Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/N5frg4PxFVrteIUY-6B1q8jTrrQ.roa
File:                     N5frg4PxFVrteIUY-6B1q8jTrrQ.roa (raw, json)
Hash identifier:          zBzA8w8OVD1j2Qe1/KclCaH71Qds5SeIx0eG72VtjJo=
Subject key identifier:   37:97:EB:83:83:F1:15:5A:ED:78:85:18:FB:A0:75:AB:C8:D3:AE:B4
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019A0BEFE7C7DE419E7C5CC9C9C1148D65CD
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/N5frg4PxFVrteIUY-6B1q8jTrrQ.roa
Signing time:             Wed 22 Oct 2025 12:41:03 +0000
ROA not before:           Wed 22 Oct 2025 12:41:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.253.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          185.221.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:ef:e7:c7:de:41:9e:7c:5c:c9:c9:c1:14:8d:65:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct 22 12:41:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3797eb8383f1155aed788518fba075abc8d3aeb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f7:e3:ba:65:ce:0f:10:26:65:d9:d0:20:f2:
                    8e:35:70:8d:08:98:6b:fe:74:42:28:0d:0d:6b:45:
                    a8:6e:ea:b7:a9:19:ad:5e:05:bc:25:3b:30:03:1a:
                    ce:ca:93:0a:3b:91:be:ff:06:7c:18:31:b0:63:6b:
                    8b:82:13:a5:a6:ba:6a:c1:dd:8e:10:28:9e:6b:c5:
                    4f:fe:58:54:d2:45:1a:b3:5e:55:92:24:5f:66:fa:
                    d9:4b:63:48:1a:d3:77:74:0c:d8:10:6e:32:07:d5:
                    7e:f1:32:e1:ac:be:38:37:08:23:8a:21:84:5a:0f:
                    64:a4:f2:da:d3:1e:d6:d3:f0:ee:b5:83:3b:e7:60:
                    44:34:4c:62:b4:a8:0c:f2:9b:b7:5a:ce:c8:09:63:
                    20:4a:9f:1a:9c:a2:6e:9c:c2:fe:f0:03:f0:58:ac:
                    00:63:ae:1d:41:97:ce:cc:34:52:f3:76:34:dd:f3:
                    93:f2:b1:70:8a:d2:1d:53:98:ff:d1:04:18:73:9b:
                    d8:11:81:a3:92:36:37:9e:53:61:fc:83:7d:f3:e3:
                    02:6b:bd:09:67:d0:59:3e:41:14:10:b5:7c:f6:d1:
                    4e:de:b0:54:a0:89:04:70:0e:a2:98:72:34:cd:99:
                    c2:9e:76:2d:4d:10:6a:de:c4:0b:27:51:2b:de:63:
                    69:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:97:EB:83:83:F1:15:5A:ED:78:85:18:FB:A0:75:AB:C8:D3:AE:B4
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/N5frg4PxFVrteIUY-6B1q8jTrrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.253.0/24
                  185.199.213.0/24
                  185.221.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:8d:8d:de:ff:43:7e:fd:71:2a:3b:ae:f3:67:25:09:a3:23:
         53:f7:0e:3b:a5:82:1c:c2:55:df:7d:8d:f6:8b:31:9d:ed:7d:
         e5:cf:6d:18:6b:88:bf:aa:23:23:18:a2:16:c8:15:d3:aa:bb:
         e7:ea:2f:98:e6:4b:96:dc:ed:43:99:ab:40:28:f4:ba:f4:a3:
         fc:21:37:5a:25:e3:3e:de:ea:f7:d1:27:87:de:c9:ae:e9:ec:
         d8:05:da:c9:ac:8a:32:e7:0a:e3:01:86:ff:53:72:5c:86:e5:
         f8:81:96:aa:06:6b:bc:94:8c:e6:20:65:38:cc:29:fa:71:1c:
         d2:c2:0f:e9:fb:c6:cb:cb:2c:4c:5a:91:27:0f:30:87:dc:1d:
         a9:ff:48:66:3f:98:bd:8b:02:ea:4c:de:20:f4:ee:14:0c:06:
         55:db:99:8c:f2:26:7d:d1:15:03:16:b8:e7:5a:3b:12:4e:83:
         2d:8b:23:31:d0:5b:e4:9a:ab:65:d4:6a:b0:d8:30:1c:38:c0:
         b8:22:51:be:38:48:59:76:90:2d:29:d6:de:a1:0a:a1:9f:4e:
         9e:ee:a0:6e:b2:ad:3e:1e:e9:78:fc:bb:74:e5:5c:d8:42:65:
         f4:9c:7d:a4:43:37:5f:b9:26:2f:f7:63:12:05:49:2e:31:db:
         89:a3:c5:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoL7+fH3kGefFzJycEUjWXNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUxMDIyMTI0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk3ZWI4MzgzZjExNTVhZWQ3ODg1MThmYmEwNzVhYmM4ZDNhZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/fjumXODxAmZdnQIPKONXCNCJhr
/nRCKA0Na0Wobuq3qRmtXgW8JTswAxrOypMKO5G+/wZ8GDGwY2uLghOlprpqwd2O
ECiea8VP/lhU0kUas15VkiRfZvrZS2NIGtN3dAzYEG4yB9V+8TLhrL44NwgjiiGE
Wg9kpPLa0x7W0/DutYM752BENExitKgM8pu3Ws7ICWMgSp8anKJunML+8APwWKwA
Y64dQZfOzDRS83Y03fOT8rFwitIdU5j/0QQYc5vYEYGjkjY3nlNh/IN98+MCa70J
Z9BZPkEUELV89tFO3rBUoIkEcA6imHI0zZnCnnYtTRBq3sQLJ1Er3mNprQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDeX64OD8RVa7XiFGPugdavI0660MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvTjVmcmc0UHhGVnJ0ZUlVWS02QjFxOGpUcnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZv9AwQA
ucfVAwQAud0aMA0GCSqGSIb3DQEBCwUAA4IBAQA6jY3e/0N+/XEqO67zZyUJoyNT
9w47pYIcwlXffY32izGd7X3lz20Ya4i/qiMjGKIWyBXTqrvn6i+Y5kuW3O1DmatA
KPS69KP8ITdaJeM+3ur30SeH3smu6ezYBdrJrIoy5wrjAYb/U3JchuX4gZaqBmu8
lIzmIGU4zCn6cRzSwg/p+8bLyyxMWpEnDzCH3B2p/0hmP5i9iwLqTN4g9O4UDAZV
25mM8iZ90RUDFrjnWjsSToMtiyMx0Fvkmqtl1Gqw2DAcOMC4IlG+OEhZdpAtKdbe
oQqhn06e7qBusq0+Hul4/Lt05VzYQmX0nH2kQzdfuSYv92MSBUkuMduJo8Wl
-----END CERTIFICATE-----