Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NmYuwZJ9c1HXO1ERCrPlSOS8TDs.roa
File:                     NmYuwZJ9c1HXO1ERCrPlSOS8TDs.roa (raw, json)
Hash identifier:          P0jFJ0n6GiFixDqG94YL/bf180l0xtGNi5NibLle7Ow=
Subject key identifier:   36:66:2E:C1:92:7D:73:51:D7:3B:51:11:0A:B3:E5:48:E4:BC:4C:3B
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0196A69CB66E6592F3024EC34D4739F056B2
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NmYuwZJ9c1HXO1ERCrPlSOS8TDs.roa
Signing time:             Tue 06 May 2025 17:20:10 +0000
ROA not before:           Tue 06 May 2025 17:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0f:da82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:9c:b6:6e:65:92:f3:02:4e:c3:4d:47:39:f0:56:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: May  6 17:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36662ec1927d7351d73b51110ab3e548e4bc4c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:59:33:40:b2:d2:67:3d:50:3d:85:4c:f5:
                    8b:93:1f:79:af:4e:8e:68:af:79:7d:8d:f2:f2:c5:
                    30:3b:e0:39:1a:52:e0:cc:64:50:54:f0:d8:39:09:
                    70:4c:77:ed:87:85:57:58:fc:85:7b:25:29:a9:2c:
                    32:06:8b:59:6a:51:9e:4d:b2:93:f1:f9:b9:5f:aa:
                    4c:9c:bf:c2:c8:b2:bd:1a:8f:77:ff:45:3d:cc:04:
                    0f:86:f9:b0:72:b7:93:9a:97:aa:0b:1a:74:81:8f:
                    30:10:a0:95:f3:48:86:df:4a:e3:58:9b:3e:cb:08:
                    b5:06:2f:f5:6e:fe:5f:45:55:82:2d:56:26:c8:50:
                    5a:06:17:f3:01:b2:53:84:dd:ce:a1:cc:2e:e9:db:
                    4f:4b:f0:c3:06:e2:a0:e4:f9:9d:db:85:68:03:d8:
                    87:d9:9e:96:79:ab:38:7d:d8:17:24:74:49:b4:29:
                    af:34:17:d9:a5:33:29:8b:1e:c6:95:f3:25:fc:85:
                    e7:18:43:d7:d6:33:83:d0:d1:59:07:10:33:ed:e8:
                    09:d2:15:21:84:b5:7d:ad:01:e6:70:b5:36:7b:ea:
                    fe:b0:39:b6:63:54:63:4b:dc:3e:59:6b:2e:62:71:
                    1e:e0:38:7c:e0:08:48:b5:a7:72:2c:12:6a:5c:1c:
                    11:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:66:2E:C1:92:7D:73:51:D7:3B:51:11:0A:B3:E5:48:E4:BC:4C:3B
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/NmYuwZJ9c1HXO1ERCrPlSOS8TDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:da82::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:73:05:2d:b7:78:21:21:13:7a:6b:26:15:5a:f3:0c:c3:9a:
         9c:c6:c8:b8:ab:e0:8f:96:74:ae:7b:d1:8e:ea:7d:91:28:b5:
         e4:3a:3b:78:26:88:62:03:f2:fc:b1:80:f1:5b:2f:28:e0:09:
         fd:14:16:b6:d6:da:6f:b2:6f:d5:60:ad:15:88:a8:42:55:ae:
         dd:df:20:63:53:45:82:fc:95:9b:7c:7f:0a:1d:a6:09:25:f4:
         71:b1:0f:5e:49:19:44:8e:e4:2f:12:17:ce:15:ca:3b:98:96:
         19:aa:15:e4:75:89:f0:4f:6c:8e:a9:24:cd:4c:19:53:fb:24:
         f2:50:b4:b8:77:cb:35:eb:80:93:0e:72:59:9c:d5:47:53:4d:
         05:10:4a:3e:92:28:61:20:7a:13:6b:ea:df:de:a0:e8:6d:27:
         4d:6a:5c:fd:12:6e:bf:b5:14:be:fb:de:1a:a3:6f:f4:b7:02:
         fb:83:a7:cc:11:35:cb:86:46:1f:a4:94:a4:3b:fc:ab:62:39:
         97:27:ce:ef:58:1b:67:0a:44:3f:b7:e2:10:88:3c:ff:68:3d:
         d6:4b:84:bd:6c:23:72:66:1e:22:47:43:78:2c:af:36:6d:ff:
         43:e0:f2:83:90:df:b7:10:0a:0b:48:58:0e:08:1c:b8:9c:9a:
         b0:e1:dd:1e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZamnLZuZZLzAk7DTUc58FayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwNTA2MTcyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY2MmVjMTkyN2Q3MzUxZDczYjUxMTEwYWIzZTU0OGU0YmM0YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjRZM0Cy0mc9UD2FTPWLkx95r06O
aK95fY3y8sUwO+A5GlLgzGRQVPDYOQlwTHfth4VXWPyFeyUpqSwyBotZalGeTbKT
8fm5X6pMnL/CyLK9Go93/0U9zAQPhvmwcreTmpeqCxp0gY8wEKCV80iG30rjWJs+
ywi1Bi/1bv5fRVWCLVYmyFBaBhfzAbJThN3Oocwu6dtPS/DDBuKg5Pmd24VoA9iH
2Z6Weas4fdgXJHRJtCmvNBfZpTMpix7GlfMl/IXnGEPX1jOD0NFZBxAz7egJ0hUh
hLV9rQHmcLU2e+r+sDm2Y1RjS9w+WWsuYnEe4Dh84AhItadyLBJqXBwRawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDZmLsGSfXNR1ztREQqz5UjkvEw7MB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvTm1ZdXdaSjljMUhYTzFFUkNyUGxTT1M4VERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg/agjAN
BgkqhkiG9w0BAQsFAAOCAQEAiXMFLbd4ISETemsmFVrzDMOanMbIuKvgj5Z0rnvR
jup9kSi15Do7eCaIYgPy/LGA8VsvKOAJ/RQWttbab7Jv1WCtFYioQlWu3d8gY1NF
gvyVm3x/Ch2mCSX0cbEPXkkZRI7kLxIXzhXKO5iWGaoV5HWJ8E9sjqkkzUwZU/sk
8lC0uHfLNeuAkw5yWZzVR1NNBRBKPpIoYSB6E2vq396g6G0nTWpc/RJuv7UUvvve
GqNv9LcC+4OnzBE1y4ZGH6SUpDv8q2I5lyfO71gbZwpEP7fiEIg8/2g91kuEvWwj
cmYeIkdDeCyvNm3/Q+Dyg5DftxAKC0hYDggcuJyasOHdHg==
-----END CERTIFICATE-----