Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ng9Th0WDUlHnwzKfFfciBEcUafA.roa
File:                     Ng9Th0WDUlHnwzKfFfciBEcUafA.roa (raw, json)
Hash identifier:          eNw7usxld6+OlHNgMwiycOJ5x4cMD7CEt+8UU1lok4E=
Subject key identifier:   36:0F:53:87:45:83:52:51:E7:C3:32:9F:15:F7:22:04:47:14:69:F0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019809336B873CCA854366B3AA318F4BAB84
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ng9Th0WDUlHnwzKfFfciBEcUafA.roa
Signing time:             Mon 14 Jul 2025 13:50:21 +0000
ROA not before:           Mon 14 Jul 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208392
IP address blocks:        185.114.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:6b:87:3c:ca:85:43:66:b3:aa:31:8f:4b:ab:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 14 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=360f538745835251e7c3329f15f72204471469f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:4d:ef:fd:1a:fe:79:03:20:e3:80:1f:e6:
                    5d:37:16:e3:20:2c:56:70:0c:0c:aa:e8:3f:20:b1:
                    e6:66:bf:e4:8a:3d:e9:bf:d8:a2:f3:7d:f1:f8:ee:
                    35:58:57:e4:99:60:94:d6:7c:04:f4:48:bf:44:d1:
                    35:d3:bd:3c:51:cb:00:52:89:4e:cf:26:84:a1:5d:
                    d0:78:d1:04:c3:73:52:3d:bb:6f:e3:a7:f8:d4:e7:
                    43:d8:1c:d7:85:f0:21:0e:c4:13:e1:08:78:9f:29:
                    50:82:73:9d:52:f9:e7:a2:b9:79:2d:20:fb:98:23:
                    f3:6e:8f:8f:eb:7d:d2:7b:ac:9c:c9:49:07:79:ad:
                    a1:13:70:37:fd:74:d9:37:68:57:18:54:62:c6:45:
                    a4:a4:99:9c:da:cf:3f:e0:08:6e:c9:a3:d1:70:21:
                    01:cb:0a:c0:89:81:7e:59:4d:03:d5:e7:18:27:c2:
                    46:65:9f:56:d6:ec:0d:11:7f:be:cc:a1:14:ed:3a:
                    2f:46:e4:71:96:36:51:4b:57:6e:1e:2a:40:70:ff:
                    05:41:e8:b8:a8:30:04:5a:a2:6e:bf:6d:69:5d:bd:
                    3c:6f:3b:2d:b7:cd:60:2a:54:bb:11:09:ab:3d:98:
                    b9:b3:04:12:86:ff:5b:bf:10:51:e3:2e:cc:8c:fc:
                    e3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0F:53:87:45:83:52:51:E7:C3:32:9F:15:F7:22:04:47:14:69:F0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ng9Th0WDUlHnwzKfFfciBEcUafA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6b:97:16:4d:8a:92:58:55:b9:94:9f:18:33:26:2f:23:f1:
         47:96:e2:ef:26:fe:2b:d3:d3:24:7c:9e:73:bf:2b:47:35:57:
         f1:6a:ff:83:d9:1a:cb:85:50:ae:dd:ce:15:96:f7:8b:40:61:
         7b:3d:b6:91:96:4a:56:cd:2e:ed:55:94:d7:94:75:a8:e5:0e:
         1c:27:2a:ea:21:e3:c9:82:17:16:b2:2a:1e:a9:d4:5e:5a:e9:
         ff:57:cb:5c:94:96:b4:07:e2:3c:6d:27:82:4a:67:8e:fd:94:
         33:16:1c:dd:a4:a9:72:c2:72:8b:b9:75:01:8c:01:a5:b7:5d:
         04:6f:64:69:8b:c2:bb:77:5c:aa:d1:02:29:ee:4e:49:bb:dc:
         ee:ae:17:20:84:91:b2:c3:76:43:38:c6:c7:cc:94:76:60:ed:
         7a:93:bf:73:8b:22:21:6a:9a:07:f1:e3:5e:ef:82:5c:a1:57:
         08:84:c2:23:51:e0:60:67:0f:92:b9:52:58:20:3c:db:7d:90:
         85:b2:c0:9d:d4:d7:0c:ae:70:9b:64:48:45:b9:85:48:43:5d:
         d7:21:4c:75:54:e3:59:aa:22:93:f6:5a:b9:66:f0:33:72:1b:
         73:84:ba:ea:09:7a:34:b8:9c:9a:60:cb:51:64:fe:eb:aa:8d:
         92:04:62:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJM2uHPMqFQ2azqjGPS6uEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzE0MTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjBmNTM4NzQ1ODM1MjUxZTdjMzMyOWYxNWY3MjIwNDQ3MTQ2OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6NN7/0a/nkDIOOAH+ZdNxbjICxW
cAwMqug/ILHmZr/kij3pv9ii833x+O41WFfkmWCU1nwE9Ei/RNE10708UcsAUolO
zyaEoV3QeNEEw3NSPbtv46f41OdD2BzXhfAhDsQT4Qh4nylQgnOdUvnnorl5LSD7
mCPzbo+P633Se6ycyUkHea2hE3A3/XTZN2hXGFRixkWkpJmc2s8/4AhuyaPRcCEB
ywrAiYF+WU0D1ecYJ8JGZZ9W1uwNEX++zKEU7TovRuRxljZRS1duHipAcP8FQei4
qDAEWqJuv21pXb08bzstt81gKlS7EQmrPZi5swQShv9bvxBR4y7MjPzjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYPU4dFg1JR58MynxX3IgRHFGnwMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTmc5VGgwV0RVbEhud3pLZkZmY2lCRWNVYWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXJKMA0G
CSqGSIb3DQEBCwUAA4IBAQBNa5cWTYqSWFW5lJ8YMyYvI/FHluLvJv4r09MkfJ5z
vytHNVfxav+D2RrLhVCu3c4VlveLQGF7PbaRlkpWzS7tVZTXlHWo5Q4cJyrqIePJ
ghcWsioeqdReWun/V8tclJa0B+I8bSeCSmeO/ZQzFhzdpKlywnKLuXUBjAGlt10E
b2Rpi8K7d1yq0QIp7k5Ju9zurhcghJGyw3ZDOMbHzJR2YO16k79ziyIhapoH8eNe
74JcoVcIhMIjUeBgZw+SuVJYIDzbfZCFssCd1NcMrnCbZEhFuYVIQ13XIUx1VONZ
qiKT9lq5ZvAzchtzhLrqCXo0uJyaYMtRZP7rqo2SBGKJ
-----END CERTIFICATE-----