Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/NPr8_e46sz8H4JR5QlVGvECNy6k.roa
File:                     NPr8_e46sz8H4JR5QlVGvECNy6k.roa (raw, json)
Hash identifier:          z5xILP0Xt/AwC2kYkY04BjCbsF3nJbNXJ0hJj+W9BVk=
Subject key identifier:   34:FA:FC:FD:EE:3A:B3:3F:07:E0:94:79:42:55:46:BC:40:8D:CB:A9
Certificate issuer:       /CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
Certificate serial:       019831C539ADBF5C8BFEDF560DA36D550760
Authority key identifier: 2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/NPr8_e46sz8H4JR5QlVGvECNy6k.roa
Signing time:             Tue 22 Jul 2025 10:54:25 +0000
ROA not before:           Tue 22 Jul 2025 10:54:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51048
IP address blocks:        45.88.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:31:c5:39:ad:bf:5c:8b:fe:df:56:0d:a3:6d:55:07:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
        Validity
            Not Before: Jul 22 10:54:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34fafcfdee3ab33f07e09479425546bc408dcba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3e:1d:91:fd:40:b2:03:4f:74:2a:e1:6d:30:
                    4a:13:b9:e8:84:46:4e:be:7c:96:5d:1b:dd:a6:dc:
                    16:50:dc:39:30:60:d7:b3:b8:4d:22:68:ac:5e:9f:
                    d6:4c:b5:f5:26:b1:95:d1:2f:b3:cb:10:67:89:77:
                    51:b8:c4:ea:d6:13:b0:ff:0d:f8:0d:63:b5:e9:6b:
                    f1:fb:2b:72:5d:91:e5:37:05:1c:1c:8b:ba:7a:e8:
                    f6:66:54:38:bf:a1:b4:4c:7a:7f:f4:24:9d:63:92:
                    3f:a1:bc:5d:a4:a7:a8:92:44:89:03:82:a8:34:b6:
                    75:7a:ea:9a:cf:6f:7e:d2:3b:d1:24:bc:1b:5c:f5:
                    13:d3:17:51:be:38:f3:8a:3e:dc:50:50:c0:3e:d2:
                    bd:26:f7:60:cf:88:ab:76:46:0c:90:d9:50:11:34:
                    37:30:67:e9:c0:3c:0e:62:ef:8e:c4:e7:e9:27:f1:
                    58:6c:6f:d1:08:b3:dc:8d:e6:34:b5:36:4a:d0:03:
                    61:ea:b9:70:9b:00:81:13:fb:a6:fc:8c:93:77:27:
                    26:c3:90:cd:49:41:ba:b5:19:6d:96:54:e7:ea:4c:
                    30:0e:68:f3:7a:ff:6e:07:12:c4:a4:48:11:82:43:
                    13:f7:1d:be:51:e3:dc:73:f2:80:92:08:b9:76:dd:
                    91:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FA:FC:FD:EE:3A:B3:3F:07:E0:94:79:42:55:46:BC:40:8D:CB:A9
            X509v3 Authority Key Identifier:
                keyid:2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/NPr8_e46sz8H4JR5QlVGvECNy6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:cb:59:c0:40:d5:51:27:75:fe:29:c0:e4:a6:ac:e3:51:bf:
         6d:67:ca:48:f6:78:e9:3e:e6:7e:63:f3:90:f0:f1:11:32:86:
         cc:89:cb:07:b8:c6:81:3c:ec:07:61:22:e7:52:05:56:f8:e9:
         48:fa:9f:22:33:c2:d3:77:6c:bd:a0:52:2e:d1:89:08:3c:37:
         b6:47:3c:4c:aa:32:ed:c1:10:da:84:df:15:cc:3e:92:37:f4:
         56:f9:01:e0:3e:1e:ac:c6:0c:03:4c:99:8f:2f:5b:1e:20:68:
         d7:b1:c4:d3:6a:40:b7:ec:72:82:03:d4:65:20:ed:b4:2b:2a:
         ac:5e:81:9a:26:25:5f:db:33:ab:ce:d5:53:ee:62:f7:09:2f:
         be:66:04:32:88:d4:78:05:2c:ae:8d:65:a2:aa:32:7c:70:f5:
         ec:99:81:f5:aa:57:55:67:55:e9:60:f2:0d:2e:51:77:5f:87:
         e7:0c:3f:51:5b:9c:91:ad:d0:a0:0a:39:5c:2b:83:86:a0:ad:
         90:b2:c0:2c:59:11:cd:70:0a:d0:85:8e:2f:c7:6c:8c:9a:b2:
         9c:77:b4:d4:36:fa:d6:23:bd:11:a2:0a:06:6f:de:e4:f6:6c:
         2c:77:34:f7:5a:50:27:11:1a:b2:92:15:4d:0d:08:e9:95:a4:
         e0:5b:8e:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgxxTmtv1yL/t9WDaNtVQdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNDQ3MjMzNmM5ZDAyYTQ4OGNkZDc3NTM0ZDY1ZmIxNDY1
ZWMwOWEwHhcNMjUwNzIyMTA1NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZhZmNmZGVlM2FiMzNmMDdlMDk0Nzk0MjU1NDZiYzQwOGRjYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD4dkf1AsgNPdCrhbTBKE7nohEZO
vnyWXRvdptwWUNw5MGDXs7hNImisXp/WTLX1JrGV0S+zyxBniXdRuMTq1hOw/w34
DWO16Wvx+ytyXZHlNwUcHIu6euj2ZlQ4v6G0THp/9CSdY5I/obxdpKeokkSJA4Ko
NLZ1euqaz29+0jvRJLwbXPUT0xdRvjjzij7cUFDAPtK9Jvdgz4irdkYMkNlQETQ3
MGfpwDwOYu+OxOfpJ/FYbG/RCLPcjeY0tTZK0ANh6rlwmwCBE/um/IyTdycmw5DN
SUG6tRltllTn6kwwDmjzev9uBxLEpEgRgkMT9x2+UePcc/KAkgi5dt2RNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT6/P3uOrM/B+CUeUJVRrxAjcupMB8GA1UdIwQY
MBaAFCpEcjNsnQKkiM3XdTTWX7FGXsCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUt
MDA4NmQwMjM4NWQ2LzEvTlByOF9lNDZzejhINEpSNVFsVkd2RUNOeTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUtMDA4NmQwMjM4NWQ2
LzEvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVgbMA0G
CSqGSIb3DQEBCwUAA4IBAQAZy1nAQNVRJ3X+KcDkpqzjUb9tZ8pI9njpPuZ+Y/OQ
8PERMobMicsHuMaBPOwHYSLnUgVW+OlI+p8iM8LTd2y9oFIu0YkIPDe2RzxMqjLt
wRDahN8VzD6SN/RW+QHgPh6sxgwDTJmPL1seIGjXscTTakC37HKCA9RlIO20Kyqs
XoGaJiVf2zOrztVT7mL3CS++ZgQyiNR4BSyujWWiqjJ8cPXsmYH1qldVZ1XpYPIN
LlF3X4fnDD9RW5yRrdCgCjlcK4OGoK2QssAsWRHNcArQhY4vx2yMmrKcd7TUNvrW
I70RogoGb97k9mwsdzT3WlAnERqykhVNDQjplaTgW46Z
-----END CERTIFICATE-----