Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/NKkYiFJn1s2WgleQ4AP23RspTLQ.roa
File:                     NKkYiFJn1s2WgleQ4AP23RspTLQ.roa (raw, json)
Hash identifier:          ZWB9OaLcmJzVZyAY2vxQN6pq/rnTZE2SqRawNV1XHtQ=
Subject key identifier:   34:A9:18:88:52:67:D6:CD:96:82:57:90:E0:03:F6:DD:1B:29:4C:B4
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019909C1340493A4F7911641997BD668B0AF
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/NKkYiFJn1s2WgleQ4AP23RspTLQ.roa
Signing time:             Tue 02 Sep 2025 09:28:00 +0000
ROA not before:           Tue 02 Sep 2025 09:28:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213759
IP address blocks:        94.184.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 04:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:c1:34:04:93:a4:f7:91:16:41:99:7b:d6:68:b0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Sep  2 09:28:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34a918885267d6cd96825790e003f6dd1b294cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6b:0e:17:26:fa:b6:94:7c:52:00:a5:c5:d8:
                    be:b3:53:5a:ef:5d:50:5e:25:85:90:1e:32:7e:a5:
                    a6:4b:d1:7f:7c:ca:eb:33:2a:d6:f9:bd:8e:8d:4b:
                    05:93:87:31:e2:73:de:29:af:2c:08:f2:4e:53:c1:
                    f9:20:9f:87:c1:5a:54:6b:ff:73:d8:c4:0b:84:6c:
                    f4:40:14:e9:1f:51:5a:42:d9:e7:e9:8d:37:95:e1:
                    df:51:01:db:68:a5:85:ff:8b:0f:f3:f9:9c:47:93:
                    ce:82:0d:f2:26:ee:c6:de:f5:11:e2:30:e8:a9:29:
                    93:11:e7:d2:59:27:aa:0e:c5:8f:c0:33:dc:de:4c:
                    83:52:e8:3e:d7:b6:08:44:a5:6d:33:f7:a3:55:03:
                    8f:2d:cd:95:a7:4d:7f:26:a0:a9:aa:99:fe:03:3b:
                    57:75:9a:15:00:40:20:a2:2a:5e:b5:98:28:a1:c3:
                    67:ef:d9:34:15:fd:57:05:0a:1c:47:d0:93:71:d8:
                    cb:9f:8f:40:96:28:34:0d:8b:35:e0:b6:29:84:ee:
                    ef:8c:36:02:b2:90:01:e8:54:2a:13:62:b0:0d:9d:
                    5e:11:80:09:1b:e2:62:65:da:68:c3:68:c6:24:fd:
                    30:84:d3:7f:57:8b:e2:1f:53:2d:dd:b5:24:11:c2:
                    a1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A9:18:88:52:67:D6:CD:96:82:57:90:E0:03:F6:DD:1B:29:4C:B4
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/NKkYiFJn1s2WgleQ4AP23RspTLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:13:b3:fe:77:9b:22:90:4d:75:da:88:44:69:d3:5e:73:ad:
         bf:f1:8f:d3:95:0c:5f:9d:2d:3b:e0:03:b4:78:55:81:68:fe:
         a4:88:7b:55:f5:60:2f:c5:5c:d2:2d:51:4e:1c:23:30:67:4a:
         04:10:ec:19:9e:bb:2a:19:9a:51:34:a2:11:94:b9:8f:08:07:
         16:db:0a:af:15:1c:15:e7:0b:c9:8e:3e:dd:8a:e1:4f:20:c2:
         9a:ec:86:2c:07:72:53:5f:c8:00:49:0b:38:03:0b:e2:4e:6f:
         b9:b8:ff:71:7d:53:72:12:f1:bc:1d:14:a8:f0:c4:d7:2a:9b:
         42:a5:a8:33:11:53:5b:10:b5:4a:67:89:a4:f6:6a:67:67:62:
         0d:c4:fe:6d:e4:86:b4:54:72:f0:ab:b1:68:2e:0a:f1:28:b8:
         7e:79:d4:3f:ca:63:b1:42:70:f5:7f:1e:3e:f4:89:fa:7c:0a:
         c3:51:01:78:1d:53:70:02:ac:56:17:7f:d8:4f:2d:1c:8b:a1:
         0a:74:90:cb:b0:af:c0:45:a4:9e:01:72:9d:9c:22:7d:ce:a0:
         53:69:5a:59:1b:55:68:15:ae:47:1b:80:11:c1:b9:6a:2d:79:
         b7:d4:92:f7:e5:38:fb:d7:55:dd:e4:b6:ce:22:f2:41:57:9f:
         6b:43:b3:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJwTQEk6T3kRZBmXvWaLCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUwOTAyMDkyODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE5MTg4ODUyNjdkNmNkOTY4MjU3OTBlMDAzZjZkZDFiMjk0Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGsOFyb6tpR8UgClxdi+s1Na711Q
XiWFkB4yfqWmS9F/fMrrMyrW+b2OjUsFk4cx4nPeKa8sCPJOU8H5IJ+HwVpUa/9z
2MQLhGz0QBTpH1FaQtnn6Y03leHfUQHbaKWF/4sP8/mcR5POgg3yJu7G3vUR4jDo
qSmTEefSWSeqDsWPwDPc3kyDUug+17YIRKVtM/ejVQOPLc2Vp01/JqCpqpn+AztX
dZoVAEAgoipetZgoocNn79k0Ff1XBQocR9CTcdjLn49Alig0DYs14LYphO7vjDYC
spAB6FQqE2KwDZ1eEYAJG+JiZdpow2jGJP0whNN/V4viH1Mt3bUkEcKh5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSpGIhSZ9bNloJXkOAD9t0bKUy0MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvTktrWWlGSm4xczJXZ2xlUTRBUDIzUnNwVExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrgVMA0G
CSqGSIb3DQEBCwUAA4IBAQB7E7P+d5sikE112ohEadNec62/8Y/TlQxfnS074AO0
eFWBaP6kiHtV9WAvxVzSLVFOHCMwZ0oEEOwZnrsqGZpRNKIRlLmPCAcW2wqvFRwV
5wvJjj7diuFPIMKa7IYsB3JTX8gASQs4AwviTm+5uP9xfVNyEvG8HRSo8MTXKptC
pagzEVNbELVKZ4mk9mpnZ2INxP5t5Ia0VHLwq7FoLgrxKLh+edQ/ymOxQnD1fx4+
9In6fArDUQF4HVNwAqxWF3/YTy0ci6EKdJDLsK/ARaSeAXKdnCJ9zqBTaVpZG1Vo
Fa5HG4ARwblqLXm31JL35Tj711Xd5LbOIvJBV59rQ7Mk
-----END CERTIFICATE-----