Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/n3k1GpoGxoZhsNYL7eILCJhYF9U.roa
File:                     n3k1GpoGxoZhsNYL7eILCJhYF9U.roa (raw, json)
Hash identifier:          2ZX2i5IXBPMBQivGLSvXSyc3bs9grTkCwo3dgilddL8=
Subject key identifier:   9F:79:35:1A:9A:06:C6:86:61:B0:D6:0B:ED:E2:0B:08:98:58:17:D5
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019A43E26C4BF888E6AD49853D4DE896A78C
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/n3k1GpoGxoZhsNYL7eILCJhYF9U.roa
Signing time:             Sun 02 Nov 2025 09:25:03 +0000
ROA not before:           Sun 02 Nov 2025 09:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        79.172.228.0/24 maxlen: 24
                          87.229.34.0/24 maxlen: 24
                          87.229.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:e2:6c:4b:f8:88:e6:ad:49:85:3d:4d:e8:96:a7:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Nov  2 09:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f79351a9a06c68661b0d60bede20b08985817d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fa:7c:49:f5:12:75:94:d7:a7:86:76:86:4c:
                    b9:f9:2e:14:bc:0f:0d:45:25:d4:ab:a6:b7:5e:d1:
                    88:72:a1:70:4e:05:ff:d4:d1:3b:9d:e2:af:b4:d7:
                    c5:02:ff:65:87:cf:9e:0b:2f:b8:9a:5d:86:20:1d:
                    93:bd:b4:84:ca:02:8e:35:aa:17:f0:2c:7a:25:1c:
                    8f:75:73:99:08:82:8c:21:88:d0:29:2e:3b:a0:0a:
                    8b:21:c0:0e:81:ef:cc:ee:e8:0e:f0:b4:13:3e:0e:
                    b8:ff:cd:ad:bb:bb:22:31:1d:ae:d6:7f:61:06:16:
                    3b:e8:a6:0e:12:30:da:02:be:4a:f1:e7:2e:cd:cb:
                    f3:e2:f1:54:d9:f3:b4:cc:31:f0:e6:ff:86:ef:ea:
                    fd:b6:03:fd:ee:cf:31:88:15:37:5d:b6:43:20:5b:
                    02:02:d0:a9:57:cc:87:ff:fa:05:0e:ed:d8:2a:75:
                    87:51:c0:c1:9c:58:89:24:eb:28:c8:ae:1a:90:ce:
                    bc:4e:eb:1b:a9:38:7b:fd:f4:ae:77:5a:79:99:c7:
                    4a:6c:41:e9:3f:17:fb:e4:db:01:51:0f:e7:f3:bf:
                    93:b0:01:31:f1:ee:9d:3e:7e:e8:d5:1b:4f:92:43:
                    ee:a4:09:c4:87:df:c6:37:bb:e0:2f:7c:9d:23:19:
                    2f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:79:35:1A:9A:06:C6:86:61:B0:D6:0B:ED:E2:0B:08:98:58:17:D5
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/n3k1GpoGxoZhsNYL7eILCJhYF9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.228.0/24
                  87.229.34.0/24
                  87.229.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a2:f1:36:87:b1:18:1e:fa:5b:7d:2d:e6:52:7f:16:ef:d4:
         a1:58:bb:bb:0f:1e:d9:d1:0e:13:7f:30:24:89:10:d1:f7:11:
         db:e4:d4:ad:e7:4b:17:84:3b:e4:8c:87:ac:ce:68:ab:4b:af:
         d6:81:9d:28:cc:6a:e3:0c:20:ec:6f:51:e3:74:a3:2b:27:ff:
         69:9d:85:d1:f4:6e:f9:5b:05:a3:ec:25:e9:82:38:c5:d4:62:
         b3:3a:4e:35:48:1f:0a:6f:f2:76:8a:1b:b1:87:cc:00:0a:9c:
         94:aa:ee:70:16:ef:fc:f8:0e:ff:a3:0a:eb:84:0a:e6:da:d2:
         b2:ff:36:b0:5f:4b:ba:1c:91:83:69:3f:c3:d4:6e:84:60:89:
         84:3f:00:f7:e0:d6:47:46:9a:77:40:6a:90:ae:76:9c:ab:61:
         ef:81:04:cd:c4:a5:78:bc:02:ff:2f:de:56:1e:96:16:e3:0b:
         01:e1:55:d9:64:9c:51:0f:22:c3:48:62:5d:ec:e1:a7:d9:50:
         81:e4:4b:5e:6e:0b:cb:eb:31:8b:c6:55:31:39:8b:c8:4c:c3:
         35:b3:3b:85:7b:09:04:f5:37:22:41:af:d0:78:15:d4:8e:47:
         cd:b3:97:6c:75:2f:42:ea:ab:d3:97:a6:ee:93:e8:eb:6d:b2:
         b1:ee:0b:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpD4mxL+IjmrUmFPU3olqeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMTAyMDkyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc5MzUxYTlhMDZjNjg2NjFiMGQ2MGJlZGUyMGIwODk4NTgxN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vp8SfUSdZTXp4Z2hky5+S4UvA8N
RSXUq6a3XtGIcqFwTgX/1NE7neKvtNfFAv9lh8+eCy+4ml2GIB2TvbSEygKONaoX
8Cx6JRyPdXOZCIKMIYjQKS47oAqLIcAOge/M7ugO8LQTPg64/82tu7siMR2u1n9h
BhY76KYOEjDaAr5K8ecuzcvz4vFU2fO0zDHw5v+G7+r9tgP97s8xiBU3XbZDIFsC
AtCpV8yH//oFDu3YKnWHUcDBnFiJJOsoyK4akM68TusbqTh7/fSud1p5mcdKbEHp
Pxf75NsBUQ/n87+TsAEx8e6dPn7o1RtPkkPupAnEh9/GN7vgL3ydIxkvHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ95NRqaBsaGYbDWC+3iCwiYWBfVMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvbjNrMUdwb0d4b1poc05ZTDdlSUxDSmhZRjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT6zkAwQA
V+UiAwQAV+VwMA0GCSqGSIb3DQEBCwUAA4IBAQA+ovE2h7EYHvpbfS3mUn8W79Sh
WLu7Dx7Z0Q4TfzAkiRDR9xHb5NSt50sXhDvkjIeszmirS6/WgZ0ozGrjDCDsb1Hj
dKMrJ/9pnYXR9G75WwWj7CXpgjjF1GKzOk41SB8Kb/J2ihuxh8wACpyUqu5wFu/8
+A7/owrrhArm2tKy/zawX0u6HJGDaT/D1G6EYImEPwD34NZHRpp3QGqQrnacq2Hv
gQTNxKV4vAL/L95WHpYW4wsB4VXZZJxRDyLDSGJd7OGn2VCB5EtebgvL6zGLxlUx
OYvITMM1szuFewkE9TciQa/QeBXUjkfNs5dsdS9C6qvTl6buk+jrbbKx7gv7
-----END CERTIFICATE-----