Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NxOAGrTxofYBFKIpjjp74BEE4ck.roa
File:                     NxOAGrTxofYBFKIpjjp74BEE4ck.roa (raw, json)
Hash identifier:          czQx6WXfZ8CdpvYil+i0WrvTtgukRGCx1yKLUOoXK04=
Subject key identifier:   37:13:80:1A:B4:F1:A1:F6:01:14:A2:29:8E:3A:7B:E0:11:04:E1:C9
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019691A40FA606CD99354C4659409E4D690B
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NxOAGrTxofYBFKIpjjp74BEE4ck.roa
Signing time:             Fri 02 May 2025 15:36:10 +0000
ROA not before:           Fri 02 May 2025 15:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:ecc0:f:dead::/64 maxlen: 128
                          2a01:ecc0:2c0::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:a4:0f:a6:06:cd:99:35:4c:46:59:40:9e:4d:69:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: May  2 15:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3713801ab4f1a1f60114a2298e3a7be01104e1c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:37:4c:6c:03:e5:5c:a7:5b:5b:10:38:76:0a:
                    13:20:2c:89:5d:03:53:99:80:de:eb:08:6b:64:40:
                    83:e1:31:9b:fe:3a:47:b7:ce:a8:c6:a0:0d:32:55:
                    44:b3:81:0d:af:fe:fe:ba:f3:a7:bb:39:4a:98:b4:
                    41:76:d5:32:1b:55:c5:47:3c:e9:04:0b:d3:76:b0:
                    53:10:33:71:50:b0:82:bd:17:2a:c5:cd:7b:37:60:
                    34:03:3a:bb:ec:a6:45:c5:ae:5c:b1:7f:bd:77:a0:
                    19:8f:ce:e4:57:64:c3:49:4f:6b:31:ad:c0:60:4d:
                    c4:7f:e9:32:5a:76:29:c6:19:6a:04:aa:09:de:77:
                    6d:55:c0:30:e2:23:25:47:d4:6c:70:94:dd:f2:a3:
                    63:44:b5:76:a6:cf:da:c3:97:54:bd:36:27:aa:f1:
                    42:92:7a:36:78:4e:57:c5:44:1c:ea:ac:d6:89:8f:
                    e5:bd:5a:87:d8:4b:34:1e:09:5c:13:cd:fd:36:ce:
                    05:57:01:d0:6b:e6:80:55:c9:72:17:00:c3:b4:fa:
                    30:b3:d0:24:d1:3c:5c:e1:4d:ba:73:d9:b4:1a:5a:
                    e4:ee:a9:fe:d9:09:85:89:64:76:99:60:18:04:d8:
                    7a:14:d2:4e:2e:a9:8b:f7:00:2d:69:4a:bb:5c:d5:
                    05:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:13:80:1A:B4:F1:A1:F6:01:14:A2:29:8E:3A:7B:E0:11:04:E1:C9
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/NxOAGrTxofYBFKIpjjp74BEE4ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:f:dead::/64
                  2a01:ecc0:2c0::/64

    Signature Algorithm: sha256WithRSAEncryption
         a3:cd:f1:60:64:61:ef:a1:2f:18:3c:5d:5d:a3:31:9f:9b:3d:
         28:98:2d:64:71:27:a1:35:e4:df:33:b1:e5:a2:12:72:4f:4f:
         05:a6:68:12:39:cf:6d:70:13:09:02:15:0f:33:e2:ee:bf:2b:
         88:84:c4:dd:18:4f:d2:77:8a:c2:cd:9c:8e:4e:ad:fc:2c:ce:
         75:f6:22:f5:94:55:b5:a3:6e:21:9e:b3:d4:32:29:d4:f6:0e:
         23:f6:15:0f:8a:53:78:89:45:a1:e1:91:11:0a:02:60:d2:45:
         b7:4a:43:2e:f8:e4:6b:3d:6f:ad:ab:22:ce:13:cc:2a:a2:97:
         db:6c:9c:39:d4:d1:2a:4e:e8:d0:a6:06:71:21:09:64:74:cc:
         d1:55:68:d1:94:bf:07:07:68:d5:39:0a:17:a8:e9:ed:ab:e0:
         7f:da:46:88:23:49:4f:86:16:92:14:6b:4d:e5:66:98:cb:f7:
         c2:e7:b8:58:c1:ff:65:61:9f:7b:8f:9a:95:e6:8c:ed:6f:7e:
         1f:79:18:c4:89:d6:30:63:aa:dc:ec:31:b6:7c:01:07:1f:2a:
         46:7b:ab:cb:de:a7:3d:3b:93:77:b3:fc:29:6f:f3:6c:47:46:
         4a:2c:87:09:3e:90:4d:44:c8:d2:5b:ac:49:11:53:cb:09:01:
         a6:75:bd:87
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZaRpA+mBs2ZNUxGWUCeTWkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwNTAyMTUzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzEzODAxYWI0ZjFhMWY2MDExNGEyMjk4ZTNhN2JlMDExMDRlMWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTdMbAPlXKdbWxA4dgoTICyJXQNT
mYDe6whrZECD4TGb/jpHt86oxqANMlVEs4ENr/7+uvOnuzlKmLRBdtUyG1XFRzzp
BAvTdrBTEDNxULCCvRcqxc17N2A0Azq77KZFxa5csX+9d6AZj87kV2TDSU9rMa3A
YE3Ef+kyWnYpxhlqBKoJ3ndtVcAw4iMlR9RscJTd8qNjRLV2ps/aw5dUvTYnqvFC
kno2eE5XxUQc6qzWiY/lvVqH2Es0HglcE839Ns4FVwHQa+aAVclyFwDDtPows9Ak
0Txc4U26c9m0Glrk7qn+2QmFiWR2mWAYBNh6FNJOLqmL9wAtaUq7XNUFuQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDcTgBq08aH2ARSiKY46e+ARBOHJMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvTnhPQUdyVHhvZllCRktJcGpqcDc0QkVFNGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAcBAIAAjAWAwkAKgHswAAP
3q0DCQAqAezAAsAAADANBgkqhkiG9w0BAQsFAAOCAQEAo83xYGRh76EvGDxdXaMx
n5s9KJgtZHEnoTXk3zOx5aISck9PBaZoEjnPbXATCQIVDzPi7r8riITE3RhP0neK
ws2cjk6t/CzOdfYi9ZRVtaNuIZ6z1DIp1PYOI/YVD4pTeIlFoeGREQoCYNJFt0pD
Lvjkaz1vrasizhPMKqKX22ycOdTRKk7o0KYGcSEJZHTM0VVo0ZS/Bwdo1TkKF6jp
7avgf9pGiCNJT4YWkhRrTeVmmMv3wue4WMH/ZWGfe4+aleaM7W9+H3kYxInWMGOq
3OwxtnwBBx8qRnury96nPTuTd7P8KW/zbEdGSiyHCT6QTUTI0lusSRFTywkBpnW9
hw==
-----END CERTIFICATE-----