Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/NjwQaw6cGSA62FEIMXZVEfnmYHA.roa
File:                     NjwQaw6cGSA62FEIMXZVEfnmYHA.roa (raw, json)
Hash identifier:          VdZC8D9z93aWtA1IVYybwBtyAxHN+u20jiFNcSx/n9g=
Subject key identifier:   36:3C:10:6B:0E:9C:19:20:3A:D8:51:08:31:76:55:11:F9:E6:60:70
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       01997B15B44A3523423324D76E6C51BD63AB
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/NjwQaw6cGSA62FEIMXZVEfnmYHA.roa
Signing time:             Wed 24 Sep 2025 09:37:23 +0000
ROA not before:           Wed 24 Sep 2025 09:37:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        82.206.18.0/24 maxlen: 24
                          82.206.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:15:b4:4a:35:23:42:33:24:d7:6e:6c:51:bd:63:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Sep 24 09:37:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=363c106b0e9c19203ad8510831765511f9e66070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:db:00:d5:8b:3c:9b:64:8a:f2:41:9c:3c:96:
                    e2:c3:b1:c0:01:5a:e2:f2:5d:bf:da:36:5c:cd:55:
                    3d:e2:e8:36:ff:fe:70:38:d3:ce:05:2c:dc:54:33:
                    ae:75:a9:c6:84:0d:66:d0:1b:88:4f:92:96:1b:b9:
                    cb:98:b0:1a:03:df:e6:e0:2d:87:2b:c7:12:c8:a4:
                    60:91:4e:13:46:19:cf:79:d0:a1:af:ed:ef:35:8c:
                    be:e5:60:d2:09:4c:d2:c7:e1:5d:0a:3f:38:3a:23:
                    05:d9:f6:f8:7e:66:45:0a:6e:94:9c:9e:b2:84:36:
                    e2:77:44:01:39:41:62:d8:a9:fb:62:04:69:06:ff:
                    84:5a:bd:d2:28:0a:55:b8:e7:7b:28:91:69:a7:c3:
                    cb:b3:15:a0:71:66:54:d2:9c:ab:5c:3e:c0:f5:2a:
                    27:17:53:93:44:0a:3e:b0:38:1c:0d:02:e1:c6:e1:
                    60:21:33:46:de:f3:63:7e:d4:0a:8a:3b:d4:34:96:
                    0a:13:a7:c7:b3:81:20:2c:70:00:c9:87:54:23:90:
                    7b:49:b5:ce:5a:ce:1c:e2:3a:73:11:25:f1:eb:16:
                    46:2b:fc:f9:7a:1e:a8:7c:7c:31:4b:f9:22:87:8f:
                    3c:6e:f6:e4:ea:63:47:07:f9:c8:a1:18:eb:70:cf:
                    88:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3C:10:6B:0E:9C:19:20:3A:D8:51:08:31:76:55:11:F9:E6:60:70
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/NjwQaw6cGSA62FEIMXZVEfnmYHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.18.0/24
                  82.206.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:74:5d:86:2b:de:6a:eb:b6:18:86:5d:15:ff:35:a3:f8:
         e8:81:25:30:cb:41:e6:bf:66:c5:ff:eb:df:49:be:5e:4e:e8:
         79:ad:95:f8:b4:c0:bd:00:fd:48:74:a7:4c:6b:96:c4:6d:ba:
         36:6c:9a:ce:3e:3a:8d:04:3e:3e:a2:2f:0a:c8:12:93:f0:46:
         8a:f4:da:1f:82:94:09:81:a1:45:d8:ae:10:6c:d4:10:3b:97:
         1e:09:c6:7f:9e:c0:33:60:fe:88:39:e6:7c:a2:22:72:2c:d7:
         0c:44:2e:58:a2:5b:b0:82:8f:c6:72:e6:f7:9d:75:7a:48:98:
         5c:aa:23:fd:55:12:0e:ec:cd:7e:94:58:73:53:d2:30:ba:d4:
         c4:5c:f6:bc:8f:02:e5:8b:53:85:45:fc:5d:fc:f2:59:00:7f:
         a6:e2:73:04:de:80:1e:5c:ca:d0:00:ce:3c:bc:6e:b8:47:6c:
         1b:fe:25:20:58:f3:4b:b9:2d:7d:4d:63:ef:7d:69:1d:d9:69:
         4e:7b:f2:54:af:3a:ae:2d:b8:f9:77:7c:97:a2:90:db:15:ca:
         f9:b0:c7:3f:a7:a6:33:f0:8a:a7:df:6a:9e:dc:64:d5:90:fa:
         fd:8a:9a:7f:22:2f:81:4b:1f:ce:12:64:ff:ac:f9:bc:de:64:
         09:ce:2c:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl7FbRKNSNCMyTXbmxRvWOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjUwOTI0MDkzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNjMTA2YjBlOWMxOTIwM2FkODUxMDgzMTc2NTUxMWY5ZTY2MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9sA1Ys8m2SK8kGcPJbiw7HAAVri
8l2/2jZczVU94ug2//5wONPOBSzcVDOudanGhA1m0BuIT5KWG7nLmLAaA9/m4C2H
K8cSyKRgkU4TRhnPedChr+3vNYy+5WDSCUzSx+FdCj84OiMF2fb4fmZFCm6UnJ6y
hDbid0QBOUFi2Kn7YgRpBv+EWr3SKApVuOd7KJFpp8PLsxWgcWZU0pyrXD7A9Son
F1OTRAo+sDgcDQLhxuFgITNG3vNjftQKijvUNJYKE6fHs4EgLHAAyYdUI5B7SbXO
Ws4c4jpzESXx6xZGK/z5eh6ofHwxS/kih488bvbk6mNHB/nIoRjrcM+IrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDY8EGsOnBkgOthRCDF2VRH55mBwMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvTmp3UWF3NmNHU0E2MkZFSU1YWlZFZm5tWUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUs4SAwQA
Us5XMA0GCSqGSIb3DQEBCwUAA4IBAQAulXRdhiveauu2GIZdFf81o/jogSUwy0Hm
v2bF/+vfSb5eTuh5rZX4tMC9AP1IdKdMa5bEbbo2bJrOPjqNBD4+oi8KyBKT8EaK
9NofgpQJgaFF2K4QbNQQO5ceCcZ/nsAzYP6IOeZ8oiJyLNcMRC5Yoluwgo/Gcub3
nXV6SJhcqiP9VRIO7M1+lFhzU9IwutTEXPa8jwLli1OFRfxd/PJZAH+m4nME3oAe
XMrQAM48vG64R2wb/iUgWPNLuS19TWPvfWkd2WlOe/JUrzquLbj5d3yXopDbFcr5
sMc/p6Yz8Iqn32qe3GTVkPr9ipp/Ii+BSx/OEmT/rPm83mQJzixR
-----END CERTIFICATE-----