Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ns5aCpK2mY8rM9uZbSuedUTJkC0.roa
File:                     ns5aCpK2mY8rM9uZbSuedUTJkC0.roa (raw, json)
Hash identifier:          AXF3peTyLaUJ5CK75cCMox5bvZEo8alCH4pvnXkk7Ag=
Subject key identifier:   9E:CE:5A:0A:92:B6:99:8F:2B:33:DB:99:6D:2B:9E:75:44:C9:90:2D
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01997F9AEDEC928E9E271E10AEE4BC4DF047
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ns5aCpK2mY8rM9uZbSuedUTJkC0.roa
Signing time:             Thu 25 Sep 2025 06:41:23 +0000
ROA not before:           Thu 25 Sep 2025 06:41:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215691
IP address blocks:        212.134.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7f:9a:ed:ec:92:8e:9e:27:1e:10:ae:e4:bc:4d:f0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep 25 06:41:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ece5a0a92b6998f2b33db996d2b9e7544c9902d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:dd:6d:b8:26:0f:c5:b9:92:e7:64:e8:7a:47:
                    33:1c:3b:7a:10:df:84:65:4a:86:70:cd:04:fd:3c:
                    62:40:de:40:02:fe:d3:9d:ca:89:3c:79:eb:4a:a5:
                    f6:00:65:43:db:19:94:0a:77:40:5e:84:c8:64:30:
                    a5:5d:14:40:a7:2f:81:b7:a3:bb:f3:60:8f:f3:15:
                    eb:c3:3e:48:f7:61:f5:f5:c7:99:67:df:34:8b:6b:
                    6e:50:6c:2c:af:f5:41:fb:19:c5:7f:d3:f0:ed:af:
                    18:a8:55:c1:f0:a5:6a:90:fb:99:f9:a0:f1:fd:d1:
                    89:92:f7:c6:1f:31:b6:f7:12:b1:4b:00:39:e8:c1:
                    9a:4b:65:77:d6:b4:b5:df:6e:cc:5b:7c:41:7b:14:
                    51:d6:dd:d9:53:fc:82:7c:63:92:6f:cb:e0:c0:02:
                    36:f3:bc:81:31:95:4e:f9:f2:f2:77:03:3d:00:00:
                    c0:fc:9d:a4:78:98:58:8d:bb:11:79:e1:94:be:e7:
                    d7:14:40:eb:24:58:95:47:4a:e8:49:99:1b:07:94:
                    0e:91:b1:5c:5f:a6:a5:d4:3d:b3:d9:9a:61:28:99:
                    d3:8b:c7:ef:ad:5b:e7:07:b2:66:8e:8d:26:8b:db:
                    8c:59:ec:86:7e:86:d8:58:4d:44:0b:8c:67:d3:d3:
                    21:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:CE:5A:0A:92:B6:99:8F:2B:33:DB:99:6D:2B:9E:75:44:C9:90:2D
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/ns5aCpK2mY8rM9uZbSuedUTJkC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d5:2f:82:df:7c:90:e7:77:b0:94:ac:f8:bb:65:bc:27:70:
         49:3d:c0:7b:d8:01:2c:98:de:bd:25:f1:eb:b8:85:c2:4c:1a:
         71:3c:40:62:25:f0:cc:a0:ab:bb:bd:b1:24:e7:60:83:4a:f6:
         36:e7:24:f5:bd:62:8e:b1:c6:cc:22:bf:ba:09:a8:95:73:e9:
         cd:bf:4b:0e:e5:b1:93:c4:aa:9b:3f:c6:dc:56:03:f8:b5:21:
         44:35:80:d6:b3:19:bf:cf:a0:fc:d2:8d:a4:4b:c7:bb:e7:3f:
         bb:c6:01:fb:fc:97:3c:eb:07:38:55:a4:38:b6:18:e2:52:98:
         bf:f4:42:cd:1c:09:3d:f9:f5:4c:e3:bb:e4:17:49:cc:92:64:
         37:6c:74:88:1d:3f:12:3c:18:ba:81:1c:77:0b:02:46:5f:cb:
         a4:29:ab:f8:d3:f0:38:f6:72:fb:9f:07:37:d7:37:c0:35:88:
         d2:ab:c3:78:6e:3d:6b:db:fe:35:3c:d2:f4:93:b5:2e:7f:3e:
         8b:c7:e5:24:ce:b8:ad:6e:a5:bd:58:3d:66:7e:f4:6b:ef:7f:
         98:77:f0:33:81:51:29:ef:35:01:74:7c:a8:f1:14:5a:96:8e:
         46:0f:85:81:ef:25:3d:23:a6:b9:e0:69:96:75:11:d1:69:41:
         5c:55:1e:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl/mu3sko6eJx4QruS8TfBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTI1MDY0MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWNlNWEwYTkyYjY5OThmMmIzM2RiOTk2ZDJiOWU3NTQ0Yzk5MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3t1tuCYPxbmS52ToekczHDt6EN+E
ZUqGcM0E/TxiQN5AAv7TncqJPHnrSqX2AGVD2xmUCndAXoTIZDClXRRApy+Bt6O7
82CP8xXrwz5I92H19ceZZ980i2tuUGwsr/VB+xnFf9Pw7a8YqFXB8KVqkPuZ+aDx
/dGJkvfGHzG29xKxSwA56MGaS2V31rS1327MW3xBexRR1t3ZU/yCfGOSb8vgwAI2
87yBMZVO+fLydwM9AADA/J2keJhYjbsReeGUvufXFEDrJFiVR0roSZkbB5QOkbFc
X6al1D2z2ZphKJnTi8fvrVvnB7Jmjo0mi9uMWeyGfobYWE1EC4xn09MhTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7OWgqStpmPKzPbmW0rnnVEyZAtMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvbnM1YUNwSzJtWThyTTl1WmJTdWVkVVRKa0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IZUMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ1S+C33yQ53ewlKz4u2W8J3BJPcB72AEsmN69JfHr
uIXCTBpxPEBiJfDMoKu7vbEk52CDSvY25yT1vWKOscbMIr+6CaiVc+nNv0sO5bGT
xKqbP8bcVgP4tSFENYDWsxm/z6D80o2kS8e75z+7xgH7/Jc86wc4VaQ4thjiUpi/
9ELNHAk9+fVM47vkF0nMkmQ3bHSIHT8SPBi6gRx3CwJGX8ukKav40/A49nL7nwc3
1zfANYjSq8N4bj1r2/41PNL0k7Uufz6Lx+UkzritbqW9WD1mfvRr73+Yd/AzgVEp
7zUBdHyo8RRalo5GD4WB7yU9I6a54GmWdRHRaUFcVR5p
-----END CERTIFICATE-----