Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/N1ZkxUhwPm2V59anvx5NXCf7CmM.roa
File:                     N1ZkxUhwPm2V59anvx5NXCf7CmM.roa (raw, json)
Hash identifier:          9Fwl8CDGvzJI6F3M9oMQd/b2VRMAR2xqbeSGtsUwU3U=
Subject key identifier:   37:56:64:C5:48:70:3E:6D:95:E7:D6:A7:BF:1E:4D:5C:27:FB:0A:63
Certificate issuer:       /CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
Certificate serial:       0199E70DB0AD1B26DD82393FF86E9602E9A0
Authority key identifier: 72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/N1ZkxUhwPm2V59anvx5NXCf7CmM.roa
Signing time:             Wed 15 Oct 2025 08:47:37 +0000
ROA not before:           Wed 15 Oct 2025 08:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1257
IP address blocks:        2a01:7ee0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:0d:b0:ad:1b:26:dd:82:39:3f:f8:6e:96:02:e9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
        Validity
            Not Before: Oct 15 08:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=375664c548703e6d95e7d6a7bf1e4d5c27fb0a63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b6:11:48:e8:48:bc:58:ff:87:b8:33:47:e7:
                    84:4d:4c:79:02:eb:47:f1:64:3c:dc:fb:30:b4:d2:
                    7c:b0:c7:44:56:2f:49:f7:44:e3:7e:33:34:b4:a9:
                    65:4b:91:af:d9:3a:6b:ab:43:d0:7d:e2:09:92:00:
                    74:27:c5:c4:b5:76:a6:e7:9d:b5:f1:09:85:2b:fb:
                    eb:61:0f:36:b0:2b:b6:65:ff:a1:ba:89:c1:f6:b0:
                    2a:69:84:15:d6:d4:1f:2c:10:30:dd:0e:f1:5b:5e:
                    d4:ea:8e:92:8d:ea:6d:63:4e:fd:55:0f:00:6c:36:
                    61:ea:2c:dc:ad:92:0c:db:b6:f8:24:4a:bc:57:7f:
                    a9:9d:12:09:19:64:b3:13:29:50:ce:e1:ce:75:fd:
                    df:8f:f8:5c:cb:6e:bc:dc:e0:b7:78:7c:77:ba:71:
                    eb:35:5a:bf:47:f9:43:32:17:23:36:c9:9b:6c:1e:
                    86:64:bb:08:8b:3d:7e:0e:76:ce:90:9f:5c:05:68:
                    0e:5e:59:c0:7b:45:09:cc:8f:68:f7:17:77:7d:11:
                    c3:4e:56:08:7e:d7:3c:57:6a:e3:39:60:6b:d6:60:
                    e4:34:95:3d:49:38:73:b1:ba:83:b2:97:da:19:83:
                    41:e4:44:8b:ca:89:6a:52:0d:fc:e1:33:51:15:32:
                    8b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:56:64:C5:48:70:3E:6D:95:E7:D6:A7:BF:1E:4D:5C:27:FB:0A:63
            X509v3 Authority Key Identifier:
                keyid:72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/N1ZkxUhwPm2V59anvx5NXCf7CmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7ee0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:32:14:24:f2:97:5e:f6:71:49:98:f8:ea:d2:da:00:87:58:
         b2:d5:c2:1f:33:90:e7:f0:80:34:70:bf:8e:88:66:42:44:a3:
         ba:31:c6:29:b7:a1:de:2a:2e:95:3a:02:55:38:d0:5c:50:1d:
         c4:49:4d:0c:ef:9b:95:9a:50:83:5b:7c:43:3d:22:d6:4a:93:
         62:dc:25:0a:08:39:79:ab:f2:ce:58:d1:5f:43:cc:53:6a:7a:
         5e:04:a0:6d:57:b2:65:c1:4a:30:cb:82:c4:fe:cd:99:6a:e4:
         54:ca:02:6f:76:94:82:42:e7:2e:28:29:99:64:96:ab:db:37:
         f5:cd:80:e2:c3:d4:22:6c:95:b2:65:91:32:d6:cc:08:eb:d6:
         64:0c:9d:39:30:59:75:a4:2d:6e:f8:d0:4c:fd:65:55:8a:59:
         16:ed:ec:da:4b:fb:78:51:7c:5f:19:54:a3:c1:f9:fd:1b:e9:
         b1:d3:72:01:c5:be:1c:c5:56:2d:84:5d:3d:cd:d4:96:71:a1:
         2d:ec:bb:ae:2f:97:4f:b1:69:ad:63:1a:87:0f:4a:73:72:e9:
         9d:6e:f9:96:10:02:7d:ad:1e:17:84:80:2e:8e:99:89:13:4d:
         a4:43:9e:57:16:8e:3a:e6:9e:c6:3b:ce:69:78:09:c8:b7:63:
         9c:48:06:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnnDbCtGybdgjk/+G6WAumgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmQ4M2Y1Mjc1YmQwOWU4ZDMzYjQyOTg4MWViMmY5NmI2
ZDlkZTEwHhcNMjUxMDE1MDg0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU2NjRjNTQ4NzAzZTZkOTVlN2Q2YTdiZjFlNGQ1YzI3ZmIwYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bYRSOhIvFj/h7gzR+eETUx5AutH
8WQ83PswtNJ8sMdEVi9J90TjfjM0tKllS5Gv2Tprq0PQfeIJkgB0J8XEtXam5521
8QmFK/vrYQ82sCu2Zf+huonB9rAqaYQV1tQfLBAw3Q7xW17U6o6SjeptY079VQ8A
bDZh6izcrZIM27b4JEq8V3+pnRIJGWSzEylQzuHOdf3fj/hcy2683OC3eHx3unHr
NVq/R/lDMhcjNsmbbB6GZLsIiz1+DnbOkJ9cBWgOXlnAe0UJzI9o9xd3fRHDTlYI
ftc8V2rjOWBr1mDkNJU9SThzsbqDspfaGYNB5ESLyolqUg384TNRFTKLfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdWZMVIcD5tlefWp78eTVwn+wpjMB8GA1UdIwQY
MBaAFHK9g/UnW9CejTO0KYgesvlrbZ3hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMt
MDA1ODc3ZGE4MDI2LzEvTjFaa3hVaHdQbTJWNTlhbnZ4NU5YQ2Y3Q21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMtMDA1ODc3ZGE4MDI2
LzEvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgF+4AAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6MhQk8pde9nFJmPjq0toAh1iy1cIfM5Dn8IA0
cL+OiGZCRKO6McYpt6HeKi6VOgJVONBcUB3ESU0M75uVmlCDW3xDPSLWSpNi3CUK
CDl5q/LOWNFfQ8xTanpeBKBtV7JlwUowy4LE/s2ZauRUygJvdpSCQucuKCmZZJar
2zf1zYDiw9QibJWyZZEy1swI69ZkDJ05MFl1pC1u+NBM/WVVilkW7ezaS/t4UXxf
GVSjwfn9G+mx03IBxb4cxVYthF09zdSWcaEt7LuuL5dPsWmtYxqHD0pzcumdbvmW
EAJ9rR4XhIAujpmJE02kQ55XFo465p7GO85peAnIt2OcSAYr
-----END CERTIFICATE-----