Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NissBfXD-YeQlswUH65AysK6ORI.roa
File:                     NissBfXD-YeQlswUH65AysK6ORI.roa (raw, json)
Hash identifier:          alQDY5Y8LCWRHpNMehh4Zui+A7G6hcdnM47R7w/JwMw=
Subject key identifier:   36:2B:2C:05:F5:C3:F9:87:90:96:CC:14:1F:AE:40:CA:C2:BA:39:12
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0197A17F42AAF135C1A4F45D3F692775476F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NissBfXD-YeQlswUH65AysK6ORI.roa
Signing time:             Tue 24 Jun 2025 10:32:41 +0000
ROA not before:           Tue 24 Jun 2025 10:32:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        91.92.67.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:7f:42:aa:f1:35:c1:a4:f4:5d:3f:69:27:75:47:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 24 10:32:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=362b2c05f5c3f9879096cc141fae40cac2ba3912
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:76:fc:55:d6:2c:42:f6:0d:29:a1:09:b3:9e:
                    41:95:25:14:ae:c7:b8:22:99:86:f6:88:44:cc:39:
                    4b:f7:43:7e:82:34:06:21:58:4c:e9:42:c2:cb:fd:
                    1b:1a:85:09:0e:72:7f:79:5a:47:ea:21:32:dc:4d:
                    60:bf:3a:51:38:99:a2:75:45:10:d5:eb:46:d0:15:
                    19:80:f1:58:1f:7e:de:11:7d:27:ef:e4:1d:e4:ee:
                    b3:08:59:7a:76:ba:a9:4f:b5:eb:f2:ff:89:52:16:
                    52:b9:5c:49:b0:a8:20:7f:7e:cc:e5:6e:18:5b:aa:
                    cd:f1:0f:d5:46:d6:29:94:dc:84:aa:c9:32:14:a0:
                    bc:2b:d2:61:a2:a0:4f:9a:d0:2f:a9:f8:f1:bf:3f:
                    04:b9:52:4c:31:a0:bc:67:64:2f:da:26:37:89:b6:
                    d7:0e:31:a9:5d:eb:09:77:12:90:20:d4:1a:d9:3e:
                    fa:51:a6:a6:9f:3b:fa:40:dc:cc:c3:8f:53:05:99:
                    22:d1:2f:d6:b8:9b:70:11:56:e5:ba:58:dc:02:13:
                    2b:fd:57:9e:83:0a:8a:07:06:38:84:c2:4c:2e:bf:
                    ab:00:f4:32:0e:ec:6e:98:19:20:cd:53:74:f3:47:
                    48:91:63:fd:a1:46:33:d5:14:99:24:f0:3a:0a:36:
                    69:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:2B:2C:05:F5:C3:F9:87:90:96:CC:14:1F:AE:40:CA:C2:BA:39:12
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NissBfXD-YeQlswUH65AysK6ORI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.67.0/24
                  193.47.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:fe:5f:9c:3c:03:b2:a5:42:e7:9a:e0:e8:87:56:b9:2c:c6:
         fa:92:dc:96:8c:3b:b1:32:91:a5:c4:b3:67:76:de:f0:be:5d:
         74:32:e1:62:c0:7d:9f:35:5b:72:92:fa:99:b6:80:2d:92:f1:
         09:77:50:29:08:97:97:81:f8:0f:bb:75:5a:f4:71:c2:b3:d8:
         f8:e6:f0:da:bd:0f:19:8e:c1:c2:b2:04:49:de:ca:80:46:1a:
         be:82:89:e3:3b:f9:9a:43:b7:59:d1:fa:5d:22:9f:13:49:cb:
         bd:53:d5:01:18:8a:fc:b3:29:9a:07:cc:c8:b4:20:30:e9:1b:
         71:79:55:7e:a5:8f:36:c8:d7:a0:d0:42:a1:8e:24:43:94:f2:
         33:48:07:7f:47:41:d4:c6:97:6a:a9:0a:23:9b:fa:b9:77:9a:
         33:78:9e:1b:fa:16:60:a7:d8:89:b6:66:0f:6e:b8:0f:ef:87:
         21:41:50:fb:6c:76:a5:d3:0c:f4:0c:04:61:29:8e:4a:47:89:
         6b:5f:cf:ea:07:14:0d:8b:af:a1:d2:33:a1:48:19:b7:f4:8e:
         31:62:86:7d:8c:d6:5d:ef:bc:96:93:fd:32:c4:b8:a8:02:6f:
         e7:00:db:99:1c:68:ad:76:c4:82:46:ea:a9:be:40:18:41:63:
         bf:6d:30:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZehf0Kq8TXBpPRdP2kndUdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjI0MTAzMjQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjJiMmMwNWY1YzNmOTg3OTA5NmNjMTQxZmFlNDBjYWMyYmEzOTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnb8VdYsQvYNKaEJs55BlSUUrse4
IpmG9ohEzDlL90N+gjQGIVhM6ULCy/0bGoUJDnJ/eVpH6iEy3E1gvzpROJmidUUQ
1etG0BUZgPFYH37eEX0n7+Qd5O6zCFl6drqpT7Xr8v+JUhZSuVxJsKggf37M5W4Y
W6rN8Q/VRtYplNyEqskyFKC8K9JhoqBPmtAvqfjxvz8EuVJMMaC8Z2Qv2iY3ibbX
DjGpXesJdxKQINQa2T76Uaamnzv6QNzMw49TBZki0S/WuJtwEVbluljcAhMr/Vee
gwqKBwY4hMJMLr+rAPQyDuxumBkgzVN080dIkWP9oUYz1RSZJPA6CjZpiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDYrLAX1w/mHkJbMFB+uQMrCujkSMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTmlzc0JmWEQtWWVRbHN3VUg2NUF5c0s2T1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW1xDAwQA
wS8+MA0GCSqGSIb3DQEBCwUAA4IBAQCy/l+cPAOypULnmuDoh1a5LMb6ktyWjDux
MpGlxLNndt7wvl10MuFiwH2fNVtykvqZtoAtkvEJd1ApCJeXgfgPu3Va9HHCs9j4
5vDavQ8ZjsHCsgRJ3sqARhq+gonjO/maQ7dZ0fpdIp8TScu9U9UBGIr8symaB8zI
tCAw6RtxeVV+pY82yNeg0EKhjiRDlPIzSAd/R0HUxpdqqQojm/q5d5ozeJ4b+hZg
p9iJtmYPbrgP74chQVD7bHal0wz0DARhKY5KR4lrX8/qBxQNi6+h0jOhSBm39I4x
YoZ9jNZd77yWk/0yxLioAm/nANuZHGitdsSCRuqpvkAYQWO/bTDk
-----END CERTIFICATE-----