Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/NwGyrarXznEP79mpSfk4-aoAcss.roa
File:                     NwGyrarXznEP79mpSfk4-aoAcss.roa (raw, json)
Hash identifier:          kWL+oTlCQ4M6RuD7dSjXf+gw9XkHswGxJGJoJ/U5AMw=
Subject key identifier:   37:01:B2:AD:AA:D7:CE:71:0F:EF:D9:A9:49:F9:38:F9:AA:00:72:CB
Certificate issuer:       /CN=7ffb1c819f5c6eb739d694559b331e6f4b3f2acf
Certificate serial:       019CE21C98A68095EE8CE095D408D81875E2
Authority key identifier: 7F:FB:1C:81:9F:5C:6E:B7:39:D6:94:55:9B:33:1E:6F:4B:3F:2A:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f_scgZ9cbrc51pRVmzMeb0s_Ks8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/NwGyrarXznEP79mpSfk4-aoAcss.roa
Signing time:             Thu 12 Mar 2026 12:54:10 +0000
ROA not before:           Thu 12 Mar 2026 12:54:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200795
IP address blocks:        2001:67c:dc4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/f_scgZ9cbrc51pRVmzMeb0s_Ks8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/f_scgZ9cbrc51pRVmzMeb0s_Ks8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f_scgZ9cbrc51pRVmzMeb0s_Ks8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:1c:98:a6:80:95:ee:8c:e0:95:d4:08:d8:18:75:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ffb1c819f5c6eb739d694559b331e6f4b3f2acf
        Validity
            Not Before: Mar 12 12:54:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3701b2adaad7ce710fefd9a949f938f9aa0072cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ef:9a:78:e7:1e:0c:76:55:ae:5c:32:6f:f0:
                    62:61:a4:05:88:8d:1b:be:db:a5:15:85:bf:a3:c2:
                    46:8d:1e:d6:71:6b:58:96:51:6c:89:b9:88:2b:03:
                    81:3a:75:44:1f:23:36:91:ce:6c:a6:e3:fc:76:74:
                    c8:86:1b:cd:d0:52:90:0a:a4:5a:c6:74:24:9d:77:
                    56:df:34:6c:2e:74:b7:0b:c8:32:16:e0:4b:2e:22:
                    e7:2b:fd:80:b5:3f:d8:ab:53:a8:92:98:c8:ac:74:
                    d8:79:35:df:fb:11:2c:e6:86:c4:a2:9e:ed:53:51:
                    a8:fc:36:7d:ff:01:47:4f:5a:ee:a6:ad:f0:0b:e2:
                    f1:eb:96:43:34:32:10:90:56:ef:62:8e:ae:1f:1d:
                    8b:15:ea:3a:86:7e:00:03:09:c9:11:a2:c3:e6:16:
                    ee:37:ef:46:2a:dd:75:3f:c5:d1:7a:43:1a:1e:ff:
                    8a:40:ef:f9:a7:31:d4:c1:0b:0c:4e:98:70:81:33:
                    2b:a1:5d:f5:b7:b3:f2:a6:90:44:10:af:80:0c:6c:
                    84:a0:de:4e:1d:46:85:dc:08:61:98:91:b4:1c:b6:
                    4b:ae:98:b8:b3:e6:15:a4:91:8c:01:e4:be:0b:b4:
                    73:2c:74:01:89:e2:a9:e3:e1:e3:9d:ec:fe:8f:7f:
                    98:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:01:B2:AD:AA:D7:CE:71:0F:EF:D9:A9:49:F9:38:F9:AA:00:72:CB
            X509v3 Authority Key Identifier:
                keyid:7F:FB:1C:81:9F:5C:6E:B7:39:D6:94:55:9B:33:1E:6F:4B:3F:2A:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f_scgZ9cbrc51pRVmzMeb0s_Ks8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/NwGyrarXznEP79mpSfk4-aoAcss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2cb840-e50d-4aaf-87d5-f8257d673f97/1/f_scgZ9cbrc51pRVmzMeb0s_Ks8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:dc4::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:b9:30:02:e6:89:34:86:13:86:a3:d5:d1:1e:80:2f:39:c2:
         a0:7f:2b:07:43:7f:fc:5e:e6:27:af:e4:5d:d6:2e:eb:9d:11:
         f0:31:89:c3:70:0c:5e:13:60:a9:0b:8d:12:c6:bf:db:38:08:
         39:14:ff:e3:0f:44:9c:ac:b5:33:08:5b:c6:ce:09:36:19:83:
         9a:20:e9:94:f2:ab:84:2b:62:d2:68:c1:1f:2f:4c:76:d4:40:
         38:ea:0e:e6:cd:36:83:f8:cc:e3:b0:54:7e:5b:aa:f0:f8:22:
         d0:2e:45:a2:ca:1c:da:e1:9c:c4:f3:90:c1:e4:72:ed:fc:d8:
         9d:62:e8:09:88:1e:69:cb:16:35:2b:98:44:2b:a3:3c:c0:a1:
         ea:ab:f9:09:2e:9a:1f:c9:da:a7:0f:e1:f5:cb:d7:9b:94:65:
         19:2e:8e:1e:40:91:57:55:ed:55:ee:4c:f1:b5:6c:0b:97:4c:
         da:28:68:6a:26:ae:76:85:7f:03:42:b5:97:e7:7c:a9:38:2c:
         5e:74:bd:99:09:c1:36:b3:b9:af:4f:70:4b:fe:db:87:59:e3:
         4e:98:a3:89:3d:2c:54:c5:bb:02:94:ef:83:46:59:b0:1a:c1:
         84:d9:60:b4:bb:ae:d4:06:46:a7:85:95:5d:20:17:c9:ca:50:
         66:93:79:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZziHJimgJXujOCV1AjYGHXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmZmIxYzgxOWY1YzZlYjczOWQ2OTQ1NTliMzMxZTZmNGIz
ZjJhY2YwHhcNMjYwMzEyMTI1NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzAxYjJhZGFhZDdjZTcxMGZlZmQ5YTk0OWY5MzhmOWFhMDA3MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn++aeOceDHZVrlwyb/BiYaQFiI0b
vtulFYW/o8JGjR7WcWtYllFsibmIKwOBOnVEHyM2kc5spuP8dnTIhhvN0FKQCqRa
xnQknXdW3zRsLnS3C8gyFuBLLiLnK/2AtT/Yq1OokpjIrHTYeTXf+xEs5obEop7t
U1Go/DZ9/wFHT1rupq3wC+Lx65ZDNDIQkFbvYo6uHx2LFeo6hn4AAwnJEaLD5hbu
N+9GKt11P8XRekMaHv+KQO/5pzHUwQsMTphwgTMroV31t7PyppBEEK+ADGyEoN5O
HUaF3AhhmJG0HLZLrpi4s+YVpJGMAeS+C7RzLHQBieKp4+Hjnez+j3+YRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDcBsq2q185xD+/ZqUn5OPmqAHLLMB8GA1UdIwQY
MBaAFH/7HIGfXG63OdaUVZszHm9LPyrPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZl9zY2daOWNicmM1MXBSVm16TWViMHNfS3M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yY2I4NDAtZTUwZC00YWFmLTg3ZDUt
ZjgyNTdkNjczZjk3LzEvTndHeXJhclh6bkVQNzltcFNmazQtYW9BY3NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yY2I4NDAtZTUwZC00YWFmLTg3ZDUtZjgyNTdkNjczZjk3
LzEvZl9zY2daOWNicmM1MXBSVm16TWViMHNfS3M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3E
MA0GCSqGSIb3DQEBCwUAA4IBAQBBuTAC5ok0hhOGo9XRHoAvOcKgfysHQ3/8XuYn
r+Rd1i7rnRHwMYnDcAxeE2CpC40Sxr/bOAg5FP/jD0ScrLUzCFvGzgk2GYOaIOmU
8quEK2LSaMEfL0x21EA46g7mzTaD+MzjsFR+W6rw+CLQLkWiyhza4ZzE85DB5HLt
/NidYugJiB5pyxY1K5hEK6M8wKHqq/kJLpofydqnD+H1y9eblGUZLo4eQJFXVe1V
7kzxtWwLl0zaKGhqJq52hX8DQrWX53ypOCxedL2ZCcE2s7mvT3BL/tuHWeNOmKOJ
PSxUxbsClO+DRlmwGsGE2WC0u67UBkanhZVdIBfJylBmk3nO
-----END CERTIFICATE-----