Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/NFK0Hjvsp_Sq78uC-zn-OtIs2io.roa
File:                     NFK0Hjvsp_Sq78uC-zn-OtIs2io.roa (raw, json)
Hash identifier:          RkRZ6SorlL5rZdfTuNFGZoclIhB5xyBOn5s6WMdE+L4=
Subject key identifier:   34:52:B4:1E:3B:EC:A7:F4:AA:EF:CB:82:FB:39:FE:3A:D2:2C:DA:2A
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       0197F025F54786C2510D63D96EB8F801AF4A
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/NFK0Hjvsp_Sq78uC-zn-OtIs2io.roa
Signing time:             Wed 09 Jul 2025 17:05:08 +0000
ROA not before:           Wed 09 Jul 2025 17:05:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5619
IP address blocks:        90.182.87.0/24 maxlen: 24
                          90.182.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:25:f5:47:86:c2:51:0d:63:d9:6e:b8:f8:01:af:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jul  9 17:05:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3452b41e3beca7f4aaefcb82fb39fe3ad22cda2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:7c:74:a7:67:99:05:3c:72:45:ee:f1:7b:50:
                    79:47:c3:29:f6:8e:9e:05:15:46:d0:c4:46:69:74:
                    1e:9d:10:78:37:5a:de:c9:fe:4b:d1:f4:07:dc:5a:
                    4d:bb:78:3b:46:10:d3:e2:f9:ea:16:ac:ad:6d:ab:
                    1c:f1:a5:ad:b4:fb:ba:ff:be:63:d9:f5:de:e6:15:
                    ac:45:20:16:2a:62:a3:75:2c:39:a3:27:c1:b2:46:
                    99:38:e6:43:06:5a:6d:12:01:1d:9f:82:02:58:c0:
                    02:e6:a9:12:46:8c:65:7c:18:17:8e:08:dd:a6:4e:
                    6a:29:58:42:86:f2:8b:76:17:4a:ca:a9:04:b9:cf:
                    3d:03:1d:1e:4a:11:55:be:4a:8d:1c:73:47:1a:6e:
                    5d:ae:77:df:6b:c3:e5:f2:e5:8b:e1:59:8d:90:49:
                    6b:59:e2:fc:9d:e8:7d:de:ac:7b:b4:e1:f5:13:ac:
                    3d:c8:b5:d4:9c:9c:b8:56:b4:a1:50:52:2f:c1:25:
                    47:4d:64:33:27:a3:64:c6:39:62:c1:1c:64:07:df:
                    6d:31:ef:4f:b4:ae:9b:04:62:09:54:1c:e2:74:2e:
                    13:38:a5:75:0e:0a:08:9a:9d:22:05:4d:05:ce:99:
                    18:f0:35:61:7b:89:e1:06:eb:4c:77:72:07:6b:57:
                    e7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:52:B4:1E:3B:EC:A7:F4:AA:EF:CB:82:FB:39:FE:3A:D2:2C:DA:2A
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/NFK0Hjvsp_Sq78uC-zn-OtIs2io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.182.87.0/24
                  90.182.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ee:6f:79:d1:d5:6f:39:ab:39:f5:1a:15:02:bf:86:1e:60:
         da:fa:9b:36:f5:05:be:fe:11:53:17:36:44:27:51:02:22:5e:
         65:c2:58:cb:39:37:17:a0:2f:3c:f9:ec:d8:dc:37:93:6e:b9:
         2c:6f:0e:f5:a3:0e:6e:86:cc:74:5f:fb:44:b1:6e:a8:46:47:
         08:22:d0:bf:92:e4:f8:36:8d:45:e4:d7:f5:d2:71:0d:8d:b1:
         4b:1b:4a:a3:18:82:cd:f8:e6:72:0d:d0:bc:47:ad:f6:3c:c2:
         22:10:7b:95:ae:5c:59:e4:6d:dc:83:02:1c:4c:11:0e:7f:49:
         7f:b8:74:24:2e:ca:02:42:9e:9a:4c:d6:00:9b:d2:c1:b9:47:
         8d:c5:30:a1:46:b6:71:46:09:87:38:cd:97:6c:26:38:ae:30:
         98:1e:39:4f:08:08:b7:a3:32:b6:a9:e7:00:04:a7:34:bc:f9:
         76:16:7f:e8:fb:0d:2e:a3:44:41:92:79:1c:ec:da:07:a7:e0:
         3d:65:b8:5e:c3:43:f7:00:9c:f5:3b:08:9c:c8:e6:54:53:e4:
         55:d2:2a:a8:93:7e:a3:ac:3c:09:17:11:26:a2:5b:58:b0:31:
         d1:e9:2d:f7:8d:7c:5c:d8:88:a1:3d:75:d3:e0:9f:42:ad:8f:
         f8:1e:c6:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfwJfVHhsJRDWPZbrj4Aa9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjUwNzA5MTcwNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDUyYjQxZTNiZWNhN2Y0YWFlZmNiODJmYjM5ZmUzYWQyMmNkYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Hx0p2eZBTxyRe7xe1B5R8Mp9o6e
BRVG0MRGaXQenRB4N1reyf5L0fQH3FpNu3g7RhDT4vnqFqytbasc8aWttPu6/75j
2fXe5hWsRSAWKmKjdSw5oyfBskaZOOZDBlptEgEdn4ICWMAC5qkSRoxlfBgXjgjd
pk5qKVhChvKLdhdKyqkEuc89Ax0eShFVvkqNHHNHGm5drnffa8Pl8uWL4VmNkElr
WeL8neh93qx7tOH1E6w9yLXUnJy4VrShUFIvwSVHTWQzJ6NkxjliwRxkB99tMe9P
tK6bBGIJVBzidC4TOKV1DgoImp0iBU0FzpkY8DVhe4nhButMd3IHa1fnywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDRStB477Kf0qu/Lgvs5/jrSLNoqMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvTkZLMEhqdnNwX1NxNzh1Qy16bi1PdElzMmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWrZXAwQA
WrbcMA0GCSqGSIb3DQEBCwUAA4IBAQAA7m950dVvOas59RoVAr+GHmDa+ps29QW+
/hFTFzZEJ1ECIl5lwljLOTcXoC88+ezY3DeTbrksbw71ow5uhsx0X/tEsW6oRkcI
ItC/kuT4No1F5Nf10nENjbFLG0qjGILN+OZyDdC8R632PMIiEHuVrlxZ5G3cgwIc
TBEOf0l/uHQkLsoCQp6aTNYAm9LBuUeNxTChRrZxRgmHOM2XbCY4rjCYHjlPCAi3
ozK2qecABKc0vPl2Fn/o+w0uo0RBknkc7NoHp+A9Zbhew0P3AJz1OwicyOZUU+RV
0iqok36jrDwJFxEmoltYsDHR6S33jXxc2IihPXXT4J9CrY/4HsZk
-----END CERTIFICATE-----