Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/NP9ETkcPIfZiSMV55HsJboQ-GHY.roa
File:                     NP9ETkcPIfZiSMV55HsJboQ-GHY.roa (raw, json)
Hash identifier:          cI4wvFFvTdVvpTjPJ+zLUBYHPo+x7aSz3XoVXrfmrY4=
Subject key identifier:   34:FF:44:4E:47:0F:21:F6:62:48:C5:79:E4:7B:09:6E:84:3E:18:76
Certificate issuer:       /CN=5afd8667cce95be0ae96058c4550d7088035312f
Certificate serial:       01984B2EA61144DF45990C9997C13D473098
Authority key identifier: 5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/NP9ETkcPIfZiSMV55HsJboQ-GHY.roa
Signing time:             Sun 27 Jul 2025 09:20:05 +0000
ROA not before:           Sun 27 Jul 2025 09:20:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212158
IP address blocks:        195.246.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 15:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:2e:a6:11:44:df:45:99:0c:99:97:c1:3d:47:30:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afd8667cce95be0ae96058c4550d7088035312f
        Validity
            Not Before: Jul 27 09:20:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34ff444e470f21f66248c579e47b096e843e1876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:40:35:2d:91:eb:af:f0:b4:88:67:bf:91:a2:
                    72:1f:fb:a3:84:ae:4b:5a:4e:77:df:19:3a:c0:d9:
                    b7:e5:42:be:30:34:65:d6:8f:6c:11:b7:b0:0f:e0:
                    87:71:d9:f8:8a:b7:7a:97:07:e8:95:4a:38:db:b2:
                    62:da:96:19:6f:a6:54:10:85:3e:ba:1b:80:fa:4a:
                    02:76:86:be:00:18:79:eb:63:6a:d4:40:1a:50:f0:
                    9e:c5:a0:14:a9:68:b5:bf:79:8c:33:10:da:fe:aa:
                    1b:73:ad:36:67:1b:98:fc:0e:ce:b6:9d:9e:43:06:
                    38:98:74:4a:a8:c6:43:45:b9:d4:65:60:82:02:6a:
                    67:77:c3:0e:e3:fa:40:21:1c:cd:0e:71:21:13:b1:
                    29:52:86:f7:06:55:a3:69:5d:0a:17:bc:fb:09:7c:
                    a7:40:61:c2:6d:af:cf:d6:96:e5:be:14:89:e9:8b:
                    04:a3:81:56:f4:e5:76:c3:da:12:34:32:b2:08:a8:
                    bd:79:96:8e:e8:4e:c6:ab:1e:72:73:34:1e:67:79:
                    74:9a:96:0b:53:a6:e9:a0:de:5f:c4:0e:5c:06:2c:
                    29:9d:60:7e:53:c2:58:7a:6a:d9:8d:63:ff:eb:7e:
                    94:9d:ad:f2:b7:67:76:a9:f1:c3:63:eb:89:42:1c:
                    ba:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FF:44:4E:47:0F:21:F6:62:48:C5:79:E4:7B:09:6E:84:3E:18:76
            X509v3 Authority Key Identifier:
                keyid:5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/NP9ETkcPIfZiSMV55HsJboQ-GHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:2b:0a:e6:8d:07:19:ec:9c:81:6f:08:92:4b:24:24:27:dc:
         09:d9:db:9d:94:a8:15:3e:b3:17:0f:86:eb:86:95:49:77:27:
         2f:05:53:53:37:5a:93:ac:df:a5:39:70:05:85:2b:72:a1:c0:
         14:88:fc:a0:2f:20:40:5f:4f:a6:27:f8:db:40:41:cd:ee:55:
         f0:1f:57:84:c0:94:65:2c:0e:4b:05:ef:6f:f9:7b:2f:56:01:
         9f:95:b2:40:a8:8d:4c:a8:b6:3f:2a:eb:78:3f:a2:b5:dc:2a:
         f9:fe:fe:b5:9a:17:3a:af:0b:22:ab:11:5d:12:dc:58:65:d6:
         ac:2f:66:70:83:0b:4e:d6:50:44:a1:7f:b0:81:20:6a:11:33:
         39:37:4a:d2:5f:1d:44:ed:08:7e:db:22:7b:c9:46:8b:6a:0e:
         d7:77:01:9f:f0:9b:92:e9:27:d8:a9:cf:37:e7:14:b9:b6:dd:
         8c:63:8f:e7:ec:fa:0d:27:62:4f:75:57:0b:57:6e:63:89:f6:
         e2:11:02:f9:f1:1a:b1:55:fe:15:6b:d0:65:04:84:3b:36:fc:
         94:b6:34:74:e4:65:f0:f9:99:3b:b1:00:45:5c:ab:2c:34:db:
         74:85:f3:eb:01:2f:cc:30:8c:da:a8:bb:1e:cc:ba:34:56:ed:
         85:7a:5c:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhLLqYRRN9FmQyZl8E9RzCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmQ4NjY3Y2NlOTViZTBhZTk2MDU4YzQ1NTBkNzA4ODAz
NTMxMmYwHhcNMjUwNzI3MDkyMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZmNDQ0ZTQ3MGYyMWY2NjI0OGM1NzllNDdiMDk2ZTg0M2UxODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kA1LZHrr/C0iGe/kaJyH/ujhK5L
Wk533xk6wNm35UK+MDRl1o9sEbewD+CHcdn4ird6lwfolUo427Ji2pYZb6ZUEIU+
uhuA+koCdoa+ABh562Nq1EAaUPCexaAUqWi1v3mMMxDa/qobc602ZxuY/A7Otp2e
QwY4mHRKqMZDRbnUZWCCAmpnd8MO4/pAIRzNDnEhE7EpUob3BlWjaV0KF7z7CXyn
QGHCba/P1pblvhSJ6YsEo4FW9OV2w9oSNDKyCKi9eZaO6E7Gqx5yczQeZ3l0mpYL
U6bpoN5fxA5cBiwpnWB+U8JYemrZjWP/636Una3yt2d2qfHDY+uJQhy6oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT/RE5HDyH2YkjFeeR7CW6EPhh2MB8GA1UdIwQY
MBaAFFr9hmfM6VvgrpYFjEVQ1wiANTEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYt
MjQ5YWM3NzNjMjgyLzEvTlA5RVRrY1BJZlppU01WNTVIc0pib1EtR0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYtMjQ5YWM3NzNjMjgy
LzEvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/ZjMA0G
CSqGSIb3DQEBCwUAA4IBAQB3KwrmjQcZ7JyBbwiSSyQkJ9wJ2dudlKgVPrMXD4br
hpVJdycvBVNTN1qTrN+lOXAFhStyocAUiPygLyBAX0+mJ/jbQEHN7lXwH1eEwJRl
LA5LBe9v+XsvVgGflbJAqI1MqLY/Kut4P6K13Cr5/v61mhc6rwsiqxFdEtxYZdas
L2ZwgwtO1lBEoX+wgSBqETM5N0rSXx1E7Qh+2yJ7yUaLag7XdwGf8JuS6SfYqc83
5xS5tt2MY4/n7PoNJ2JPdVcLV25jifbiEQL58RqxVf4Va9BlBIQ7NvyUtjR05GXw
+Zk7sQBFXKssNNt0hfPrAS/MMIzaqLsezLo0Vu2Felz0
-----END CERTIFICATE-----