Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/NEgXAX_wlUMaQy2Alio_tXjqDko.roa
File:                     NEgXAX_wlUMaQy2Alio_tXjqDko.roa (raw, json)
Hash identifier:          AzGPeergn3UOGKBGdY9DWg2cAqJA+mog0I2Sf6Bpi0g=
Subject key identifier:   34:48:17:01:7F:F0:95:43:1A:43:2D:80:96:2A:3F:B5:78:EA:0E:4A
Certificate issuer:       /CN=2b3d5db900e081b213ea1f071ec5c00347a6fd95
Certificate serial:       0195EA94ED118DC40533FF31BD5174847F38
Authority key identifier: 2B:3D:5D:B9:00:E0:81:B2:13:EA:1F:07:1E:C5:C0:03:47:A6:FD:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kz1duQDggbIT6h8HHsXAA0em_ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/NEgXAX_wlUMaQy2Alio_tXjqDko.roa
Signing time:             Mon 31 Mar 2025 05:03:03 +0000
ROA not before:           Mon 31 Mar 2025 05:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1836
IP address blocks:        91.198.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/Kz1duQDggbIT6h8HHsXAA0em_ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/Kz1duQDggbIT6h8HHsXAA0em_ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kz1duQDggbIT6h8HHsXAA0em_ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ea:94:ed:11:8d:c4:05:33:ff:31:bd:51:74:84:7f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b3d5db900e081b213ea1f071ec5c00347a6fd95
        Validity
            Not Before: Mar 31 05:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=344817017ff095431a432d80962a3fb578ea0e4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:df:c3:ce:f7:f6:f7:26:d4:c1:c1:b5:a1:3c:
                    45:73:63:93:57:a7:85:d9:ff:d8:25:2a:c0:52:8c:
                    9c:00:cb:72:2e:72:36:fb:25:23:1b:45:14:26:2a:
                    4f:38:98:92:fa:73:54:13:a4:2f:c2:c6:01:50:c3:
                    21:f3:8f:52:ad:8f:0e:61:ea:43:da:53:37:52:ee:
                    a8:c3:06:7d:f8:17:6c:66:a8:bc:e1:08:51:46:35:
                    41:16:f6:81:41:18:d3:8f:7f:9a:74:02:25:f7:64:
                    12:0d:39:ef:36:d9:5a:c1:f1:50:b4:a1:4d:73:e9:
                    76:40:65:07:d4:12:ef:f1:24:03:72:17:05:8f:53:
                    d2:51:32:0e:84:e3:a8:d6:6f:5b:de:3c:a4:f4:e4:
                    b4:75:85:7a:35:d2:05:8a:73:71:7d:0d:f2:58:8a:
                    0d:c5:3a:b5:2e:40:33:4b:00:4e:a0:e9:a4:e2:0d:
                    43:bc:3f:91:e4:52:b1:94:ab:38:1c:08:b9:53:f6:
                    5b:33:11:6e:7f:90:c9:24:e0:61:02:d5:cb:a2:4e:
                    64:0c:43:b8:fc:8f:77:3a:19:55:b3:4d:03:3d:17:
                    2e:6c:ba:4b:f1:ae:35:11:65:c4:dd:86:3f:b0:20:
                    36:47:ef:b7:58:9f:5c:59:ef:5d:5d:2c:5d:31:b1:
                    a1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:48:17:01:7F:F0:95:43:1A:43:2D:80:96:2A:3F:B5:78:EA:0E:4A
            X509v3 Authority Key Identifier:
                keyid:2B:3D:5D:B9:00:E0:81:B2:13:EA:1F:07:1E:C5:C0:03:47:A6:FD:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kz1duQDggbIT6h8HHsXAA0em_ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/NEgXAX_wlUMaQy2Alio_tXjqDko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/65f8e2-f4ed-424d-9b91-47dd0c04b550/1/Kz1duQDggbIT6h8HHsXAA0em_ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:95:4f:72:46:46:ec:77:c5:ae:15:17:70:b2:d5:d1:b2:8d:
         6d:48:b9:91:17:e8:23:f1:fb:c3:0b:2f:a0:ac:c5:0f:c0:c9:
         8d:3a:e1:9c:fa:61:66:96:d9:fb:0b:a3:44:c1:e0:9f:c1:5a:
         b6:83:f6:cb:65:58:a9:33:f5:4a:41:a1:da:de:c1:36:2a:e5:
         60:a0:d3:56:59:af:4a:a3:fd:58:ca:c5:42:e5:b8:5a:9c:ec:
         b3:ad:be:10:a5:9e:74:6e:75:68:24:72:bd:d3:17:3a:4b:39:
         1b:f0:91:db:bb:0d:a8:b1:81:4c:ee:e5:c5:eb:4a:47:dc:d6:
         c5:95:db:b5:ec:28:89:20:75:60:06:8a:9e:7c:25:a8:17:0c:
         65:c9:c5:63:92:63:77:0c:e3:d7:51:a1:99:dd:a3:0e:5b:db:
         4e:77:92:08:8a:10:9d:53:ca:f3:d5:79:7d:49:bb:e7:4b:92:
         55:41:29:17:ec:99:d6:1e:b1:af:a0:65:c8:5f:0a:3c:78:76:
         e7:ce:19:2b:00:ea:09:af:47:df:45:59:c7:db:b4:43:bf:16:
         9a:7d:ee:9c:1c:68:c5:2b:3f:d7:ab:6b:eb:84:43:60:47:24:
         1e:ac:dd:a6:12:55:4e:16:f5:08:f4:7d:a6:66:02:c5:1e:d7:
         14:95:01:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXqlO0RjcQFM/8xvVF0hH84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiM2Q1ZGI5MDBlMDgxYjIxM2VhMWYwNzFlYzVjMDAzNDdh
NmZkOTUwHhcNMjUwMzMxMDUwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ4MTcwMTdmZjA5NTQzMWE0MzJkODA5NjJhM2ZiNTc4ZWEwZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9/Dzvf29ybUwcG1oTxFc2OTV6eF
2f/YJSrAUoycAMtyLnI2+yUjG0UUJipPOJiS+nNUE6QvwsYBUMMh849SrY8OYepD
2lM3Uu6owwZ9+BdsZqi84QhRRjVBFvaBQRjTj3+adAIl92QSDTnvNtlawfFQtKFN
c+l2QGUH1BLv8SQDchcFj1PSUTIOhOOo1m9b3jyk9OS0dYV6NdIFinNxfQ3yWIoN
xTq1LkAzSwBOoOmk4g1DvD+R5FKxlKs4HAi5U/ZbMxFuf5DJJOBhAtXLok5kDEO4
/I93OhlVs00DPRcubLpL8a41EWXE3YY/sCA2R++3WJ9cWe9dXSxdMbGhGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRIFwF/8JVDGkMtgJYqP7V46g5KMB8GA1UdIwQY
MBaAFCs9XbkA4IGyE+ofBx7FwANHpv2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3oxZHVRRGdnYklUNmg4SEhzWEFBMGVtX1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS82NWY4ZTItZjRlZC00MjRkLTliOTEt
NDdkZDBjMDRiNTUwLzEvTkVnWEFYX3dsVU1hUXkyQWxpb190WGpxRGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS82NWY4ZTItZjRlZC00MjRkLTliOTEtNDdkZDBjMDRiNTUw
LzEvS3oxZHVRRGdnYklUNmg4SEhzWEFBMGVtX1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8atMA0G
CSqGSIb3DQEBCwUAA4IBAQAylU9yRkbsd8WuFRdwstXRso1tSLmRF+gj8fvDCy+g
rMUPwMmNOuGc+mFmltn7C6NEweCfwVq2g/bLZVipM/VKQaHa3sE2KuVgoNNWWa9K
o/1YysVC5bhanOyzrb4QpZ50bnVoJHK90xc6Szkb8JHbuw2osYFM7uXF60pH3NbF
ldu17CiJIHVgBoqefCWoFwxlycVjkmN3DOPXUaGZ3aMOW9tOd5IIihCdU8rz1Xl9
SbvnS5JVQSkX7JnWHrGvoGXIXwo8eHbnzhkrAOoJr0ffRVnH27RDvxaafe6cHGjF
Kz/Xq2vrhENgRyQerN2mElVOFvUI9H2mZgLFHtcUlQFE
-----END CERTIFICATE-----