Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NmVcJuNsw5hmW5QAqgljci_bYss.roa
File:                     NmVcJuNsw5hmW5QAqgljci_bYss.roa (raw, json)
Hash identifier:          mH7A+Gd53Mm5pgKWEuw5M3mp3xNVnXcvUTYC1Aw35j0=
Subject key identifier:   36:65:5C:26:E3:6C:C3:98:66:5B:94:00:AA:09:63:72:2F:DB:62:CB
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019A24D30FA74E7F5AA95A91C888BC3418E6
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NmVcJuNsw5hmW5QAqgljci_bYss.roa
Signing time:             Mon 27 Oct 2025 08:40:03 +0000
ROA not before:           Mon 27 Oct 2025 08:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        158.173.129.0/24 maxlen: 24
                          158.173.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:24:d3:0f:a7:4e:7f:5a:a9:5a:91:c8:88:bc:34:18:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct 27 08:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36655c26e36cc398665b9400aa0963722fdb62cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f3:d5:19:80:26:dc:8c:a3:7b:ce:f8:3b:27:
                    46:9f:f6:cd:64:00:ff:a2:7f:e2:b0:7b:d8:70:a4:
                    c9:7d:d5:40:68:0c:52:93:65:73:0b:4e:e6:0c:90:
                    f5:61:1e:12:f8:3b:b9:a0:a0:ae:f2:1a:96:f7:b8:
                    db:14:a2:62:11:d4:a5:0b:db:2d:b3:a9:0c:26:11:
                    f2:10:f4:c9:96:d1:52:3e:14:4f:77:b9:33:15:b8:
                    54:6f:c1:cb:45:e9:e8:dd:b4:33:5a:fa:2b:d6:55:
                    bc:bb:a9:33:02:52:89:3f:99:a4:c9:27:06:b5:01:
                    e9:cd:bc:0c:bd:2c:8d:7b:7b:6b:15:3e:9a:64:06:
                    5a:57:91:48:0b:47:2b:e5:4d:88:7e:c4:18:91:08:
                    3a:8d:96:02:1a:28:2a:44:48:15:e8:3d:e8:f3:ff:
                    fc:52:c0:7a:c1:b6:9e:3f:2f:c4:c3:07:dc:34:09:
                    40:97:f4:48:cb:72:d5:97:89:e4:0e:ce:21:62:ae:
                    f6:6c:fb:a8:c8:ef:fc:04:13:16:5b:78:94:28:64:
                    d6:6b:60:80:ee:38:e7:e1:de:55:bd:0e:44:1b:30:
                    e8:96:42:76:85:7d:ce:37:14:d8:19:d9:6d:2d:c8:
                    20:4f:16:4e:b0:da:38:70:88:70:c4:70:1e:fd:93:
                    61:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:65:5C:26:E3:6C:C3:98:66:5B:94:00:AA:09:63:72:2F:DB:62:CB
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NmVcJuNsw5hmW5QAqgljci_bYss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.129.0-158.173.130.255

    Signature Algorithm: sha256WithRSAEncryption
         cf:fc:db:68:f7:78:a4:a8:4a:7b:da:de:d4:e6:98:56:df:69:
         3e:1e:36:fd:f0:5e:51:de:c6:2c:e9:82:15:80:c2:0f:e2:08:
         b9:26:d8:33:cf:68:ef:70:9b:35:0f:b8:cb:c2:a1:5a:58:44:
         c1:81:f8:87:52:99:5c:f5:7e:3a:a3:21:1a:01:d2:ea:47:92:
         39:f7:0e:7a:4c:df:31:1c:ce:51:42:59:9e:3d:f6:35:20:b3:
         d1:a3:71:cf:85:b7:25:ef:97:ca:64:5a:87:ae:87:4c:52:98:
         98:2f:fe:76:d1:c7:9e:55:fb:d2:44:de:0a:07:a4:00:af:45:
         69:9e:cb:b7:5b:8f:35:49:91:92:7c:c7:1d:00:eb:f5:d3:14:
         20:ca:ab:08:b7:ed:86:22:89:82:41:6a:67:aa:d8:bb:20:fd:
         e7:cb:b1:55:1b:c6:b1:16:53:6c:2f:8b:9c:15:8e:1c:fe:16:
         73:5b:c0:51:83:a5:db:44:9e:ae:15:63:fe:55:c4:86:09:65:
         29:c4:d6:60:10:27:aa:d4:45:85:4d:8c:b5:6d:95:3c:f9:5d:
         fa:60:2e:32:61:46:8e:2d:c9:e2:e4:be:fa:2b:c3:d2:15:da:
         89:6a:f0:8d:e4:e1:4b:6b:8d:cc:b9:5f:18:07:3e:a8:3a:b6:
         25:36:e9:3e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZok0w+nTn9aqVqRyIi8NBjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMDI3MDg0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY1NWMyNmUzNmNjMzk4NjY1Yjk0MDBhYTA5NjM3MjJmZGI2MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/PVGYAm3Iyje874OydGn/bNZAD/
on/isHvYcKTJfdVAaAxSk2VzC07mDJD1YR4S+Du5oKCu8hqW97jbFKJiEdSlC9st
s6kMJhHyEPTJltFSPhRPd7kzFbhUb8HLReno3bQzWvor1lW8u6kzAlKJP5mkyScG
tQHpzbwMvSyNe3trFT6aZAZaV5FIC0cr5U2IfsQYkQg6jZYCGigqREgV6D3o8//8
UsB6wbaePy/EwwfcNAlAl/RIy3LVl4nkDs4hYq72bPuoyO/8BBMWW3iUKGTWa2CA
7jjn4d5VvQ5EGzDolkJ2hX3ONxTYGdltLcggTxZOsNo4cIhwxHAe/ZNhXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDZlXCbjbMOYZluUAKoJY3Iv22LLMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvTm1WY0p1TnN3NWhtVzVRQXFnbGpjaV9iWXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACerYED
BACerYIwDQYJKoZIhvcNAQELBQADggEBAM/822j3eKSoSnva3tTmmFbfaT4eNv3w
XlHexizpghWAwg/iCLkm2DPPaO9wmzUPuMvCoVpYRMGB+IdSmVz1fjqjIRoB0upH
kjn3DnpM3zEczlFCWZ499jUgs9Gjcc+FtyXvl8pkWoeuh0xSmJgv/nbRx55V+9JE
3goHpACvRWmey7dbjzVJkZJ8xx0A6/XTFCDKqwi37YYiiYJBameq2Lsg/efLsVUb
xrEWU2wvi5wVjhz+FnNbwFGDpdtEnq4VY/5VxIYJZSnE1mAQJ6rURYVNjLVtlTz5
XfpgLjJhRo4tyeLkvvorw9IV2olq8I3k4Utrjcy5XxgHPqg6tiU26T4=
-----END CERTIFICATE-----