Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/NjP1-VxcjUYnG6zS7LVSKs7x9vY.roa
File:                     NjP1-VxcjUYnG6zS7LVSKs7x9vY.roa (raw, json)
Hash identifier:          SBm121KuisZ5EZTIvc68c0K3yTgGq/5rmdZ6mqu0hNg=
Subject key identifier:   36:33:F5:F9:5C:5C:8D:46:27:1B:AC:D2:EC:B5:52:2A:CE:F1:F6:F6
Certificate issuer:       /CN=15ce06b44d8dc43dc742c40de3bda8aa3744e2bd
Certificate serial:       019A05728A8768917702B5D7B07C87AA559C
Authority key identifier: 15:CE:06:B4:4D:8D:C4:3D:C7:42:C4:0D:E3:BD:A8:AA:37:44:E2:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/NjP1-VxcjUYnG6zS7LVSKs7x9vY.roa
Signing time:             Tue 21 Oct 2025 06:26:23 +0000
ROA not before:           Tue 21 Oct 2025 06:26:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        193.109.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 14:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:72:8a:87:68:91:77:02:b5:d7:b0:7c:87:aa:55:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ce06b44d8dc43dc742c40de3bda8aa3744e2bd
        Validity
            Not Before: Oct 21 06:26:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3633f5f95c5c8d46271bacd2ecb5522acef1f6f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:97:92:5a:d5:95:93:64:5e:e9:e8:24:54:78:
                    5e:c8:8a:16:af:d6:fb:c3:9c:42:ad:45:11:6c:0d:
                    ea:c1:de:57:d5:fe:bd:bb:2f:72:fb:c1:bf:a7:eb:
                    62:da:eb:44:34:a4:11:55:0e:c3:35:01:8d:bc:02:
                    6f:ac:2c:8f:9f:e8:e2:87:d9:ce:43:ce:ee:be:6b:
                    13:e2:b1:5a:73:cf:f1:3f:b0:22:07:dc:72:08:a4:
                    fe:06:2d:24:e2:e9:8a:db:ad:ef:eb:99:c2:32:9d:
                    c6:a9:a9:ca:6b:7c:77:7e:a8:53:b3:58:71:53:cd:
                    9b:e2:9a:ae:d6:21:f9:43:0d:63:43:c0:b7:ed:39:
                    eb:e0:6b:cb:07:93:b8:01:3d:00:a9:6c:21:be:26:
                    fc:8a:ee:f5:97:91:80:1d:b5:9b:42:df:47:1c:c8:
                    46:a9:7a:2d:aa:4f:9e:e4:61:54:52:44:df:c1:29:
                    49:e1:6e:4f:b5:d1:74:10:d7:fb:18:3e:84:bf:a7:
                    b8:da:a1:ec:87:44:d5:6f:48:c1:1e:6a:54:a2:fe:
                    f0:0d:de:8d:42:df:c4:00:c3:9a:62:8b:b1:8f:20:
                    a5:a0:89:36:db:29:50:f7:77:c3:2c:d8:7b:71:fb:
                    45:e9:2b:82:2e:5e:21:99:2a:de:01:7f:18:d2:f5:
                    4d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:33:F5:F9:5C:5C:8D:46:27:1B:AC:D2:EC:B5:52:2A:CE:F1:F6:F6
            X509v3 Authority Key Identifier:
                keyid:15:CE:06:B4:4D:8D:C4:3D:C7:42:C4:0D:E3:BD:A8:AA:37:44:E2:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fc4GtE2NxD3HQsQN472oqjdE4r0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/NjP1-VxcjUYnG6zS7LVSKs7x9vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/7bd927-b507-4363-9ada-dee4317f5b14/1/Fc4GtE2NxD3HQsQN472oqjdE4r0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:5b:05:26:b4:3f:62:28:1f:01:17:e2:a9:ac:1c:5a:76:99:
         35:13:35:b3:f4:49:f6:d5:ae:de:bf:a4:ca:cf:53:0e:03:a1:
         05:55:c9:90:26:a2:63:f9:bf:71:74:d4:57:42:e9:ee:4e:21:
         3e:8a:97:f1:76:1a:89:fa:06:27:e0:9e:0d:9d:f1:7c:ec:8d:
         47:46:40:b7:e8:cb:f3:71:b1:03:07:22:b4:72:98:56:d6:e9:
         ed:6f:e7:d6:92:6b:3f:90:50:b6:44:48:52:ab:ab:bf:a3:22:
         ca:33:2f:c8:49:06:76:01:38:a2:6c:a1:3e:76:10:82:bd:0c:
         2b:36:1b:c8:18:14:23:e1:21:33:2e:d5:77:63:4b:1f:ae:26:
         6c:0e:46:f8:b8:90:3c:1d:02:f4:d6:3e:77:70:bc:1b:b4:4c:
         3a:bc:e7:b7:ec:dc:b4:b7:7d:59:6f:99:58:5d:f6:35:ca:a0:
         cf:6e:fd:21:e3:00:22:bd:2e:1a:4c:83:66:53:b0:c8:d9:88:
         d5:0c:92:23:f2:a1:5f:e5:f4:d0:b2:92:20:26:14:bf:85:9d:
         70:e7:48:c8:0c:54:5b:d9:a7:f9:a1:09:f1:2a:23:19:9a:21:
         08:72:03:a3:a6:ab:1b:9d:26:8e:73:c4:fc:40:79:2c:e5:b6:
         73:cf:a5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoFcoqHaJF3ArXXsHyHqlWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Y2UwNmI0NGQ4ZGM0M2RjNzQyYzQwZGUzYmRhOGFhMzc0
NGUyYmQwHhcNMjUxMDIxMDYyNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjMzZjVmOTVjNWM4ZDQ2MjcxYmFjZDJlY2I1NTIyYWNlZjFmNmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5eSWtWVk2Re6egkVHheyIoWr9b7
w5xCrUURbA3qwd5X1f69uy9y+8G/p+ti2utENKQRVQ7DNQGNvAJvrCyPn+jih9nO
Q87uvmsT4rFac8/xP7AiB9xyCKT+Bi0k4umK263v65nCMp3GqanKa3x3fqhTs1hx
U82b4pqu1iH5Qw1jQ8C37Tnr4GvLB5O4AT0AqWwhvib8iu71l5GAHbWbQt9HHMhG
qXotqk+e5GFUUkTfwSlJ4W5PtdF0ENf7GD6Ev6e42qHsh0TVb0jBHmpUov7wDd6N
Qt/EAMOaYouxjyCloIk22ylQ93fDLNh7cftF6SuCLl4hmSreAX8Y0vVNdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYz9flcXI1GJxus0uy1UirO8fb2MB8GA1UdIwQY
MBaAFBXOBrRNjcQ9x0LEDeO9qKo3ROK9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmM0R3RFMk54RDNIUXNRTjQ3Mm9xamRFNHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83YmQ5MjctYjUwNy00MzYzLTlhZGEt
ZGVlNDMxN2Y1YjE0LzEvTmpQMS1WeGNqVVluRzZ6UzdMVlNLczd4OXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83YmQ5MjctYjUwNy00MzYzLTlhZGEtZGVlNDMxN2Y1YjE0
LzEvRmM0R3RFMk54RDNIUXNRTjQ3Mm9xamRFNHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3nMA0G
CSqGSIb3DQEBCwUAA4IBAQAfWwUmtD9iKB8BF+KprBxadpk1EzWz9En21a7ev6TK
z1MOA6EFVcmQJqJj+b9xdNRXQunuTiE+ipfxdhqJ+gYn4J4NnfF87I1HRkC36Mvz
cbEDByK0cphW1untb+fWkms/kFC2REhSq6u/oyLKMy/ISQZ2ATiibKE+dhCCvQwr
NhvIGBQj4SEzLtV3Y0sfriZsDkb4uJA8HQL01j53cLwbtEw6vOe37Ny0t31Zb5lY
XfY1yqDPbv0h4wAivS4aTINmU7DI2YjVDJIj8qFf5fTQspIgJhS/hZ1w50jIDFRb
2af5oQnxKiMZmiEIcgOjpqsbnSaOc8T8QHks5bZzz6VO
-----END CERTIFICATE-----