Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NQcuOOpONj3a9z3Dj-GLQbt0kDw.roa
File:                     NQcuOOpONj3a9z3Dj-GLQbt0kDw.roa (raw, json)
Hash identifier:          h+4HjzE0Tk7kU3sRXvD7Snt8R7jGw2sZzaJ0K3fjYVk=
Subject key identifier:   35:07:2E:38:EA:4E:36:3D:DA:F7:3D:C3:8F:E1:8B:41:BB:74:90:3C
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01990AAA7EE529CCFF89D4521301EC9CB90B
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NQcuOOpONj3a9z3Dj-GLQbt0kDw.roa
Signing time:             Tue 02 Sep 2025 13:42:49 +0000
ROA not before:           Tue 02 Sep 2025 13:42:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        86.110.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:aa:7e:e5:29:cc:ff:89:d4:52:13:01:ec:9c:b9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Sep  2 13:42:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35072e38ea4e363ddaf73dc38fe18b41bb74903c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e1:a1:31:97:99:e3:7e:e0:0c:76:a6:d6:9b:
                    a7:b2:eb:77:31:9a:c3:5b:7d:b9:69:cc:81:f7:8a:
                    a6:c6:22:31:fb:17:b1:67:5a:19:27:e0:41:a9:4f:
                    fe:cd:3a:7b:b0:e6:8f:2e:44:21:3a:2e:7f:f2:36:
                    bb:0a:ce:95:72:09:c8:3e:b8:87:61:a8:7d:22:94:
                    62:aa:07:87:c0:35:a6:76:09:c7:97:c0:f2:37:f8:
                    c5:31:94:43:2f:aa:84:91:3c:a7:c5:de:0a:78:7f:
                    87:c5:4f:ab:2a:23:58:4c:98:70:04:74:aa:cb:72:
                    cb:f6:7f:48:28:1c:0e:23:2a:6e:7d:5d:79:dd:48:
                    bf:76:ce:72:78:20:c1:67:cc:a2:22:ff:4e:26:92:
                    71:48:eb:00:e2:dd:1d:cd:e3:d8:b1:cd:36:4a:60:
                    fc:d3:db:e6:62:9b:98:d3:b8:fb:a5:45:59:61:0f:
                    be:9d:4e:87:a3:24:23:05:b8:71:fb:df:4b:03:4b:
                    32:7b:ee:cc:47:b0:3b:7d:5f:3c:bf:72:26:68:dc:
                    e9:e3:1b:5e:3a:67:75:94:62:26:67:b0:bf:db:43:
                    c8:6c:15:d3:bc:07:b0:8c:b1:cd:75:9b:99:ee:fd:
                    47:c2:6a:0b:da:7e:3a:fe:36:4b:66:2c:2e:a4:16:
                    c0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:07:2E:38:EA:4E:36:3D:DA:F7:3D:C3:8F:E1:8B:41:BB:74:90:3C
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NQcuOOpONj3a9z3Dj-GLQbt0kDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a3:01:d4:bb:75:b7:7d:3c:13:81:40:66:06:ea:1a:ab:26:
         00:9e:5a:f5:4d:a0:2d:69:04:2d:10:1b:d6:2d:69:07:96:50:
         a1:5f:03:7b:42:d0:fa:38:08:8d:ae:f0:a8:f1:73:2b:e7:71:
         a2:65:61:5c:f6:da:37:cc:8f:3f:12:19:cf:2d:a2:38:44:32:
         c2:d7:59:4f:f9:df:9b:1b:4f:3f:c5:d0:7a:f7:78:70:33:49:
         42:ea:75:d4:a0:f6:0c:0b:d5:6a:1b:e4:af:f0:63:48:40:f0:
         23:94:0c:ca:f1:36:00:a2:5a:50:cd:f9:37:27:8b:e2:84:08:
         3d:48:c0:07:d6:21:b0:25:e4:53:b7:cd:29:fb:b1:55:2f:a9:
         17:99:db:96:71:3f:b9:3f:69:51:69:8d:6e:f2:5d:cd:ab:eb:
         57:21:8c:fc:75:8c:8f:d0:4f:e1:65:85:4e:fe:33:65:bc:3f:
         b1:3d:8d:5f:ad:48:4d:75:c6:ad:6e:9e:f0:23:16:8f:93:8d:
         dd:10:c0:e0:df:da:59:ce:76:f5:43:99:30:ed:cc:80:59:4a:
         93:21:6a:9c:02:d9:bf:f1:3f:92:0e:3c:f3:0f:95:55:06:51:
         50:9e:52:fe:39:99:01:33:fb:88:a4:4c:cd:e4:b8:03:af:52:
         dc:80:85:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKqn7lKcz/idRSEwHsnLkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwOTAyMTM0MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA3MmUzOGVhNGUzNjNkZGFmNzNkYzM4ZmUxOGI0MWJiNzQ5MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eGhMZeZ437gDHam1punsut3MZrD
W325acyB94qmxiIx+xexZ1oZJ+BBqU/+zTp7sOaPLkQhOi5/8ja7Cs6VcgnIPriH
Yah9IpRiqgeHwDWmdgnHl8DyN/jFMZRDL6qEkTynxd4KeH+HxU+rKiNYTJhwBHSq
y3LL9n9IKBwOIypufV153Ui/ds5yeCDBZ8yiIv9OJpJxSOsA4t0dzePYsc02SmD8
09vmYpuY07j7pUVZYQ++nU6HoyQjBbhx+99LA0sye+7MR7A7fV88v3ImaNzp4xte
Omd1lGImZ7C/20PIbBXTvAewjLHNdZuZ7v1HwmoL2n46/jZLZiwupBbA1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUHLjjqTjY92vc9w4/hi0G7dJA8MB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvTlFjdU9PcE9OajNhOXozRGotR0xRYnQwa0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm40MA0G
CSqGSIb3DQEBCwUAA4IBAQACowHUu3W3fTwTgUBmBuoaqyYAnlr1TaAtaQQtEBvW
LWkHllChXwN7QtD6OAiNrvCo8XMr53GiZWFc9to3zI8/EhnPLaI4RDLC11lP+d+b
G08/xdB693hwM0lC6nXUoPYMC9VqG+Sv8GNIQPAjlAzK8TYAolpQzfk3J4vihAg9
SMAH1iGwJeRTt80p+7FVL6kXmduWcT+5P2lRaY1u8l3Nq+tXIYz8dYyP0E/hZYVO
/jNlvD+xPY1frUhNdcatbp7wIxaPk43dEMDg39pZznb1Q5kw7cyAWUqTIWqcAtm/
8T+SDjzzD5VVBlFQnlL+OZkBM/uIpEzN5LgDr1LcgIWe
-----END CERTIFICATE-----