Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/ntSNkDLsiCpxMy0f_xBIaNqYA5o.roa
File:                     ntSNkDLsiCpxMy0f_xBIaNqYA5o.roa (raw, json)
Hash identifier:          UPsCyhMv7EfaVA+mv6xTlpAFUhTpPy5obKqRjSyu1jU=
Subject key identifier:   9E:D4:8D:90:32:EC:88:2A:71:33:2D:1F:FF:10:48:68:DA:98:03:9A
Certificate issuer:       /CN=c2006acc05f9dc451ea0d44e8727db470b928794
Certificate serial:       019A6FEE9311B9305F525BEC998FD6F2E943
Authority key identifier: C2:00:6A:CC:05:F9:DC:45:1E:A0:D4:4E:87:27:DB:47:0B:92:87:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/ntSNkDLsiCpxMy0f_xBIaNqYA5o.roa
Signing time:             Mon 10 Nov 2025 22:41:37 +0000
ROA not before:           Mon 10 Nov 2025 22:41:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198763
IP address blocks:        45.133.48.0/22 maxlen: 24
                          95.129.124.0/24 maxlen: 24
                          95.129.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6f:ee:93:11:b9:30:5f:52:5b:ec:99:8f:d6:f2:e9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2006acc05f9dc451ea0d44e8727db470b928794
        Validity
            Not Before: Nov 10 22:41:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ed48d9032ec882a71332d1fff104868da98039a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3e:02:a4:10:3d:37:5a:08:e1:90:34:f3:4f:
                    c0:37:42:07:7a:9c:ef:00:a9:9e:cd:3e:15:ad:8e:
                    f0:cf:fd:aa:09:fc:bc:4b:b8:dc:07:97:0f:86:1b:
                    67:ce:a9:be:9d:f5:25:b7:49:93:55:44:64:88:bb:
                    de:e0:fa:33:dc:fb:cb:b9:82:a6:3b:74:ed:b1:88:
                    4a:b0:a8:0e:53:80:4e:de:51:f6:eb:36:21:77:13:
                    32:4a:87:b7:7d:5d:d1:1a:1b:56:34:6f:2e:df:d1:
                    56:52:50:8f:b5:43:97:8c:4f:8d:50:2f:29:61:14:
                    a5:07:87:d5:6a:54:15:0e:50:b7:89:2e:84:f8:2d:
                    ea:4a:58:1b:f1:8a:20:d5:dc:4e:e5:e5:de:7e:38:
                    b5:f7:a7:2d:a7:6b:60:ab:0a:49:a0:86:74:ad:ae:
                    46:60:4c:6e:74:e1:d7:75:0a:33:39:62:fd:61:65:
                    9a:9f:4b:10:98:1d:33:fa:65:b4:58:fa:ce:1f:de:
                    3e:6f:fa:a6:7a:b2:3a:50:06:18:c5:1e:92:61:93:
                    9b:c8:a9:db:b8:ab:ad:39:b3:29:ef:85:ae:13:9f:
                    cb:94:ef:dc:ed:3b:e4:9a:0c:bb:ad:e1:9f:be:f4:
                    32:d9:38:4c:9e:0a:f1:69:f2:05:ac:6d:68:68:a9:
                    55:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D4:8D:90:32:EC:88:2A:71:33:2D:1F:FF:10:48:68:DA:98:03:9A
            X509v3 Authority Key Identifier:
                keyid:C2:00:6A:CC:05:F9:DC:45:1E:A0:D4:4E:87:27:DB:47:0B:92:87:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wgBqzAX53EUeoNROhyfbRwuSh5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/ntSNkDLsiCpxMy0f_xBIaNqYA5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/23b72f-9de4-4706-8e32-f991f90090c6/1/wgBqzAX53EUeoNROhyfbRwuSh5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.48.0/22
                  95.129.124.0/24
                  95.129.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:b0:fd:f9:a2:67:ab:0d:c6:01:9c:20:ed:1f:98:a4:c8:8a:
         fb:76:b3:d1:15:1b:ad:c9:18:5b:fc:51:69:0b:03:49:f4:bb:
         61:bc:dd:0d:0b:e3:44:11:8d:ff:f7:43:56:08:26:29:89:77:
         b8:7b:f0:63:49:74:e6:67:bd:52:32:19:b5:cf:db:29:84:16:
         83:d5:8e:7c:7c:88:bc:db:81:84:a0:fa:50:72:ee:51:e7:75:
         6e:a2:dc:9c:8a:db:aa:fe:05:cb:da:23:47:6f:b4:62:7c:9e:
         f9:07:f3:c8:8f:00:08:18:aa:49:e0:7f:9e:20:5a:20:41:17:
         2d:b6:5d:4c:bc:24:4c:74:4f:64:9f:70:de:6c:98:cf:1d:fa:
         7a:54:c8:6b:cc:a6:04:bf:c5:5a:c9:aa:e0:44:a8:58:4d:3c:
         60:dd:30:bf:cb:72:fd:fd:7d:fc:29:0b:58:1d:a3:ab:d5:84:
         ad:ea:b2:e9:65:4e:7e:8c:de:0f:fd:8c:37:5a:44:8a:9b:0b:
         fe:1a:92:a3:c0:f8:f3:3d:59:03:c4:10:74:9e:af:d4:54:78:
         eb:25:c7:7c:7b:32:60:79:96:0f:d1:a2:c9:02:60:4f:78:f1:
         ee:5a:26:0e:13:83:b7:dd:77:50:8d:9e:ab:53:83:0a:2c:e0:
         b0:9b:95:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpv7pMRuTBfUlvsmY/W8ulDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMDA2YWNjMDVmOWRjNDUxZWEwZDQ0ZTg3MjdkYjQ3MGI5
Mjg3OTQwHhcNMjUxMTEwMjI0MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ0OGQ5MDMyZWM4ODJhNzEzMzJkMWZmZjEwNDg2OGRhOTgwMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6z4CpBA9N1oI4ZA080/AN0IHepzv
AKmezT4VrY7wz/2qCfy8S7jcB5cPhhtnzqm+nfUlt0mTVURkiLve4Poz3PvLuYKm
O3TtsYhKsKgOU4BO3lH26zYhdxMySoe3fV3RGhtWNG8u39FWUlCPtUOXjE+NUC8p
YRSlB4fValQVDlC3iS6E+C3qSlgb8Yog1dxO5eXefji196ctp2tgqwpJoIZ0ra5G
YExudOHXdQozOWL9YWWan0sQmB0z+mW0WPrOH94+b/qmerI6UAYYxR6SYZObyKnb
uKutObMp74WuE5/LlO/c7Tvkmgy7reGfvvQy2ThMngrxafIFrG1oaKlVTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ7UjZAy7IgqcTMtH/8QSGjamAOaMB8GA1UdIwQY
MBaAFMIAaswF+dxFHqDUTocn20cLkoeUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2dCcXpBWDUzRVVlb05ST2h5ZmJSd3VTaDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yM2I3MmYtOWRlNC00NzA2LThlMzIt
Zjk5MWY5MDA5MGM2LzEvbnRTTmtETHNpQ3B4TXkwZl94QklhTnFZQTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yM2I3MmYtOWRlNC00NzA2LThlMzItZjk5MWY5MDA5MGM2
LzEvd2dCcXpBWDUzRVVlb05ST2h5ZmJSd3VTaDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYUwAwQA
X4F8AwQAX4F/MA0GCSqGSIb3DQEBCwUAA4IBAQCrsP35omerDcYBnCDtH5ikyIr7
drPRFRutyRhb/FFpCwNJ9LthvN0NC+NEEY3/90NWCCYpiXe4e/BjSXTmZ71SMhm1
z9sphBaD1Y58fIi824GEoPpQcu5R53Vuotycituq/gXL2iNHb7RifJ75B/PIjwAI
GKpJ4H+eIFogQRcttl1MvCRMdE9kn3DebJjPHfp6VMhrzKYEv8VayargRKhYTTxg
3TC/y3L9/X38KQtYHaOr1YSt6rLpZU5+jN4P/Yw3WkSKmwv+GpKjwPjzPVkDxBB0
nq/UVHjrJcd8ezJgeZYP0aLJAmBPePHuWiYOE4O33XdQjZ6rU4MKLOCwm5UJ
-----END CERTIFICATE-----