Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/n3BgyUulT02071hYFOzA1unhxoM.roa
File:                     n3BgyUulT02071hYFOzA1unhxoM.roa (raw, json)
Hash identifier:          BPb0g/1bWdgtULRInakuHMpgQ/U61gydQ46sGmWxZGI=
Subject key identifier:   9F:70:60:C9:4B:A5:4F:4D:B4:EF:58:58:14:EC:C0:D6:E9:E1:C6:83
Certificate issuer:       /CN=5aab4a28fc29853dd23c76bd1e2f78ce9999a15a
Certificate serial:       019933B32E8D214C6B3C447F51426C93B189
Authority key identifier: 5A:AB:4A:28:FC:29:85:3D:D2:3C:76:BD:1E:2F:78:CE:99:99:A1:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/n3BgyUulT02071hYFOzA1unhxoM.roa
Signing time:             Wed 10 Sep 2025 12:56:44 +0000
ROA not before:           Wed 10 Sep 2025 12:56:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214667
IP address blocks:        195.214.200.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:b3:2e:8d:21:4c:6b:3c:44:7f:51:42:6c:93:b1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aab4a28fc29853dd23c76bd1e2f78ce9999a15a
        Validity
            Not Before: Sep 10 12:56:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f7060c94ba54f4db4ef585814ecc0d6e9e1c683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c0:bd:a9:a8:2c:0c:79:80:6c:bb:6b:78:6a:
                    bf:d8:11:31:b6:7c:72:a4:60:dd:30:e5:b3:66:d0:
                    0f:65:ab:99:a3:32:b9:b1:63:00:20:1b:17:28:40:
                    fc:c0:b1:98:dd:a0:40:c8:e1:73:63:8d:9c:b6:e7:
                    64:50:ea:61:58:44:53:ed:55:78:c2:e2:7b:6f:bd:
                    51:31:9e:2c:82:3f:a5:68:50:b6:b5:1c:fc:f1:93:
                    bb:66:79:4a:14:c3:60:35:74:e3:e7:ea:fa:ac:72:
                    e2:d4:7c:90:fe:26:ac:e5:3a:45:60:85:dc:98:03:
                    12:98:f6:64:34:32:21:74:c7:87:d9:15:60:ad:44:
                    2d:01:eb:de:d9:e5:50:69:76:2e:c2:3b:41:a1:c4:
                    80:78:5a:5b:02:40:27:8a:74:f7:1f:3c:01:6c:54:
                    2b:38:61:e2:ab:fd:b4:29:86:22:2f:09:6a:66:2b:
                    e3:8d:d1:43:1f:4a:78:10:d1:37:37:71:84:10:b2:
                    fa:ed:54:3f:eb:30:2b:f5:55:0a:f7:75:2d:e0:ef:
                    00:b7:bf:2a:6b:e0:a1:e0:50:74:b9:9d:c3:02:14:
                    f3:5e:7b:8d:7e:75:7f:bd:f6:98:c7:26:78:2b:25:
                    c6:a1:2a:8d:f7:0d:50:b6:90:c3:92:b2:90:b6:1d:
                    4b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:70:60:C9:4B:A5:4F:4D:B4:EF:58:58:14:EC:C0:D6:E9:E1:C6:83
            X509v3 Authority Key Identifier:
                keyid:5A:AB:4A:28:FC:29:85:3D:D2:3C:76:BD:1E:2F:78:CE:99:99:A1:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/n3BgyUulT02071hYFOzA1unhxoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:d4:45:eb:d6:9e:b6:8c:6c:87:9b:69:8d:8b:58:5a:91:b2:
         1b:37:1c:ae:81:9f:84:dc:b4:6a:4e:00:f3:72:53:fc:3d:ce:
         5f:e6:49:91:4c:5c:40:73:09:0f:ff:e7:bd:93:48:c8:0b:6e:
         c8:93:e3:2e:20:7c:9c:1b:b4:be:31:a9:8c:03:01:a2:88:d6:
         a3:0c:41:f2:10:29:37:af:65:c6:26:e3:a8:a8:29:95:53:4b:
         ba:94:8e:83:da:26:b2:4c:c8:d8:b1:3d:2e:19:04:e5:81:ca:
         1b:fb:de:52:7c:3e:eb:28:26:e4:db:97:b1:23:48:3d:bb:59:
         fc:d2:a9:bf:6b:63:a7:0c:b6:54:86:da:ab:cc:81:9b:de:63:
         d3:d0:74:67:c4:aa:62:86:53:47:b6:a7:5a:16:cd:3a:ca:3b:
         0c:f1:5a:c6:0d:a1:c2:61:2f:15:9d:b2:ad:4b:f2:6f:00:a7:
         74:f3:68:e6:3a:39:8f:f0:9c:42:df:f5:37:30:d6:2f:2a:f9:
         03:c3:02:bc:08:3b:c3:e5:0b:5c:d2:3e:0f:a8:6e:a5:c7:a5:
         96:d2:4e:25:8e:1c:58:0c:98:38:6a:1b:1f:3d:27:86:4c:79:
         e9:6c:f7:d0:13:5c:fb:12:3a:74:37:cf:1a:c5:b0:b7:1c:56:
         fe:78:73:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkzsy6NIUxrPER/UUJsk7GJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYWI0YTI4ZmMyOTg1M2RkMjNjNzZiZDFlMmY3OGNlOTk5
OWExNWEwHhcNMjUwOTEwMTI1NjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjcwNjBjOTRiYTU0ZjRkYjRlZjU4NTgxNGVjYzBkNmU5ZTFjNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cC9qagsDHmAbLtreGq/2BExtnxy
pGDdMOWzZtAPZauZozK5sWMAIBsXKED8wLGY3aBAyOFzY42ctudkUOphWERT7VV4
wuJ7b71RMZ4sgj+laFC2tRz88ZO7ZnlKFMNgNXTj5+r6rHLi1HyQ/ias5TpFYIXc
mAMSmPZkNDIhdMeH2RVgrUQtAeve2eVQaXYuwjtBocSAeFpbAkAninT3HzwBbFQr
OGHiq/20KYYiLwlqZivjjdFDH0p4ENE3N3GEELL67VQ/6zAr9VUK93Ut4O8At78q
a+Ch4FB0uZ3DAhTzXnuNfnV/vfaYxyZ4KyXGoSqN9w1QtpDDkrKQth1LNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9wYMlLpU9NtO9YWBTswNbp4caDMB8GA1UdIwQY
MBaAFFqrSij8KYU90jx2vR4veM6ZmaFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3F0S0tQd3BoVDNTUEhhOUhpOTR6cG1ab1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xZmYwMDEtMjZkYS00YmVmLWIxZmIt
ODNjYWM0YjIyMjMzLzEvbjNCZ3lVdWxUMDIwNzFoWUZPekExdW5oeG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xZmYwMDEtMjZkYS00YmVmLWIxZmItODNjYWM0YjIyMjMz
LzEvV3F0S0tQd3BoVDNTUEhhOUhpOTR6cG1ab1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDw9bIMA0G
CSqGSIb3DQEBCwUAA4IBAQA+1EXr1p62jGyHm2mNi1hakbIbNxyugZ+E3LRqTgDz
clP8Pc5f5kmRTFxAcwkP/+e9k0jIC27Ik+MuIHycG7S+MamMAwGiiNajDEHyECk3
r2XGJuOoqCmVU0u6lI6D2iayTMjYsT0uGQTlgcob+95SfD7rKCbk25exI0g9u1n8
0qm/a2OnDLZUhtqrzIGb3mPT0HRnxKpihlNHtqdaFs06yjsM8VrGDaHCYS8VnbKt
S/JvAKd082jmOjmP8JxC3/U3MNYvKvkDwwK8CDvD5Qtc0j4PqG6lx6WW0k4ljhxY
DJg4ahsfPSeGTHnpbPfQE1z7Ejp0N88axbC3HFb+eHOB
-----END CERTIFICATE-----