Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/NdAX7Rrn7y-KonnG7TF23wCnJFU.roa
File:                     NdAX7Rrn7y-KonnG7TF23wCnJFU.roa (raw, json)
Hash identifier:          1r3koUbwGBNgbjNaxMGO8L4AUL4EQ4uI3dkO8TUFqEA=
Subject key identifier:   35:D0:17:ED:1A:E7:EF:2F:8A:A2:79:C6:ED:31:76:DF:00:A7:24:55
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F43D577C1167339FB07D14CC554F2041
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/NdAX7Rrn7y-KonnG7TF23wCnJFU.roa
Signing time:             Thu 10 Jul 2025 12:09:10 +0000
ROA not before:           Thu 10 Jul 2025 12:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394814
IP address blocks:        95.164.144.0/20 maxlen: 20
                          95.164.200.0/22 maxlen: 22
                          95.164.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:3d:57:7c:11:67:33:9f:b0:7d:14:cc:55:4f:20:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35d017ed1ae7ef2f8aa279c6ed3176df00a72455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:da:0f:d5:28:16:cb:19:2b:b5:8a:81:2e:46:
                    8e:79:1c:0b:91:5e:9f:cf:b7:a3:06:10:93:9e:2a:
                    20:23:52:23:19:2a:d1:5b:f8:dd:79:71:5c:69:7e:
                    58:90:b1:8b:3c:ac:16:96:4e:1d:02:36:9b:d0:69:
                    c6:6d:ea:79:0d:c3:e7:a2:70:9b:71:09:06:1e:e9:
                    d6:85:41:3e:0c:0d:bd:27:92:15:ba:25:f7:82:de:
                    94:6b:5d:87:9a:8a:e2:b2:e3:e0:61:ef:29:a2:53:
                    d9:21:ec:66:ff:2a:93:ee:92:07:d2:6b:fa:4b:c6:
                    fb:f3:02:3b:ae:9a:c8:ea:70:d3:5f:91:b6:4b:ce:
                    e3:f8:8f:e6:77:24:b8:5c:f0:25:bf:99:f5:01:98:
                    1d:7d:f1:2c:8f:13:c4:fc:d3:c9:9f:0d:4e:29:ed:
                    72:c5:88:02:d1:35:61:63:08:93:ab:36:b5:a5:6a:
                    58:cc:d2:bc:00:16:30:f4:17:5e:5c:73:e1:73:a8:
                    b3:d3:94:34:c1:4f:2c:15:41:5e:a2:98:bd:55:ae:
                    45:59:0b:7e:a2:c7:ab:a5:0a:82:65:b8:d6:0a:a8:
                    da:81:d3:ae:b9:3c:43:fd:aa:42:02:68:27:76:49:
                    ea:84:3d:ac:d3:26:ea:d9:01:8d:1b:fc:17:0e:ad:
                    49:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D0:17:ED:1A:E7:EF:2F:8A:A2:79:C6:ED:31:76:DF:00:A7:24:55
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/NdAX7Rrn7y-KonnG7TF23wCnJFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.144.0/20
                  95.164.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:d0:61:32:70:f5:35:e9:6c:e6:28:55:ea:4d:70:47:47:bf:
         32:3d:a9:d0:d8:78:f3:4e:0d:7c:a6:03:33:be:b8:76:c9:74:
         91:7d:fa:3a:50:38:2d:d8:62:a8:81:f2:3b:b7:52:51:6f:b9:
         50:53:a4:1f:10:7b:16:a9:e2:10:0f:9e:54:af:23:73:3a:e6:
         5b:f3:b3:e4:f9:dc:82:fa:11:60:4b:05:b7:b2:32:67:c9:89:
         4f:c6:20:c6:0b:07:31:b8:44:7a:2a:4d:af:16:6b:22:f0:cb:
         f7:12:a3:fc:e4:6c:fb:c9:1c:92:a6:17:e9:56:28:3d:8c:35:
         e3:e1:d2:f8:b6:c4:2e:bc:bb:a2:ca:aa:b4:17:31:02:f9:04:
         c4:43:7e:f5:8d:e3:4d:7a:81:47:80:a2:30:78:eb:13:e1:66:
         22:36:f6:d3:30:0d:f1:c5:d9:02:f1:fd:bb:62:a4:23:67:cf:
         38:22:e7:b9:17:85:d6:4b:17:b7:dd:ea:c0:95:d9:73:eb:8f:
         af:cb:e5:c5:e2:52:cd:d0:fd:0b:89:51:da:db:56:dc:62:c5:
         16:7e:16:d4:04:c5:2c:33:7d:71:5f:80:c4:3e:1b:cf:bd:59:
         5e:bd:26:5d:b7:f1:67:4b:b9:0a:24:f3:fd:9a:34:9e:76:d4:
         66:f6:32:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf0PVd8EWczn7B9FMxVTyBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQwMTdlZDFhZTdlZjJmOGFhMjc5YzZlZDMxNzZkZjAwYTcyNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09oP1SgWyxkrtYqBLkaOeRwLkV6f
z7ejBhCTniogI1IjGSrRW/jdeXFcaX5YkLGLPKwWlk4dAjab0GnGbep5DcPnonCb
cQkGHunWhUE+DA29J5IVuiX3gt6Ua12HmorisuPgYe8polPZIexm/yqT7pIH0mv6
S8b78wI7rprI6nDTX5G2S87j+I/mdyS4XPAlv5n1AZgdffEsjxPE/NPJnw1OKe1y
xYgC0TVhYwiTqza1pWpYzNK8ABYw9BdeXHPhc6iz05Q0wU8sFUFeopi9Va5FWQt+
oserpQqCZbjWCqjagdOuuTxD/apCAmgndknqhD2s0ybq2QGNG/wXDq1JawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDXQF+0a5+8viqJ5xu0xdt8ApyRVMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvTmRBWDdScm43eS1Lb25uRzdURjIzd0NuSkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEX6SQAwQD
X6TIMA0GCSqGSIb3DQEBCwUAA4IBAQAJ0GEycPU16WzmKFXqTXBHR78yPanQ2Hjz
Tg18pgMzvrh2yXSRffo6UDgt2GKogfI7t1JRb7lQU6QfEHsWqeIQD55UryNzOuZb
87Pk+dyC+hFgSwW3sjJnyYlPxiDGCwcxuER6Kk2vFmsi8Mv3EqP85Gz7yRySphfp
Vig9jDXj4dL4tsQuvLuiyqq0FzEC+QTEQ371jeNNeoFHgKIweOsT4WYiNvbTMA3x
xdkC8f27YqQjZ884Iue5F4XWSxe33erAldlz64+vy+XF4lLN0P0LiVHa21bcYsUW
fhbUBMUsM31xX4DEPhvPvVlevSZdt/FnS7kKJPP9mjSedtRm9jIf
-----END CERTIFICATE-----