Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/NgIKF8jcDLCHN3aJD8aULMWPG30.roa
File:                     NgIKF8jcDLCHN3aJD8aULMWPG30.roa (raw, json)
Hash identifier:          9imCN3WetXg8Q1ELNvwqDIt+zXYLct6tp7egk/4AdG8=
Subject key identifier:   36:02:0A:17:C8:DC:0C:B0:87:37:76:89:0F:C6:94:2C:C5:8F:1B:7D
Certificate issuer:       /CN=4c33c0e14d57eabc3b65e38a7736bebe49092e9e
Certificate serial:       0198D27649E2237CE827D31A70BF31207D0F
Authority key identifier: 4C:33:C0:E1:4D:57:EA:BC:3B:65:E3:8A:77:36:BE:BE:49:09:2E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/NgIKF8jcDLCHN3aJD8aULMWPG30.roa
Signing time:             Fri 22 Aug 2025 15:47:04 +0000
ROA not before:           Fri 22 Aug 2025 15:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213200
IP address blocks:        2a12:89c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:76:49:e2:23:7c:e8:27:d3:1a:70:bf:31:20:7d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c33c0e14d57eabc3b65e38a7736bebe49092e9e
        Validity
            Not Before: Aug 22 15:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36020a17c8dc0cb0873776890fc6942cc58f1b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:29:36:1a:cf:c5:96:f3:f8:96:a8:7d:2b:cb:
                    7b:3d:28:0d:d5:97:9e:f2:1e:32:61:56:12:0c:ec:
                    5a:06:72:7a:9c:bf:59:8a:4a:30:e3:19:13:cf:41:
                    8f:13:ab:a7:13:4f:06:07:11:77:7e:02:f0:4f:f3:
                    0c:83:82:02:42:74:08:0e:93:42:e2:ab:bc:5d:12:
                    be:a0:ef:04:a2:7f:67:9f:de:1f:6e:1c:27:1f:13:
                    88:17:58:44:8d:84:41:7b:0e:7d:43:d6:d6:4e:35:
                    24:d0:a7:6f:2c:71:c5:21:a6:62:59:a3:7e:a2:47:
                    cf:5b:5c:a8:5d:a4:ec:ae:36:08:5f:16:82:a9:4c:
                    eb:1a:66:22:36:5f:12:e7:95:6b:c2:21:c4:e3:3e:
                    e8:fa:4d:79:61:74:e1:75:2a:21:7e:d9:af:02:40:
                    ad:6a:ab:7e:98:84:8c:4a:ff:5c:be:57:a4:7a:6d:
                    7b:b9:75:d7:20:f6:e1:25:94:8d:8e:c6:21:ba:c6:
                    d2:bd:e2:fb:2f:77:b2:d3:c0:66:c1:18:ee:a4:fa:
                    02:18:11:93:0d:7f:91:75:cc:f7:43:0f:29:13:5a:
                    af:26:fb:84:60:86:7f:8a:45:a9:87:42:f8:a5:48:
                    e8:1b:2c:83:16:de:93:d6:be:2d:86:5b:81:c3:0c:
                    e5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:02:0A:17:C8:DC:0C:B0:87:37:76:89:0F:C6:94:2C:C5:8F:1B:7D
            X509v3 Authority Key Identifier:
                keyid:4C:33:C0:E1:4D:57:EA:BC:3B:65:E3:8A:77:36:BE:BE:49:09:2E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/NgIKF8jcDLCHN3aJD8aULMWPG30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:3c:62:f4:b8:0a:b4:0d:5a:0d:b1:f7:d5:54:04:4e:1f:7b:
         1d:45:9b:f6:c7:77:35:d5:f4:e8:c6:89:f2:de:01:78:3c:50:
         31:c8:51:31:0c:bb:8a:c0:6d:2d:1d:9a:a5:1f:2a:ae:99:94:
         6b:26:b1:f3:85:a8:0e:96:8b:36:db:e1:65:dc:47:88:20:8e:
         7e:f6:8d:61:e8:24:2a:cc:2c:87:24:b4:db:44:39:3a:cd:ab:
         62:ff:83:2c:5a:62:b2:98:43:b6:f2:95:99:93:07:73:60:c9:
         e8:68:43:68:67:fc:2d:fc:fd:cc:c2:39:1a:b7:36:cc:2c:03:
         4f:73:1a:05:c6:42:f4:a0:c9:bc:71:51:a1:b7:01:9b:cc:fc:
         7a:9a:5e:29:a0:ea:e0:5e:7c:da:ec:b0:e7:fc:7b:dd:9c:b4:
         2e:1a:b5:40:96:5d:78:a7:41:e2:ec:7d:66:ed:4a:68:2f:57:
         21:b8:46:5e:58:64:41:26:2d:ac:98:24:04:08:7b:38:54:4e:
         df:2e:c3:6c:c0:61:40:e1:73:5d:21:e6:8d:bd:72:45:9c:03:
         db:14:7c:9e:6f:59:2c:7d:3a:48:92:01:56:62:4e:83:6b:8a:
         b1:3c:47:18:a7:fd:3e:5e:4c:98:86:b4:df:6c:70:60:f7:91:
         ea:8f:7e:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZjSdkniI3zoJ9MacL8xIH0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzNjMGUxNGQ1N2VhYmMzYjY1ZTM4YTc3MzZiZWJlNDkw
OTJlOWUwHhcNMjUwODIyMTU0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjAyMGExN2M4ZGMwY2IwODczNzc2ODkwZmM2OTQyY2M1OGYxYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Sk2Gs/FlvP4lqh9K8t7PSgN1Zee
8h4yYVYSDOxaBnJ6nL9Zikow4xkTz0GPE6unE08GBxF3fgLwT/MMg4ICQnQIDpNC
4qu8XRK+oO8Eon9nn94fbhwnHxOIF1hEjYRBew59Q9bWTjUk0KdvLHHFIaZiWaN+
okfPW1yoXaTsrjYIXxaCqUzrGmYiNl8S55VrwiHE4z7o+k15YXThdSohftmvAkCt
aqt+mISMSv9cvlekem17uXXXIPbhJZSNjsYhusbSveL7L3ey08BmwRjupPoCGBGT
DX+Rdcz3Qw8pE1qvJvuEYIZ/ikWph0L4pUjoGyyDFt6T1r4thluBwwzllQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDYCChfI3Aywhzd2iQ/GlCzFjxt9MB8GA1UdIwQY
MBaAFEwzwOFNV+q8O2Xjinc2vr5JCS6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERQQTRVMVg2cnc3WmVPS2R6YS12a2tKTHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jNzJhYmUtMzJkYy00ZjE4LTkwNWYt
YzFmZjA1NmZjNzZmLzEvTmdJS0Y4amNETENITjNhSkQ4YVVMTVdQRzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jNzJhYmUtMzJkYy00ZjE4LTkwNWYtYzFmZjA1NmZjNzZm
LzEvVERQQTRVMVg2cnc3WmVPS2R6YS12a2tKTHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKJwDAN
BgkqhkiG9w0BAQsFAAOCAQEAYzxi9LgKtA1aDbH31VQETh97HUWb9sd3NdX06MaJ
8t4BeDxQMchRMQy7isBtLR2apR8qrpmUayax84WoDpaLNtvhZdxHiCCOfvaNYegk
KswshyS020Q5Os2rYv+DLFpisphDtvKVmZMHc2DJ6GhDaGf8Lfz9zMI5Grc2zCwD
T3MaBcZC9KDJvHFRobcBm8z8eppeKaDq4F582uyw5/x73Zy0Lhq1QJZdeKdB4ux9
Zu1KaC9XIbhGXlhkQSYtrJgkBAh7OFRO3y7DbMBhQOFzXSHmjb1yRZwD2xR8nm9Z
LH06SJIBVmJOg2uKsTxHGKf9Pl5MmIa032xwYPeR6o9+eg==
-----END CERTIFICATE-----