Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N6aWC8fvIO2_NkjbHmRy8q5zG1U.roa
File:                     N6aWC8fvIO2_NkjbHmRy8q5zG1U.roa (raw, json)
Hash identifier:          JNhiK9Wl/eDzPBSlARvOPLpJ9EUOTbiAIoU9aItApR8=
Subject key identifier:   37:A6:96:0B:C7:EF:20:ED:BF:36:48:DB:1E:64:72:F2:AE:73:1B:55
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019A3050A8064D17684328A1FE7B2863B8EB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N6aWC8fvIO2_NkjbHmRy8q5zG1U.roa
Signing time:             Wed 29 Oct 2025 14:13:03 +0000
ROA not before:           Wed 29 Oct 2025 14:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        85.217.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Nov 2025 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:30:50:a8:06:4d:17:68:43:28:a1:fe:7b:28:63:b8:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 29 14:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37a6960bc7ef20edbf3648db1e6472f2ae731b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bd:4e:b5:64:18:db:ea:a6:22:23:8d:7a:38:
                    4e:49:5d:ff:09:6d:8c:3d:aa:9b:82:35:a5:d2:7e:
                    00:a8:a1:cd:21:10:f5:7e:bb:af:37:13:70:90:88:
                    59:3d:71:ea:f5:d3:15:12:f4:eb:77:47:87:2e:a5:
                    1d:44:ef:ee:2b:a3:29:9e:86:e5:73:e9:c9:ee:f6:
                    d8:2c:66:14:07:4d:c5:2a:ca:81:8f:d9:f0:fd:be:
                    4c:a5:34:53:65:8e:cb:08:5e:df:90:c5:8b:65:b8:
                    47:b5:33:ea:f4:5c:70:aa:a8:b8:fa:25:99:09:61:
                    a9:5e:da:8f:a7:95:c4:27:f2:25:75:fd:a9:4b:e5:
                    30:c2:19:dd:92:81:ef:7d:d4:54:7a:89:37:d4:07:
                    3f:60:58:86:25:d1:3e:dc:3a:89:b8:99:2c:bc:fa:
                    3e:2b:c9:41:ed:81:d2:89:78:36:d8:07:76:58:c1:
                    a5:ed:69:db:32:65:d3:a3:93:65:df:c3:20:ba:8a:
                    c0:42:fc:c8:f4:34:df:91:08:fd:8d:0c:cd:b2:61:
                    56:71:c8:7e:c5:ba:8b:4a:9a:54:d6:15:c9:d6:93:
                    48:72:ff:28:32:2e:c0:f7:a0:4e:cb:02:69:c5:03:
                    64:60:15:90:0e:79:61:c8:6e:11:a5:54:e7:cb:54:
                    95:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A6:96:0B:C7:EF:20:ED:BF:36:48:DB:1E:64:72:F2:AE:73:1B:55
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N6aWC8fvIO2_NkjbHmRy8q5zG1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:1e:2d:ae:11:c7:f2:83:7d:d8:c4:ea:07:ad:b0:83:09:17:
         a9:6c:ec:ad:b4:dc:76:33:70:7a:5d:20:41:8b:80:49:cf:be:
         fd:95:45:29:5f:94:2f:bf:85:1e:18:dc:a6:af:0a:d5:85:39:
         09:15:0d:d2:68:60:8c:60:a7:ff:70:58:5a:f7:3a:22:ac:a7:
         35:80:05:ae:b1:13:c2:d9:8c:27:85:0d:73:43:87:c7:dc:85:
         1c:50:6d:60:85:8c:fd:46:fe:2a:ef:a6:13:a0:d7:39:4a:22:
         21:e8:ec:11:86:29:86:4e:d1:aa:45:e6:2d:dd:c1:ef:1d:6c:
         3f:bc:fd:24:e5:2b:bb:43:03:a4:ac:69:9a:ba:35:b8:f0:df:
         a7:96:6a:c9:06:25:d5:96:35:13:6b:13:85:5f:7a:23:fe:9e:
         38:42:74:a7:67:67:99:77:4e:35:97:7c:10:bb:c6:3f:43:30:
         d2:e0:7e:a5:e9:f3:39:d4:35:2f:cb:ad:32:e6:75:cb:c9:22:
         66:be:55:13:8d:92:3e:f5:04:30:59:37:72:52:cd:91:35:1e:
         9d:65:50:12:f1:ea:04:d2:7c:62:48:2f:2a:2e:a9:af:90:70:
         b5:fa:a4:67:a4:21:29:ce:37:8d:d3:6d:04:ce:02:84:44:50:
         7a:2a:73:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZowUKgGTRdoQyih/nsoY7jrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDI5MTQxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2E2OTYwYmM3ZWYyMGVkYmYzNjQ4ZGIxZTY0NzJmMmFlNzMxYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx71OtWQY2+qmIiONejhOSV3/CW2M
PaqbgjWl0n4AqKHNIRD1fruvNxNwkIhZPXHq9dMVEvTrd0eHLqUdRO/uK6Mpnobl
c+nJ7vbYLGYUB03FKsqBj9nw/b5MpTRTZY7LCF7fkMWLZbhHtTPq9Fxwqqi4+iWZ
CWGpXtqPp5XEJ/Ildf2pS+UwwhndkoHvfdRUeok31Ac/YFiGJdE+3DqJuJksvPo+
K8lB7YHSiXg22Ad2WMGl7WnbMmXTo5Nl38MguorAQvzI9DTfkQj9jQzNsmFWcch+
xbqLSppU1hXJ1pNIcv8oMi7A96BOywJpxQNkYBWQDnlhyG4RpVTny1SVbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDemlgvH7yDtvzZI2x5kcvKucxtVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTjZhV0M4ZnZJTzJfTmtqYkhtUnk4cTV6RzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdmnMA0G
CSqGSIb3DQEBCwUAA4IBAQBUHi2uEcfyg33YxOoHrbCDCRepbOyttNx2M3B6XSBB
i4BJz779lUUpX5Qvv4UeGNymrwrVhTkJFQ3SaGCMYKf/cFha9zoirKc1gAWusRPC
2YwnhQ1zQ4fH3IUcUG1ghYz9Rv4q76YToNc5SiIh6OwRhimGTtGqReYt3cHvHWw/
vP0k5Su7QwOkrGmaujW48N+nlmrJBiXVljUTaxOFX3oj/p44QnSnZ2eZd041l3wQ
u8Y/QzDS4H6l6fM51DUvy60y5nXLySJmvlUTjZI+9QQwWTdyUs2RNR6dZVAS8eoE
0nxiSC8qLqmvkHC1+qRnpCEpzjeN020EzgKERFB6KnPg
-----END CERTIFICATE-----