Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/NCM3clu2kUX1FywCV-rdbSiyAwg.roa
File:                     NCM3clu2kUX1FywCV-rdbSiyAwg.roa (raw, json)
Hash identifier:          lqUVwqTm2F0EVVgAq9uFKVlQ5ZkdzUvkJ/HuRhL+GWA=
Subject key identifier:   34:23:37:72:5B:B6:91:45:F5:17:2C:02:57:EA:DD:6D:28:B2:03:08
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       0198E360BC074239C2A98DFDD13F23780044
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/NCM3clu2kUX1FywCV-rdbSiyAwg.roa
Signing time:             Mon 25 Aug 2025 22:37:04 +0000
ROA not before:           Mon 25 Aug 2025 22:37:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.151.98.0/23 maxlen: 23
                          94.137.76.0/23 maxlen: 23
                          94.137.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e3:60:bc:07:42:39:c2:a9:8d:fd:d1:3f:23:78:00:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Aug 25 22:37:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=342337725bb69145f5172c0257eadd6d28b20308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fd:96:f7:45:96:5a:92:bf:ed:c8:79:06:51:
                    a1:d2:e0:8a:da:96:f5:c8:17:30:c4:76:2b:aa:f8:
                    26:eb:00:0a:e9:45:32:a2:1b:d4:30:1e:b3:36:47:
                    79:2f:d9:45:36:59:00:6a:40:d9:b9:a3:54:d2:ea:
                    a2:ed:08:bd:73:2b:a5:53:98:b9:c3:58:e6:27:71:
                    33:95:35:67:64:44:ab:c7:c2:e3:76:de:63:bc:3a:
                    70:4a:c2:e2:67:e1:ce:6c:fd:0f:ac:df:57:54:c7:
                    8c:1a:8d:12:b7:ab:81:e9:6c:97:c6:5a:51:11:6d:
                    0f:85:1f:14:65:99:25:9e:44:72:b6:a9:68:01:01:
                    51:19:22:f5:db:1e:85:8a:ea:c9:1e:e5:fc:b1:b8:
                    13:21:5d:29:db:08:91:d8:70:75:3f:51:c3:10:c7:
                    cb:2a:c0:fc:fb:21:f4:a4:2a:dc:4c:7f:bf:0c:d5:
                    d0:2c:a8:b9:74:93:f0:0e:56:c9:71:fc:f0:6e:b0:
                    25:88:e2:a4:fd:0b:51:86:b4:c0:57:b5:7f:ad:da:
                    86:bf:b2:5a:e0:a7:5e:0d:aa:36:2a:bd:61:4c:5a:
                    45:46:b1:ac:dc:23:12:ca:34:5f:dd:4c:7f:9e:d9:
                    7d:c2:ce:46:f3:d5:32:1b:13:21:2c:d9:ee:58:22:
                    db:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:23:37:72:5B:B6:91:45:F5:17:2C:02:57:EA:DD:6D:28:B2:03:08
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/NCM3clu2kUX1FywCV-rdbSiyAwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.98.0/23
                  94.137.76.0/23
                  94.137.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:5b:88:9f:45:57:9a:c7:42:c3:46:e9:9b:72:ef:66:7c:6f:
         8e:c7:77:93:91:af:e6:a1:ba:4c:ca:c1:d8:d2:d9:f5:3d:ee:
         78:76:7a:21:1f:50:f2:9b:66:d2:4d:d3:63:bf:4c:11:d6:b8:
         ca:b8:c9:ad:55:3f:7d:8f:cc:14:a6:9f:f7:0d:81:0e:c0:59:
         d6:20:cc:31:6f:db:7d:ff:8d:f8:32:21:2c:54:04:65:e6:94:
         1f:7a:83:dd:5d:c5:ce:6c:2f:66:4c:51:7b:52:3f:f4:aa:1c:
         53:7d:99:24:91:f6:24:48:52:62:87:a6:26:61:b5:49:91:e2:
         08:e5:31:70:c0:f2:8a:21:4e:95:39:1b:f3:29:cb:69:42:3c:
         dc:62:1b:5a:3d:e7:20:bf:e1:6e:93:00:5c:55:b3:4c:26:ee:
         39:fb:34:07:9f:96:0c:3c:7e:8b:49:34:26:4f:1a:66:42:17:
         4b:f5:35:cd:77:82:e2:c7:25:9c:c3:ea:57:d5:7b:54:bc:2d:
         d8:f4:ca:b4:ba:53:59:c1:c0:0c:a4:0b:dd:43:f9:45:33:07:
         b3:c0:0b:a8:9d:e7:57:b3:ab:fe:ea:2f:e2:c8:2e:34:20:8b:
         84:b1:f0:22:82:5e:86:b7:7e:7d:e1:0e:64:35:aa:7f:06:a6:
         2d:fd:55:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjjYLwHQjnCqY390T8jeABEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwODI1MjIzNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIzMzc3MjViYjY5MTQ1ZjUxNzJjMDI1N2VhZGQ2ZDI4YjIwMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP2W90WWWpK/7ch5BlGh0uCK2pb1
yBcwxHYrqvgm6wAK6UUyohvUMB6zNkd5L9lFNlkAakDZuaNU0uqi7Qi9cyulU5i5
w1jmJ3EzlTVnZESrx8Ljdt5jvDpwSsLiZ+HObP0PrN9XVMeMGo0St6uB6WyXxlpR
EW0PhR8UZZklnkRytqloAQFRGSL12x6FiurJHuX8sbgTIV0p2wiR2HB1P1HDEMfL
KsD8+yH0pCrcTH+/DNXQLKi5dJPwDlbJcfzwbrAliOKk/QtRhrTAV7V/rdqGv7Ja
4KdeDao2Kr1hTFpFRrGs3CMSyjRf3Ux/ntl9ws5G89UyGxMhLNnuWCLbNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDQjN3JbtpFF9RcsAlfq3W0osgMIMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvTkNNM2NsdTJrVVgxRnl3Q1YtcmRiU2l5QXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZdiAwQB
XolMAwQBXoleMA0GCSqGSIb3DQEBCwUAA4IBAQAzW4ifRVeax0LDRumbcu9mfG+O
x3eTka/mobpMysHY0tn1Pe54dnohH1Dym2bSTdNjv0wR1rjKuMmtVT99j8wUpp/3
DYEOwFnWIMwxb9t9/434MiEsVARl5pQfeoPdXcXObC9mTFF7Uj/0qhxTfZkkkfYk
SFJih6YmYbVJkeII5TFwwPKKIU6VORvzKctpQjzcYhtaPecgv+FukwBcVbNMJu45
+zQHn5YMPH6LSTQmTxpmQhdL9TXNd4LixyWcw+pX1XtUvC3Y9Mq0ulNZwcAMpAvd
Q/lFMwezwAuonedXs6v+6i/iyC40IIuEsfAigl6Gt3594Q5kNap/BqYt/VXq
-----END CERTIFICATE-----