Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/nGeZMPiJHuxTp5r7-LPyVgsD0PU.roa
File:                     nGeZMPiJHuxTp5r7-LPyVgsD0PU.roa (raw, json)
Hash identifier:          l7oDkA0XjfZYSaNEYHxPZ+fCmO92nea2c0B83OBtIh0=
Subject key identifier:   9C:67:99:30:F8:89:1E:EC:53:A7:9A:FB:F8:B3:F2:56:0B:03:D0:F5
Certificate issuer:       /CN=14a3de4b7e66c87cf9c33e008a02d1a46e3fc766
Certificate serial:       0196876C6653D12B94D202F6A979D3E9FF2F
Authority key identifier: 14:A3:DE:4B:7E:66:C8:7C:F9:C3:3E:00:8A:02:D1:A4:6E:3F:C7:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/nGeZMPiJHuxTp5r7-LPyVgsD0PU.roa
Signing time:             Wed 30 Apr 2025 15:59:10 +0000
ROA not before:           Wed 30 Apr 2025 15:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198515
IP address blocks:        2a0d:70c0::/29 maxlen: 29
                          2a0d:70c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:6c:66:53:d1:2b:94:d2:02:f6:a9:79:d3:e9:ff:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a3de4b7e66c87cf9c33e008a02d1a46e3fc766
        Validity
            Not Before: Apr 30 15:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c679930f8891eec53a79afbf8b3f2560b03d0f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:de:34:93:ff:27:46:40:5a:0c:21:22:c9:cc:
                    73:f8:68:f9:b1:10:83:93:99:a8:c4:93:ba:e8:a0:
                    82:ed:21:f9:43:3f:d1:bd:3d:3f:82:eb:81:bf:03:
                    5f:dd:03:e1:b7:30:23:27:b8:55:01:5a:a8:bd:e1:
                    7b:54:a5:38:8e:5a:3f:57:ba:be:d8:a5:26:8b:41:
                    26:42:d6:27:af:9b:4c:7e:98:bb:36:fe:b0:6b:af:
                    fa:e5:c7:2d:dd:6f:91:ea:61:0d:c2:7f:54:0d:7c:
                    ec:c1:f0:b2:f9:c4:ba:07:d3:2e:80:c0:b1:69:8f:
                    a6:6c:b4:e4:ed:30:4d:9a:a4:99:c1:68:20:19:8c:
                    6d:8c:d3:3e:67:78:82:14:e8:74:19:92:99:2a:83:
                    b0:c6:75:d2:ba:9f:f1:9f:8b:9b:be:83:48:86:0b:
                    56:ea:89:7c:e0:cb:f6:7f:b1:29:b9:74:33:53:d3:
                    e9:9a:94:85:97:a9:e3:23:92:bf:ba:44:56:bf:a5:
                    47:c8:e4:9d:c6:18:10:cb:54:e8:71:83:05:ce:f6:
                    85:01:95:74:93:6f:ac:97:99:b6:b2:c0:e9:73:7b:
                    78:9a:21:11:af:ee:e0:c5:29:99:d9:7e:81:5e:9c:
                    4f:fe:16:89:96:ec:ba:e4:4d:52:25:69:e1:da:87:
                    3e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:67:99:30:F8:89:1E:EC:53:A7:9A:FB:F8:B3:F2:56:0B:03:D0:F5
            X509v3 Authority Key Identifier:
                keyid:14:A3:DE:4B:7E:66:C8:7C:F9:C3:3E:00:8A:02:D1:A4:6E:3F:C7:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/nGeZMPiJHuxTp5r7-LPyVgsD0PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:70c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:a3:33:61:b8:77:a6:6a:47:8a:80:76:25:a3:48:96:f5:36:
         f2:c6:b8:a0:17:d4:c8:5c:9e:bb:29:02:1f:d1:bd:5f:b1:bc:
         f7:7b:d1:83:79:7a:3b:bf:d3:55:18:46:d2:1b:43:ea:b4:40:
         b5:c0:fd:ed:34:8c:6b:fb:d0:1c:1b:65:14:b3:1d:25:e1:04:
         15:72:f0:d5:41:7d:7f:b3:c8:aa:1b:c6:d6:00:6a:5c:d7:5e:
         6b:31:44:58:23:49:35:01:95:05:de:d4:31:99:51:74:98:c8:
         f2:af:a2:39:8c:fc:ba:ae:0c:68:63:da:b7:4f:90:be:a7:3c:
         ad:21:66:d3:92:96:ac:28:2f:90:2f:31:f4:91:3d:0f:25:1c:
         cb:f8:1d:93:8c:6d:66:6b:bb:bb:c9:4c:29:3b:3c:52:11:a4:
         21:b9:4d:cb:c9:9b:fd:07:93:9a:d6:a7:5c:ad:fd:92:0d:29:
         d6:87:69:fe:8a:98:36:cd:5c:51:90:99:03:37:f7:c7:b9:2a:
         4d:ad:d5:96:52:f1:07:c0:59:1b:5f:0b:a1:0e:49:36:f4:b8:
         c9:e5:37:df:21:f2:31:2d:0d:f7:b7:e8:13:7a:8d:dc:25:b8:
         b9:be:69:f7:8e:7d:20:6f:5c:14:3b:bc:f6:4a:f0:0c:91:6c:
         35:13:34:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaHbGZT0SuU0gL2qXnT6f8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTNkZTRiN2U2NmM4N2NmOWMzM2UwMDhhMDJkMWE0NmUz
ZmM3NjYwHhcNMjUwNDMwMTU1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY3OTkzMGY4ODkxZWVjNTNhNzlhZmJmOGIzZjI1NjBiMDNkMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN40k/8nRkBaDCEiycxz+Gj5sRCD
k5moxJO66KCC7SH5Qz/RvT0/guuBvwNf3QPhtzAjJ7hVAVqoveF7VKU4jlo/V7q+
2KUmi0EmQtYnr5tMfpi7Nv6wa6/65cct3W+R6mENwn9UDXzswfCy+cS6B9MugMCx
aY+mbLTk7TBNmqSZwWggGYxtjNM+Z3iCFOh0GZKZKoOwxnXSup/xn4ubvoNIhgtW
6ol84Mv2f7EpuXQzU9PpmpSFl6njI5K/ukRWv6VHyOSdxhgQy1TocYMFzvaFAZV0
k2+sl5m2ssDpc3t4miERr+7gxSmZ2X6BXpxP/haJluy65E1SJWnh2oc+JQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJxnmTD4iR7sU6ea+/iz8lYLA9D1MB8GA1UdIwQY
MBaAFBSj3kt+Zsh8+cM+AIoC0aRuP8dmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRktQZVMzNW15SHo1d3o0QWlnTFJwRzRfeDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8wYjU1NmItZWQyMi00NDUzLTkyNWQt
NWRiYjM2ZjdhMDMzLzEvbkdlWk1QaUpIdXhUcDVyNy1MUHlWZ3NEMFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8wYjU1NmItZWQyMi00NDUzLTkyNWQtNWRiYjM2ZjdhMDMz
LzEvRktQZVMzNW15SHo1d3o0QWlnTFJwRzRfeDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1wwDAN
BgkqhkiG9w0BAQsFAAOCAQEAyKMzYbh3pmpHioB2JaNIlvU28sa4oBfUyFyeuykC
H9G9X7G893vRg3l6O7/TVRhG0htD6rRAtcD97TSMa/vQHBtlFLMdJeEEFXLw1UF9
f7PIqhvG1gBqXNdeazFEWCNJNQGVBd7UMZlRdJjI8q+iOYz8uq4MaGPat0+Qvqc8
rSFm05KWrCgvkC8x9JE9DyUcy/gdk4xtZmu7u8lMKTs8UhGkIblNy8mb/QeTmtan
XK39kg0p1odp/oqYNs1cUZCZAzf3x7kqTa3VllLxB8BZG18LoQ5JNvS4yeU33yHy
MS0N97foE3qN3CW4ub5p9459IG9cFDu89krwDJFsNRM0lw==
-----END CERTIFICATE-----