc:e8:46:20:d0:b8:36:33:4a:43:42:ac:a2:99:
                    4c:1a:20:5c:c6:ad:02:0d:4c:91:2e:ef:7e:00:95:
                    ca:97:f1:cc:09:3a:d3:31:69:40:05:1f:4b:d7:0a:
                    5e:6c:e8:a8:b2:94:01:62:1e:15:81:14:1b:14:bd:
                    3f:e6:b7:ba:db:64:81:58:3f:ae:ab:94:c0:78:8f:
                    02:37:55:b2:67:18:6f:72:3c:85:62:e6:36:84:b0:
                    c4:59:63:61:c1:df:4c:06:5e:4b:8f:1c:e5:c7:3c:
                    80:19:ac:f3:c8:43:67:e4:a6:2f:0f:59:4c:b5:ce:
                    c7:9a:e5:a7:9a:f7:07:62:2b:ed:5e:fd:68:d4:2c:
                    5b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FD:F9:DF:23:74:65:56:D6:B3:F6:A7:64:A9:01:ED:51:43:C6:EE
            X509v3 Authority Key Identifier:
                keyid:D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/N_353yN0ZVbWs_anZKkB7VFDxu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0d:26:cf:7c:50:b5:0b:c1:b1:a5:19:26:29:c7:fe:28:c0:
         05:4b:aa:69:88:dc:65:bc:e3:ef:ba:e9:8d:bf:6e:2f:8a:c8:
         c8:ec:ee:17:c8:f6:0e:2e:d7:a4:75:ed:b9:ae:47:05:2b:25:
         5f:61:19:95:95:cf:7d:17:5c:5d:0c:b4:f0:85:49:5a:c9:0c:
         55:b2:fd:ed:e9:09:7e:6e:5a:9f:07:b4:21:9b:0f:dd:25:ad:
         25:34:0b:ba:4d:1a:ea:55:19:d6:99:65:6d:16:a8:47:59:e2:
         da:85:fa:98:f8:ea:0f:e0:be:ec:5f:a5:62:36:80:ec:b0:07:
         8d:2e:79:78:95:ac:8c:4c:db:33:85:05:74:f2:79:6a:60:d1:
         aa:fd:55:a5:83:32:10:0c:59:72:9d:27:f6:52:87:f3:64:ea:
         74:95:7e:9c:55:1d:30:01:e4:c6:87:f1:d1:55:96:5b:78:43:
         2c:85:39:cd:89:d9:52:d3:7b:b0:d2:fd:63:5f:0f:e4:29:07:
         0d:e1:cf:51:3e:bf:31:97:0d:36:66:bf:a7:5a:29:6a:2e:a2:
         49:80:d3:ee:3e:b9:91:e4:41:fb:f7:cd:9d:1f:98:31:b3:63:
         df:cd:aa:08:23:cd:0b:4e:c3:79:bc:ca:58:98:8f:5d:f7:5f:
         4c:03:fd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLqz2e6tse7FoStliNGC1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2E1NGYwMmY0OWY0NWFkNWQ3M2U1NTUxZDA5NjE4MWJj
ZTNmNmUwHhcNMjUxMDIyMTEyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZkZjlkZjIzNzQ2NTU2ZDZiM2Y2YTc2NGE5MDFlZDUxNDNjNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjv1YQOK5oNE4/Y2c0wlLrHhsFys
kj+RN57J2icetqJaQ7Q7S0bPIxm+8+I2s494dvfdm/lXt4IxTBnZr3sMDNz47Z6L
GjDLE74qXA/iub7ttjgw8MCK8vhGk2heOZVeoIpmToAJB6DwilvgnrctJfXZT0OJ
nmcVvOhGINC4NjNKQ0KsoplMGiBcxq0CDUyRLu9+AJXKl/HMCTrTMWlABR9L1wpe
bOiospQBYh4VgRQbFL0/5re622SBWD+uq5TAeI8CN1WyZxhvcjyFYuY2hLDEWWNh
wd9MBl5LjxzlxzyAGazzyENn5KYvD1lMtc7HmuWnmvcHYivtXv1o1CxbAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf9+d8jdGVW1rP2p2SpAe1RQ8buMB8GA1UdIwQY
MBaAFNk6VPAvSfRa1dc+VVHQlhgbzj9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMt
MDVkNThmMGNiODhjLzEvTl8zNTN5TjBaVmJXc19hblpLa0I3VkZEeHU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMtMDVkNThmMGNiODhj
LzEvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTTMA0G
CSqGSIb3DQEBCwUAA4IBAQAfDSbPfFC1C8GxpRkmKcf+KMAFS6ppiNxlvOPvuumN
v24visjI7O4XyPYOLtekde25rkcFKyVfYRmVlc99F1xdDLTwhUlayQxVsv3t6Ql+
blqfB7Qhmw/dJa0lNAu6TRrqVRnWmWVtFqhHWeLahfqY+OoP4L7sX6ViNoDssAeN
Lnl4layMTNszhQV08nlqYNGq/VWlgzIQDFlynSf2UofzZOp0lX6cVR0wAeTGh/HR
VZZbeEMshTnNidlS03uw0v1jXw/kKQcN4c9RPr8xlw02Zr+nWilqLqJJgNPuPrmR
5EH7982dH5gxs2PfzaoII80LTsN5vMpYmI9d919MA/2e
-----END CERTIFICATE-----