Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/NIsfNrgr61FvPf7cYDhBUlhxHyo.roa
File:                     NIsfNrgr61FvPf7cYDhBUlhxHyo.roa (raw, json)
Hash identifier:          erf8aKvQjphq5ECHQpzvwfDmeIXYw4ufNsUCtqSAry4=
Subject key identifier:   34:8B:1F:36:B8:2B:EB:51:6F:3D:FE:DC:60:38:41:52:58:71:1F:2A
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019A06DDAFCBAC9FB795AD3B616F8A5F47B4
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/NIsfNrgr61FvPf7cYDhBUlhxHyo.roa
Signing time:             Tue 21 Oct 2025 13:03:03 +0000
ROA not before:           Tue 21 Oct 2025 13:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        72.63.88.0/22 maxlen: 22
                          72.63.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 07:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:dd:af:cb:ac:9f:b7:95:ad:3b:61:6f:8a:5f:47:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Oct 21 13:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=348b1f36b82beb516f3dfedc6038415258711f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:e1:8c:02:21:b7:91:ab:c6:cc:5e:6e:a2:
                    a0:d1:03:8f:97:f9:dd:ca:f7:c1:7e:18:a4:bd:2d:
                    b3:78:8b:27:df:98:10:dd:fc:6f:8e:0f:80:69:b2:
                    6f:1c:97:fb:f5:9f:90:db:f3:7a:cb:d9:93:75:70:
                    f2:26:5e:42:b1:89:59:3e:8a:87:ce:b7:f3:1f:19:
                    a4:49:11:ae:cc:50:60:c6:c8:42:bd:d4:47:e6:d3:
                    f8:74:05:75:6f:4f:e9:83:57:b4:57:d5:be:1e:f7:
                    d5:18:d6:76:8a:61:d8:51:df:b2:5e:cd:3d:b3:b0:
                    41:6d:71:5f:80:81:d3:ac:ac:17:f2:de:a1:a1:cb:
                    bb:b4:7c:7c:9b:9c:a4:ad:d6:2f:29:c3:72:2a:61:
                    72:22:4d:92:08:e5:66:92:de:58:9b:12:46:3d:b6:
                    d9:73:03:71:8d:d0:82:6e:38:44:75:19:b7:a6:b4:
                    22:87:82:6c:99:df:54:d1:7c:7a:11:ec:8a:fd:10:
                    59:8e:6b:d6:7d:cd:73:92:d6:2f:0c:e5:00:55:ef:
                    bd:32:cb:51:64:74:34:15:8f:99:36:e9:e2:bf:f7:
                    92:6c:e4:60:61:92:34:b1:6f:e1:2c:4c:27:20:6e:
                    f9:72:2c:5a:cb:ea:f5:ca:82:d8:4a:c9:82:4f:23:
                    d3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8B:1F:36:B8:2B:EB:51:6F:3D:FE:DC:60:38:41:52:58:71:1F:2A
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/NIsfNrgr61FvPf7cYDhBUlhxHyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.63.88.0/22
                  72.63.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:06:86:73:ac:db:c4:e9:4a:be:1f:37:7f:a6:db:1c:08:c6:
         37:e9:dc:cb:50:46:5f:8f:d1:82:bf:90:ea:33:0f:12:14:89:
         02:6e:fa:07:f0:75:4c:3e:86:9a:c6:fc:1d:aa:09:6f:2f:6a:
         d6:9a:06:f8:99:ce:c2:8d:88:81:9e:bb:3e:0e:78:67:6e:40:
         be:0e:8f:c5:72:f0:1a:d5:71:50:7b:ce:a8:75:16:00:dc:91:
         74:a7:d0:3e:2d:96:d0:ad:81:6c:3b:08:43:5c:f9:41:3f:88:
         c2:87:ba:46:92:4d:a9:15:a0:67:69:60:c7:a3:6c:32:ba:5e:
         bd:7a:37:e8:5d:09:fd:c3:ca:b7:3d:33:e0:d4:18:74:41:bc:
         53:cc:08:14:91:7f:af:14:88:eb:0a:94:5e:51:91:66:d2:cc:
         3b:7c:5a:41:2b:b2:8b:42:64:9b:50:24:c9:66:96:9e:79:8d:
         9f:3d:99:1f:0f:72:12:77:9a:c0:18:ea:a2:17:04:11:d0:72:
         2d:64:d1:86:4f:d6:80:75:e9:3e:c3:3d:c0:69:89:94:75:67:
         40:c1:2f:e8:3c:12:41:5c:47:a6:45:45:cc:67:9d:9b:ae:53:
         cd:23:15:89:43:49:de:69:d8:a3:61:1b:48:e9:7a:91:7c:d2:
         0c:5c:78:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoG3a/LrJ+3la07YW+KX0e0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUxMDIxMTMwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhiMWYzNmI4MmJlYjUxNmYzZGZlZGM2MDM4NDE1MjU4NzExZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30ThjAIht5GrxsxebqKg0QOPl/nd
yvfBfhikvS2zeIsn35gQ3fxvjg+AabJvHJf79Z+Q2/N6y9mTdXDyJl5CsYlZPoqH
zrfzHxmkSRGuzFBgxshCvdRH5tP4dAV1b0/pg1e0V9W+HvfVGNZ2imHYUd+yXs09
s7BBbXFfgIHTrKwX8t6hocu7tHx8m5ykrdYvKcNyKmFyIk2SCOVmkt5YmxJGPbbZ
cwNxjdCCbjhEdRm3prQih4Jsmd9U0Xx6EeyK/RBZjmvWfc1zktYvDOUAVe+9MstR
ZHQ0FY+ZNuniv/eSbORgYZI0sW/hLEwnIG75cixay+r1yoLYSsmCTyPTzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDSLHza4K+tRbz3+3GA4QVJYcR8qMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvTklzZk5yZ3I2MUZ2UGY3Y1lEaEJVbGh4SHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCSD9YAwQC
SD/4MA0GCSqGSIb3DQEBCwUAA4IBAQAjBoZzrNvE6Uq+Hzd/ptscCMY36dzLUEZf
j9GCv5DqMw8SFIkCbvoH8HVMPoaaxvwdqglvL2rWmgb4mc7CjYiBnrs+DnhnbkC+
Do/FcvAa1XFQe86odRYA3JF0p9A+LZbQrYFsOwhDXPlBP4jCh7pGkk2pFaBnaWDH
o2wyul69ejfoXQn9w8q3PTPg1Bh0QbxTzAgUkX+vFIjrCpReUZFm0sw7fFpBK7KL
QmSbUCTJZpaeeY2fPZkfD3ISd5rAGOqiFwQR0HItZNGGT9aAdek+wz3AaYmUdWdA
wS/oPBJBXEemRUXMZ52brlPNIxWJQ0neadijYRtI6XqRfNIMXHjY
-----END CERTIFICATE-----