Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NvDW2az4cBgrue1v3rHHtNNtBPQ.roa
File:                     NvDW2az4cBgrue1v3rHHtNNtBPQ.roa (raw, json)
Hash identifier:          2uhpB6cjOwJwMe9Rki5NmQv98Dc25aCuEJDbljIFnpA=
Subject key identifier:   36:F0:D6:D9:AC:F8:70:18:2B:B9:ED:6F:DE:B1:C7:B4:D3:6D:04:F4
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019A53098103977453776E3349B98CFA0393
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NvDW2az4cBgrue1v3rHHtNNtBPQ.roa
Signing time:             Wed 05 Nov 2025 08:02:03 +0000
ROA not before:           Wed 05 Nov 2025 08:02:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        79.172.200.0/23 maxlen: 24
                          79.172.250.0/23 maxlen: 24
                          87.229.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 05:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:09:81:03:97:74:53:77:6e:33:49:b9:8c:fa:03:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Nov  5 08:02:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36f0d6d9acf870182bb9ed6fdeb1c7b4d36d04f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9b:f3:de:2a:e0:55:86:d4:2c:c9:22:46:10:
                    da:0c:72:e5:e1:c2:76:11:e8:d4:3d:89:76:86:67:
                    91:3f:bc:d9:04:f5:3b:94:59:48:87:25:41:4d:cf:
                    62:e9:28:56:45:9f:0d:24:fe:2d:39:8b:61:18:ed:
                    36:92:29:78:3e:74:c1:e6:cd:96:40:6c:8d:0a:70:
                    85:6a:eb:ff:56:a4:a7:52:3a:10:68:2a:2f:bb:3e:
                    44:77:cb:b6:0d:a5:60:39:63:8f:b2:e0:e9:78:22:
                    2a:75:eb:77:39:cb:6d:ba:73:8f:bb:d1:57:b9:23:
                    5e:37:c7:51:25:7d:f6:d2:bc:7f:5f:17:89:91:38:
                    f1:a6:93:5d:54:ac:a6:6d:92:20:2a:8d:b3:69:d0:
                    4b:bf:44:c4:51:88:58:41:f8:57:cf:d8:92:14:7a:
                    9b:5b:a8:c8:00:e4:f2:9c:26:78:0e:a2:b5:ce:f2:
                    78:e0:1a:c2:0b:d5:03:53:ab:04:10:78:7b:4e:70:
                    3f:51:22:c2:ea:81:bd:06:5f:16:b7:74:01:1e:f3:
                    b1:e8:d3:14:41:ca:ea:fe:c6:26:5e:e5:d8:de:e4:
                    8a:f0:b9:aa:79:87:ff:d4:bc:4f:97:55:59:94:c7:
                    ea:2d:fd:7a:e0:dd:2c:28:de:d2:d2:40:c2:13:3a:
                    eb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F0:D6:D9:AC:F8:70:18:2B:B9:ED:6F:DE:B1:C7:B4:D3:6D:04:F4
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NvDW2az4cBgrue1v3rHHtNNtBPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/23
                  79.172.250.0/23
                  87.229.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:47:c9:64:ec:16:d9:78:89:19:5b:ee:41:73:df:a4:1b:df:
         1f:a5:9f:13:d7:39:c1:de:d4:43:7c:71:65:4f:b5:1e:f0:40:
         bd:ad:e2:93:ee:8a:ce:14:fa:1c:dc:cf:55:08:8f:14:06:ab:
         ad:17:53:dc:3d:9d:2d:49:09:ca:3c:6c:5b:2d:cd:ad:64:f6:
         d5:b9:52:48:80:e7:5a:6d:2f:77:1e:7c:7a:ed:dd:0c:48:a4:
         29:34:48:86:e8:dc:c6:c7:74:50:e6:8f:07:98:a7:d5:5f:d5:
         11:bd:9f:a9:66:e5:fc:ae:fd:6d:36:fd:7f:2f:58:84:57:0c:
         6c:82:1b:ef:79:bf:6c:e6:ae:0b:59:dd:2a:4e:1a:5d:5f:84:
         1e:18:34:89:99:34:94:e3:c6:9c:c8:e4:4f:91:a0:4f:2e:15:
         f9:f2:25:64:b9:ff:5b:33:e7:28:32:f1:d4:22:c8:53:3c:f3:
         83:0c:c5:8d:ab:d8:db:08:1f:66:26:da:3e:60:40:80:2b:fe:
         61:d8:ca:7a:c8:1d:f0:18:25:1c:88:80:61:26:11:8c:44:e6:
         ed:11:70:29:f9:24:89:2d:cc:5f:17:d1:7d:19:03:bd:19:a4:
         70:85:ee:5e:d9:34:9a:06:f4:9e:3e:11:35:ba:f0:7a:31:5f:
         16:e7:c3:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpTCYEDl3RTd24zSbmM+gOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMTA1MDgwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmYwZDZkOWFjZjg3MDE4MmJiOWVkNmZkZWIxYzdiNGQzNmQwNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJvz3irgVYbULMkiRhDaDHLl4cJ2
EejUPYl2hmeRP7zZBPU7lFlIhyVBTc9i6ShWRZ8NJP4tOYthGO02kil4PnTB5s2W
QGyNCnCFauv/VqSnUjoQaCovuz5Ed8u2DaVgOWOPsuDpeCIqdet3OcttunOPu9FX
uSNeN8dRJX320rx/XxeJkTjxppNdVKymbZIgKo2zadBLv0TEUYhYQfhXz9iSFHqb
W6jIAOTynCZ4DqK1zvJ44BrCC9UDU6sEEHh7TnA/USLC6oG9Bl8Wt3QBHvOx6NMU
Qcrq/sYmXuXY3uSK8LmqeYf/1LxPl1VZlMfqLf164N0sKN7S0kDCEzrrBQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDbw1tms+HAYK7ntb96xx7TTbQT0MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvTnZEVzJhejRjQmdydWUxdjNySEh0Tk50QlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBT6zIAwQB
T6z6AwQCV+UIMA0GCSqGSIb3DQEBCwUAA4IBAQCeR8lk7BbZeIkZW+5Bc9+kG98f
pZ8T1znB3tRDfHFlT7Ue8EC9reKT7orOFPoc3M9VCI8UBqutF1PcPZ0tSQnKPGxb
Lc2tZPbVuVJIgOdabS93Hnx67d0MSKQpNEiG6NzGx3RQ5o8HmKfVX9URvZ+pZuX8
rv1tNv1/L1iEVwxsghvveb9s5q4LWd0qThpdX4QeGDSJmTSU48acyORPkaBPLhX5
8iVkuf9bM+coMvHUIshTPPODDMWNq9jbCB9mJto+YECAK/5h2Mp6yB3wGCUciIBh
JhGMRObtEXAp+SSJLcxfF9F9GQO9GaRwhe5e2TSaBvSePhE1uvB6MV8W58PU
-----END CERTIFICATE-----