Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/cNpsuEdy75_VLCwx9H2G4E0jxIM.roa
File:                     cNpsuEdy75_VLCwx9H2G4E0jxIM.roa (raw, json)
Hash identifier:          YFM9pG5sIKc2goiau2tIUXm6Ye7rVx/7GcQ6nMZo6k4=
Subject key identifier:   70:DA:6C:B8:47:72:EF:9F:D5:2C:2C:31:F4:7D:86:E0:4D:23:C4:83
Certificate issuer:       /CN=10fe683b1d7e47b7c7eda15501627b70920853a1
Certificate serial:       0199354EB94B4486454D198908E764399A99
Authority key identifier: 10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/cNpsuEdy75_VLCwx9H2G4E0jxIM.roa
Signing time:             Wed 10 Sep 2025 20:26:15 +0000
ROA not before:           Wed 10 Sep 2025 20:26:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209800
IP address blocks:        158.94.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:35:4e:b9:4b:44:86:45:4d:19:89:08:e7:64:39:9a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10fe683b1d7e47b7c7eda15501627b70920853a1
        Validity
            Not Before: Sep 10 20:26:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70da6cb84772ef9fd52c2c31f47d86e04d23c483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:46:29:d9:d3:3b:46:e0:0f:96:37:6a:2a:4d:
                    11:69:d9:73:07:84:77:fe:ed:ca:df:a5:7e:48:e8:
                    cb:51:e7:16:01:70:57:5c:11:1b:ba:93:99:61:22:
                    7e:16:b7:0a:fa:15:70:4b:ce:da:d2:06:e8:9f:b4:
                    75:d3:f8:ee:1e:4c:16:2b:5c:b8:67:52:64:54:29:
                    4a:3d:67:91:97:f6:6d:62:91:09:f3:5f:2a:39:88:
                    91:f7:24:b0:34:ed:b8:55:30:3f:d7:56:19:0d:f5:
                    0f:ff:90:33:3e:47:f0:bc:7d:e0:95:83:54:af:ef:
                    b5:e3:8a:31:11:8f:74:c9:4f:e5:c1:99:e0:33:04:
                    4a:8f:31:da:c5:1a:9e:14:f4:01:61:50:4f:90:aa:
                    e5:a9:18:98:2f:14:0f:19:c0:b9:fb:ed:8c:bc:63:
                    d1:92:62:79:c1:7f:34:63:00:3f:52:a8:21:58:19:
                    a8:45:46:73:19:74:8a:83:73:51:c8:b2:e6:71:17:
                    ab:0e:77:2d:87:88:57:8e:b1:c0:10:02:ef:8d:13:
                    a3:c8:4e:b9:03:7d:e5:39:ef:92:2a:fb:69:da:c7:
                    60:1a:18:d3:3b:05:01:c0:68:1e:0e:a8:79:71:d3:
                    96:bf:56:cd:f8:3b:b3:66:5e:e3:54:b1:3c:30:cb:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:DA:6C:B8:47:72:EF:9F:D5:2C:2C:31:F4:7D:86:E0:4D:23:C4:83
            X509v3 Authority Key Identifier:
                keyid:10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/cNpsuEdy75_VLCwx9H2G4E0jxIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:15:52:56:99:32:c6:02:ba:b5:f2:e5:fc:1e:55:ec:ed:e5:
         b6:56:9e:d3:6a:05:74:f0:ba:81:32:b8:7e:0e:1f:46:09:30:
         53:15:17:25:87:02:0e:aa:86:b3:c0:64:ae:ba:99:6a:e8:9f:
         f0:b0:d5:be:f9:99:94:2e:e9:13:8c:3f:91:ca:77:68:b3:18:
         5c:13:bd:80:69:3b:57:55:b8:5c:79:b0:4c:0b:22:af:e0:75:
         53:f0:60:c9:b2:68:bb:f9:08:b6:07:ff:9e:94:b4:ff:15:23:
         34:1c:34:d0:9f:b6:cd:db:a3:66:bc:25:3d:ed:32:11:83:a1:
         42:d3:69:ec:8c:20:b6:d5:d5:c2:50:1a:8e:75:cf:28:8c:fe:
         34:30:41:fd:03:81:ac:c5:47:9c:08:4e:11:69:f9:d1:4e:9e:
         46:73:4d:a9:1a:41:6a:ef:eb:62:23:c9:67:35:82:01:cc:9f:
         82:f6:e4:be:d4:6e:c8:ed:d2:32:22:a2:c1:99:e2:6c:4c:82:
         08:20:f4:78:20:9b:0e:74:5a:18:cf:a8:17:67:72:fd:0c:f5:
         2f:3e:83:31:07:ce:87:7d:e4:10:ec:a8:b1:e3:b8:fc:a5:86:
         ce:f5:db:15:48:3a:46:18:10:0d:d5:7a:e9:db:25:45:5f:85:
         c3:e6:9a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk1TrlLRIZFTRmJCOdkOZqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZmU2ODNiMWQ3ZTQ3YjdjN2VkYTE1NTAxNjI3YjcwOTIw
ODUzYTEwHhcNMjUwOTEwMjAyNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGRhNmNiODQ3NzJlZjlmZDUyYzJjMzFmNDdkODZlMDRkMjNjNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0Yp2dM7RuAPljdqKk0RadlzB4R3
/u3K36V+SOjLUecWAXBXXBEbupOZYSJ+FrcK+hVwS87a0gbon7R10/juHkwWK1y4
Z1JkVClKPWeRl/ZtYpEJ818qOYiR9ySwNO24VTA/11YZDfUP/5AzPkfwvH3glYNU
r++144oxEY90yU/lwZngMwRKjzHaxRqeFPQBYVBPkKrlqRiYLxQPGcC5++2MvGPR
kmJ5wX80YwA/UqghWBmoRUZzGXSKg3NRyLLmcRerDncth4hXjrHAEALvjROjyE65
A33lOe+SKvtp2sdgGhjTOwUBwGgeDqh5cdOWv1bN+DuzZl7jVLE8MMv3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDabLhHcu+f1SwsMfR9huBNI8SDMB8GA1UdIwQY
MBaAFBD+aDsdfke3x+2hVQFie3CSCFOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTIt
YzRiZWZiMjU2MjJjLzEvY05wc3VFZHk3NV9WTEN3eDlIMkc0RTBqeElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTItYzRiZWZiMjU2MjJj
LzEvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnl7QMA0G
CSqGSIb3DQEBCwUAA4IBAQBeFVJWmTLGArq18uX8HlXs7eW2Vp7TagV08LqBMrh+
Dh9GCTBTFRclhwIOqoazwGSuuplq6J/wsNW++ZmULukTjD+RyndosxhcE72AaTtX
VbhcebBMCyKv4HVT8GDJsmi7+Qi2B/+elLT/FSM0HDTQn7bN26NmvCU97TIRg6FC
02nsjCC21dXCUBqOdc8ojP40MEH9A4GsxUecCE4RafnRTp5Gc02pGkFq7+tiI8ln
NYIBzJ+C9uS+1G7I7dIyIqLBmeJsTIIIIPR4IJsOdFoYz6gXZ3L9DPUvPoMxB86H
feQQ7Kix47j8pYbO9dsVSDpGGBAN1Xrp2yVFX4XD5po4
-----END CERTIFICATE-----