Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/nBqhUdLMvMF3um2Xd5cemRyaDIY.roa
File:                     nBqhUdLMvMF3um2Xd5cemRyaDIY.roa (raw, json)
Hash identifier:          iNrSMpvfd0IaunQuUuNNAQ8NKO2bkt2NnRjfVSrKAzA=
Subject key identifier:   9C:1A:A1:51:D2:CC:BC:C1:77:BA:6D:97:77:97:1E:99:1C:9A:0C:86
Certificate issuer:       /CN=e5f6ced27fc60f900fac1b751db1ee4bf785aab3
Certificate serial:       0197A0DE2CC4C3AE30D3CBD55AF2C4BB80B7
Authority key identifier: E5:F6:CE:D2:7F:C6:0F:90:0F:AC:1B:75:1D:B1:EE:4B:F7:85:AA:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5fbO0n_GD5APrBt1HbHuS_eFqrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/nBqhUdLMvMF3um2Xd5cemRyaDIY.roa
Signing time:             Tue 24 Jun 2025 07:36:44 +0000
ROA not before:           Tue 24 Jun 2025 07:36:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35131
IP address blocks:        2a00:e280::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/5fbO0n_GD5APrBt1HbHuS_eFqrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/5fbO0n_GD5APrBt1HbHuS_eFqrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5fbO0n_GD5APrBt1HbHuS_eFqrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a0:de:2c:c4:c3:ae:30:d3:cb:d5:5a:f2:c4:bb:80:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5f6ced27fc60f900fac1b751db1ee4bf785aab3
        Validity
            Not Before: Jun 24 07:36:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c1aa151d2ccbcc177ba6d9777971e991c9a0c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:01:36:0f:1d:b5:3e:2b:72:16:3a:24:bb:ad:
                    e0:31:57:fa:1b:a6:bf:8a:c5:17:c3:c7:af:47:fe:
                    e3:e9:e7:2b:30:37:6b:60:b0:91:d8:c3:c0:20:17:
                    bf:74:63:05:f8:0b:fe:48:94:67:17:39:8b:af:a4:
                    b8:f6:ab:f3:7d:11:45:46:7a:cf:81:95:60:6c:e9:
                    e3:9f:e0:e9:9e:8b:aa:53:ab:aa:2a:2d:55:e9:96:
                    89:a6:68:6c:62:57:f8:8c:1f:5c:eb:a9:72:44:09:
                    29:cc:65:e7:63:2a:26:87:3e:2e:d5:37:36:8e:8d:
                    42:5d:a1:f7:10:0b:32:24:b0:91:c1:00:81:1d:ac:
                    86:0e:59:5d:7e:b8:e6:51:ac:09:06:e2:2f:91:22:
                    62:0f:d2:bd:5a:19:85:16:25:84:7c:e5:f6:75:a8:
                    0e:75:b7:b4:23:88:e1:c4:80:96:0a:cc:44:a0:ba:
                    27:21:86:c2:49:d6:3d:f6:e5:7f:e2:1b:d2:f4:85:
                    f0:41:dc:93:a0:61:34:5d:0b:4b:82:ad:40:95:00:
                    a4:72:f2:e4:ff:fd:97:8e:d2:22:da:5e:92:9f:e8:
                    11:f2:f5:40:14:f5:15:6d:9c:ed:f8:3e:3c:86:58:
                    55:83:69:49:29:8d:e1:68:c5:83:80:2a:15:51:7a:
                    06:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:1A:A1:51:D2:CC:BC:C1:77:BA:6D:97:77:97:1E:99:1C:9A:0C:86
            X509v3 Authority Key Identifier:
                keyid:E5:F6:CE:D2:7F:C6:0F:90:0F:AC:1B:75:1D:B1:EE:4B:F7:85:AA:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5fbO0n_GD5APrBt1HbHuS_eFqrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/nBqhUdLMvMF3um2Xd5cemRyaDIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/f39a17-8387-4fba-9ed0-3ead7792073c/1/5fbO0n_GD5APrBt1HbHuS_eFqrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:e280::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:8d:37:8e:5b:e5:2f:da:24:a9:51:39:64:52:5f:43:2c:96:
         b6:a5:9c:ec:53:14:b2:fd:ec:15:c5:98:b4:05:39:36:a3:b5:
         cc:aa:a0:da:90:a4:1f:a4:25:ed:8d:90:1b:b0:2e:69:72:7e:
         d5:d5:85:4a:b6:2b:54:96:8b:ef:ac:8d:fc:bd:cf:cd:1d:49:
         96:e2:15:1d:bd:0f:53:b4:74:92:05:ed:b7:89:85:96:d5:bb:
         30:5d:64:ef:9c:18:33:3d:60:b8:0a:7b:b4:34:57:3a:df:d8:
         2a:b2:f8:0d:b4:61:0e:67:6c:be:94:b1:55:72:a7:46:e0:b5:
         51:45:f6:be:57:b7:43:e3:6d:5f:21:74:e3:59:85:af:06:ed:
         96:62:fa:25:38:07:a0:ae:a4:7d:53:c5:b5:d1:c3:db:56:0d:
         ca:7f:1a:32:50:82:3d:65:f4:eb:38:d4:69:c5:81:b1:58:e9:
         ab:e8:07:3e:d5:26:9b:45:33:d7:20:d4:df:6e:85:2e:00:c3:
         ac:19:98:15:cc:e9:56:7b:61:f9:9e:b4:dd:38:7b:42:c5:3c:
         2d:dc:53:0f:77:c7:0e:2f:ce:3c:86:04:e1:ea:13:49:6e:55:
         f1:a9:a8:07:ec:e3:79:c6:19:38:77:30:d0:ee:da:d2:5a:53:
         d9:21:f4:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeg3izEw64w08vVWvLEu4C3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZjZjZWQyN2ZjNjBmOTAwZmFjMWI3NTFkYjFlZTRiZjc4
NWFhYjMwHhcNMjUwNjI0MDczNjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzFhYTE1MWQyY2NiY2MxNzdiYTZkOTc3Nzk3MWU5OTFjOWEwYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgE2Dx21PityFjoku63gMVf6G6a/
isUXw8evR/7j6ecrMDdrYLCR2MPAIBe/dGMF+Av+SJRnFzmLr6S49qvzfRFFRnrP
gZVgbOnjn+DpnouqU6uqKi1V6ZaJpmhsYlf4jB9c66lyRAkpzGXnYyomhz4u1Tc2
jo1CXaH3EAsyJLCRwQCBHayGDlldfrjmUawJBuIvkSJiD9K9WhmFFiWEfOX2dagO
dbe0I4jhxICWCsxEoLonIYbCSdY99uV/4hvS9IXwQdyToGE0XQtLgq1AlQCkcvLk
//2XjtIi2l6Sn+gR8vVAFPUVbZzt+D48hlhVg2lJKY3haMWDgCoVUXoG/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJwaoVHSzLzBd7ptl3eXHpkcmgyGMB8GA1UdIwQY
MBaAFOX2ztJ/xg+QD6wbdR2x7kv3haqzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWZiTzBuX0dENUFQckJ0MUhiSHVTX2VGcXJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9mMzlhMTctODM4Ny00ZmJhLTllZDAt
M2VhZDc3OTIwNzNjLzEvbkJxaFVkTE12TUYzdW0yWGQ1Y2VtUnlhRElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9mMzlhMTctODM4Ny00ZmJhLTllZDAtM2VhZDc3OTIwNzNj
LzEvNWZiTzBuX0dENUFQckJ0MUhiSHVTX2VGcXJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDigDAN
BgkqhkiG9w0BAQsFAAOCAQEAi403jlvlL9okqVE5ZFJfQyyWtqWc7FMUsv3sFcWY
tAU5NqO1zKqg2pCkH6Ql7Y2QG7AuaXJ+1dWFSrYrVJaL76yN/L3PzR1JluIVHb0P
U7R0kgXtt4mFltW7MF1k75wYMz1guAp7tDRXOt/YKrL4DbRhDmdsvpSxVXKnRuC1
UUX2vle3Q+NtXyF041mFrwbtlmL6JTgHoK6kfVPFtdHD21YNyn8aMlCCPWX06zjU
acWBsVjpq+gHPtUmm0Uz1yDU326FLgDDrBmYFczpVnth+Z603Th7QsU8LdxTD3fH
Di/OPIYE4eoTSW5V8amoB+zjecYZOHcw0O7a0lpT2SH0nQ==
-----END CERTIFICATE-----