Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/NlHhjU6xWVmXWfNrd-ovT0jtbwk.roa
File:                     NlHhjU6xWVmXWfNrd-ovT0jtbwk.roa (raw, json)
Hash identifier:          DrtC0WHpkDSvvmlxYXubm9JL5FSMim6Xx+I+3O4UqVQ=
Subject key identifier:   36:51:E1:8D:4E:B1:59:59:97:59:F3:6B:77:EA:2F:4F:48:ED:6F:09
Certificate issuer:       /CN=a79cf10c31f2edbb557d5540973c88079b33200f
Certificate serial:       0196FC7A4A159C07CB5E8304891B0C7C9CAA
Authority key identifier: A7:9C:F1:0C:31:F2:ED:BB:55:7D:55:40:97:3C:88:07:9B:33:20:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5zxDDHy7btVfVVAlzyIB5szIA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/NlHhjU6xWVmXWfNrd-ovT0jtbwk.roa
Signing time:             Fri 23 May 2025 09:29:54 +0000
ROA not before:           Fri 23 May 2025 09:29:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203585
IP address blocks:        85.222.200.0/21 maxlen: 21
                          185.16.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/p5zxDDHy7btVfVVAlzyIB5szIA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/p5zxDDHy7btVfVVAlzyIB5szIA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5zxDDHy7btVfVVAlzyIB5szIA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:7a:4a:15:9c:07:cb:5e:83:04:89:1b:0c:7c:9c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79cf10c31f2edbb557d5540973c88079b33200f
        Validity
            Not Before: May 23 09:29:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3651e18d4eb159599759f36b77ea2f4f48ed6f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8e:fe:70:bf:80:3b:47:ac:e9:03:b4:37:3d:
                    29:d1:4c:ec:a6:72:f8:e3:bf:9e:8b:35:36:2f:1a:
                    1f:a6:c9:1a:64:6f:99:43:f7:d4:5c:bd:ae:c3:a4:
                    45:74:af:a3:5b:2f:22:bc:4f:af:dc:7b:72:8a:fc:
                    e2:af:58:e2:17:f1:e4:d3:65:bb:db:ca:f6:93:34:
                    5f:ef:51:fa:15:01:9b:e3:76:3a:7f:09:02:df:c5:
                    90:63:46:09:2d:49:6d:70:6e:f8:72:f0:4d:3b:d1:
                    d7:f8:4e:94:90:72:1f:7a:46:69:fa:64:96:13:03:
                    f1:69:00:33:a5:16:1b:9e:fe:51:aa:1a:df:fd:1c:
                    4b:42:a7:55:de:e7:e2:7d:eb:08:71:a3:92:02:1b:
                    51:2e:b9:78:00:ec:ea:03:7e:97:d6:09:d2:0e:5c:
                    72:96:d4:50:ec:e0:10:af:5a:01:39:34:73:82:1f:
                    1f:63:45:d9:ba:1e:c6:c2:3a:7c:26:f1:5c:5f:ad:
                    4f:e9:ff:5e:5b:86:69:fd:5e:b7:62:c6:c0:c7:3b:
                    93:c5:44:3c:50:b2:e8:e3:b7:76:06:8f:31:54:39:
                    88:30:f9:85:58:0c:c1:51:6b:5a:db:15:ce:ce:72:
                    c7:1c:38:5c:f7:1a:3a:ec:ae:f2:54:a7:92:24:6c:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:51:E1:8D:4E:B1:59:59:97:59:F3:6B:77:EA:2F:4F:48:ED:6F:09
            X509v3 Authority Key Identifier:
                keyid:A7:9C:F1:0C:31:F2:ED:BB:55:7D:55:40:97:3C:88:07:9B:33:20:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5zxDDHy7btVfVVAlzyIB5szIA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/NlHhjU6xWVmXWfNrd-ovT0jtbwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/269be9-93ff-4c12-91ba-1a9b1555136a/1/p5zxDDHy7btVfVVAlzyIB5szIA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.200.0/21
                  185.16.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:01:f3:02:11:34:d9:4a:52:4d:96:dd:45:a7:59:d3:8a:05:
         17:da:09:0f:39:bc:1e:d5:3b:e5:ea:b1:3f:73:a5:52:c9:bd:
         29:d7:5d:af:91:ef:7d:0a:d9:4c:b0:56:c9:76:3e:65:41:bf:
         88:39:82:cb:33:65:35:ac:b4:d7:59:cd:23:06:e8:8d:35:74:
         7a:c3:08:87:83:96:44:98:86:f8:c1:a0:e8:8c:8f:36:fd:91:
         a1:4d:9e:b8:ef:91:ff:aa:75:69:e7:cc:40:cb:69:87:d9:29:
         6f:f4:a3:d0:98:4b:af:77:2f:14:c1:5a:07:61:ef:ae:c0:e9:
         f5:6d:99:06:01:bf:ac:8a:ac:b4:14:11:04:c8:2a:ad:72:7d:
         e7:3f:35:81:db:ee:f5:a9:ca:8e:4c:f7:ea:cf:f6:e9:cc:5a:
         11:d4:19:c3:f0:84:4c:ef:79:6f:b6:db:70:3b:30:eb:1f:40:
         3b:38:39:2f:4a:d5:2c:22:1f:4c:7b:e1:d5:41:71:c8:06:ff:
         b9:97:53:76:16:4c:d4:eb:ba:ad:41:ee:46:cb:23:d1:dd:92:
         de:50:6c:f6:f5:36:5b:f3:55:e5:b3:11:6a:34:6a:97:5e:ff:
         12:60:ef:04:60:b3:89:15:8f:0f:40:33:84:8f:05:59:2e:5f:
         db:f7:84:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb8ekoVnAfLXoMEiRsMfJyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWNmMTBjMzFmMmVkYmI1NTdkNTU0MDk3M2M4ODA3OWIz
MzIwMGYwHhcNMjUwNTIzMDkyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjUxZTE4ZDRlYjE1OTU5OTc1OWYzNmI3N2VhMmY0ZjQ4ZWQ2ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo7+cL+AO0es6QO0Nz0p0UzspnL4
47+eizU2LxofpskaZG+ZQ/fUXL2uw6RFdK+jWy8ivE+v3Htyivzir1jiF/Hk02W7
28r2kzRf71H6FQGb43Y6fwkC38WQY0YJLUltcG74cvBNO9HX+E6UkHIfekZp+mSW
EwPxaQAzpRYbnv5Rqhrf/RxLQqdV3ufifesIcaOSAhtRLrl4AOzqA36X1gnSDlxy
ltRQ7OAQr1oBOTRzgh8fY0XZuh7Gwjp8JvFcX61P6f9eW4Zp/V63YsbAxzuTxUQ8
ULLo47d2Bo8xVDmIMPmFWAzBUWta2xXOznLHHDhc9xo67K7yVKeSJGxBjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZR4Y1OsVlZl1nza3fqL09I7W8JMB8GA1UdIwQY
MBaAFKec8Qwx8u27VX1VQJc8iAebMyAPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV6eERESHk3YnRWZlZWQWx6eUlCNXN6SUE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yNjliZTktOTNmZi00YzEyLTkxYmEt
MWE5YjE1NTUxMzZhLzEvTmxIaGpVNnhXVm1YV2ZOcmQtb3ZUMGp0YndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yNjliZTktOTNmZi00YzEyLTkxYmEtMWE5YjE1NTUxMzZh
LzEvcDV6eERESHk3YnRWZlZWQWx6eUlCNXN6SUE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVd7IAwQC
uRDcMA0GCSqGSIb3DQEBCwUAA4IBAQAAAfMCETTZSlJNlt1Fp1nTigUX2gkPObwe
1Tvl6rE/c6VSyb0p112vke99CtlMsFbJdj5lQb+IOYLLM2U1rLTXWc0jBuiNNXR6
wwiHg5ZEmIb4waDojI82/ZGhTZ6475H/qnVp58xAy2mH2Slv9KPQmEuvdy8UwVoH
Ye+uwOn1bZkGAb+siqy0FBEEyCqtcn3nPzWB2+71qcqOTPfqz/bpzFoR1BnD8IRM
73lvtttwOzDrH0A7ODkvStUsIh9Me+HVQXHIBv+5l1N2FkzU67qtQe5GyyPR3ZLe
UGz29TZb81XlsxFqNGqXXv8SYO8EYLOJFY8PQDOEjwVZLl/b94RG
-----END CERTIFICATE-----