Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NMD5F8KFCQwb9bvWNVSMcdRaxNY.roa
File:                     NMD5F8KFCQwb9bvWNVSMcdRaxNY.roa (raw, json)
Hash identifier:          dElNJQwZAB8Ff5/YQk6+7WM3lVICIYBpdN1RaCSGE1s=
Subject key identifier:   34:C0:F9:17:C2:85:09:0C:1B:F5:BB:D6:35:54:8C:71:D4:5A:C4:D6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01994CD512E9E55DBC9B79B7A8EF6CC7DE29
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NMD5F8KFCQwb9bvWNVSMcdRaxNY.roa
Signing time:             Mon 15 Sep 2025 10:04:16 +0000
ROA not before:           Mon 15 Sep 2025 10:04:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48
                          2a0c:b641:7b0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:d5:12:e9:e5:5d:bc:9b:79:b7:a8:ef:6c:c7:de:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep 15 10:04:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34c0f917c285090c1bf5bbd635548c71d45ac4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:80:36:86:ad:13:67:e9:be:e7:3e:ab:5b:
                    2b:2b:a6:bf:26:17:14:0d:06:83:14:9c:45:90:8b:
                    97:9b:6b:5c:d5:39:61:cd:d3:fe:a1:b6:2c:ac:d3:
                    b0:60:2e:de:2e:a4:40:dc:ea:c6:4b:cd:74:dc:3d:
                    a7:b1:c0:65:c6:2f:e3:aa:ad:0c:a1:5a:c1:c7:55:
                    cc:35:7b:68:58:b7:af:48:91:6d:1b:99:31:31:0a:
                    47:2a:c0:6b:38:a3:af:22:ed:3d:c2:cc:6d:a4:b4:
                    c5:a0:96:62:41:88:fd:52:8d:e1:25:43:a3:dd:76:
                    0c:c5:04:27:d7:61:bc:56:72:2d:c8:a3:c8:ae:2f:
                    4a:e7:86:ff:7b:ea:c0:54:66:89:0d:9d:2f:b7:b0:
                    ad:4b:08:08:55:52:c8:9f:b0:af:18:0e:36:7e:3b:
                    71:c7:f5:64:f3:4e:9d:60:21:58:e8:94:9c:98:ef:
                    66:70:71:f7:0d:99:60:b2:67:cc:96:37:b1:40:14:
                    72:10:f3:01:81:c7:00:6f:fc:04:c9:93:2b:91:c5:
                    09:3f:01:c3:6d:38:03:7d:3c:df:32:79:b6:18:0d:
                    d2:04:c2:33:8c:9a:86:5c:39:09:ec:43:f4:a8:a4:
                    a9:6f:4b:97:c1:d8:35:58:d0:9f:80:cb:7c:0a:47:
                    fd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C0:F9:17:C2:85:09:0C:1B:F5:BB:D6:35:54:8C:71:D4:5A:C4:D6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NMD5F8KFCQwb9bvWNVSMcdRaxNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44
                  2a0c:b641:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:8f:77:f1:4e:e7:aa:f7:8e:f7:10:e7:49:67:72:7a:c2:9c:
         03:a2:d1:7e:f5:9c:9a:ea:f3:a7:66:e4:dd:c6:50:cb:49:88:
         41:dc:ac:fd:3b:fc:e9:27:e0:c1:2f:b9:d5:c0:78:fb:ac:f7:
         6f:14:3e:ec:3a:38:dc:39:86:c3:66:04:14:74:aa:68:f8:28:
         dc:41:b1:a1:a1:88:c4:3b:78:23:e3:26:89:7b:e0:42:cc:93:
         f6:db:58:7c:c0:6b:de:a6:4d:84:93:cd:8a:a8:7a:7c:77:3e:
         df:e2:fd:ae:b2:c3:f2:55:62:9f:99:49:c7:3f:7a:c4:21:31:
         a9:59:73:8f:87:9f:5e:09:28:ff:17:8c:7e:a8:c0:3e:a9:d2:
         9f:08:3f:ff:33:fb:7a:74:31:ab:d5:a1:46:bd:5a:ef:02:7b:
         dd:29:98:b2:77:67:2a:c0:25:a6:d5:87:cd:3e:35:df:23:c9:
         9b:bd:31:df:fb:7c:68:10:b7:4d:c1:d4:5e:64:ed:35:97:da:
         ea:90:fe:0f:5d:8d:e3:85:e2:2c:08:ab:58:20:5c:f3:79:1c:
         3a:24:fc:12:a6:af:39:a6:d2:c6:fc:7d:15:7e:89:f1:2d:ca:
         70:67:55:16:97:d8:4c:d5:19:e1:3f:9e:93:a7:53:8c:47:2b:
         d7:32:32:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlM1RLp5V28m3m3qO9sx94pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwOTE1MTAwNDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGMwZjkxN2MyODUwOTBjMWJmNWJiZDYzNTU0OGM3MWQ0NWFjNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3SANoatE2fpvuc+q1srK6a/JhcU
DQaDFJxFkIuXm2tc1TlhzdP+obYsrNOwYC7eLqRA3OrGS8103D2nscBlxi/jqq0M
oVrBx1XMNXtoWLevSJFtG5kxMQpHKsBrOKOvIu09wsxtpLTFoJZiQYj9Uo3hJUOj
3XYMxQQn12G8VnItyKPIri9K54b/e+rAVGaJDZ0vt7CtSwgIVVLIn7CvGA42fjtx
x/Vk806dYCFY6JScmO9mcHH3DZlgsmfMljexQBRyEPMBgccAb/wEyZMrkcUJPwHD
bTgDfTzfMnm2GA3SBMIzjJqGXDkJ7EP0qKSpb0uXwdg1WNCfgMt8Ckf9SQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDTA+RfChQkMG/W71jVUjHHUWsTWMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTk1ENUY4S0ZDUXdiOWJ2V05WU01jZFJheE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgy2QQHQ
AwcEKgy2QQewMA0GCSqGSIb3DQEBCwUAA4IBAQBrj3fxTueq9473EOdJZ3J6wpwD
otF+9Zya6vOnZuTdxlDLSYhB3Kz9O/zpJ+DBL7nVwHj7rPdvFD7sOjjcOYbDZgQU
dKpo+CjcQbGhoYjEO3gj4yaJe+BCzJP221h8wGvepk2Ek82KqHp8dz7f4v2ussPy
VWKfmUnHP3rEITGpWXOPh59eCSj/F4x+qMA+qdKfCD//M/t6dDGr1aFGvVrvAnvd
KZiyd2cqwCWm1YfNPjXfI8mbvTHf+3xoELdNwdReZO01l9rqkP4PXY3jheIsCKtY
IFzzeRw6JPwSpq85ptLG/H0VfonxLcpwZ1UWl9hM1RnhP56Tp1OMRyvXMjLG
-----END CERTIFICATE-----