Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/prmNkNLNXxPUBZ53bykbtYiFoko.roa
File:                     prmNkNLNXxPUBZ53bykbtYiFoko.roa (raw, json)
Hash identifier:          hBOLiexHlZdG3wt6SL4MOVEN8AgHHkXNkc6zKLyvdD0=
Subject key identifier:   A6:B9:8D:90:D2:CD:5F:13:D4:05:9E:77:6F:29:1B:B5:88:85:A2:4A
Certificate issuer:       /CN=47b80caa97c13147d680c80976f8a4b15cade04f
Certificate serial:       01977D40F29CBD31CDAA3AADF58144A87D3B
Authority key identifier: 47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/prmNkNLNXxPUBZ53bykbtYiFoko.roa
Signing time:             Tue 17 Jun 2025 09:38:17 +0000
ROA not before:           Tue 17 Jun 2025 09:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        2a07:5dc0::/29 maxlen: 29
                          2a0c:f500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:40:f2:9c:bd:31:cd:aa:3a:ad:f5:81:44:a8:7d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47b80caa97c13147d680c80976f8a4b15cade04f
        Validity
            Not Before: Jun 17 09:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6b98d90d2cd5f13d4059e776f291bb58885a24a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:f3:22:18:3c:99:68:bd:09:a4:c0:d1:1f:
                    c7:7e:ca:4f:c0:f5:4d:de:c2:fd:01:c7:64:4a:1c:
                    4e:1e:7f:22:c2:96:93:f3:1b:ac:82:fd:81:29:f2:
                    f8:04:b3:9a:4f:75:de:0f:a5:5a:6e:29:d5:f6:04:
                    ba:0f:63:9a:17:d9:27:73:4a:d4:f9:f8:c5:f5:fa:
                    2b:be:07:d6:05:4e:32:c5:5b:4a:e4:a1:c9:92:d6:
                    59:9b:cb:fc:f6:55:d2:90:ce:c0:22:27:26:ac:6b:
                    0b:58:25:5f:5b:65:8c:54:ec:58:34:df:46:f4:f4:
                    ba:90:00:63:d0:2b:89:4f:dc:94:1e:c0:e1:d3:69:
                    2e:95:93:d1:a2:aa:30:ef:e2:20:d7:6c:56:a2:a9:
                    b0:7c:b4:9f:cd:18:5f:70:f8:ca:72:7d:7a:3d:46:
                    80:f1:ce:18:a8:04:c7:6a:ff:a3:ee:33:df:c8:11:
                    09:d1:58:01:9e:36:59:e7:5f:1f:3d:1d:e4:78:6e:
                    88:f1:7c:f1:c1:e4:43:33:3c:2f:0a:57:73:35:b7:
                    2b:7e:8b:85:ee:a6:30:35:78:86:35:e2:4e:0d:a7:
                    c7:d2:db:b6:92:4b:50:d0:e1:7f:65:8e:62:90:8e:
                    fa:26:c0:ad:50:a8:fd:de:e5:be:44:1a:94:00:ab:
                    f6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B9:8D:90:D2:CD:5F:13:D4:05:9E:77:6F:29:1B:B5:88:85:A2:4A
            X509v3 Authority Key Identifier:
                keyid:47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/prmNkNLNXxPUBZ53bykbtYiFoko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:5dc0::/29
                  2a0c:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:26:b8:38:33:21:74:52:e5:28:f8:30:df:dc:ef:64:15:de:
         35:8f:04:92:1a:79:2d:28:89:70:94:a8:51:86:96:ca:12:f4:
         48:4b:7f:f1:49:97:86:02:61:53:bf:2a:d6:ec:9d:e3:86:36:
         88:1b:7f:61:e9:ca:4e:f4:34:b1:61:ee:ce:43:69:47:82:cf:
         2c:54:c5:82:a9:ed:1a:12:f2:6c:41:94:80:bc:27:d3:8f:19:
         dc:52:0c:92:4a:ce:23:de:34:f3:95:a7:81:55:fd:56:98:47:
         4e:3c:5f:58:7b:53:b9:ed:12:98:a9:d9:cc:22:2c:95:64:77:
         2b:57:1c:76:99:d7:1a:04:cf:d8:03:29:08:d6:ee:8e:41:54:
         af:40:6e:9f:94:02:ec:da:13:ec:c0:57:64:cb:a9:f1:49:f5:
         4f:f9:21:aa:c0:3c:96:d3:dd:fb:b6:81:55:3e:be:a0:7e:5a:
         08:9c:14:55:d3:cd:be:78:90:d1:6a:a7:d4:44:21:71:bf:40:
         1c:aa:29:20:12:16:3d:1e:84:38:a6:c6:90:f9:9d:42:4c:93:
         9e:c3:5f:c9:5c:a0:cc:4e:42:38:cd:d1:de:ec:6f:d2:5a:d6:
         a9:32:4e:22:05:a4:e0:40:ea:38:76:ce:7a:c9:36:39:37:e6:
         42:d5:14:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZd9QPKcvTHNqjqt9YFEqH07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YjgwY2FhOTdjMTMxNDdkNjgwYzgwOTc2ZjhhNGIxNWNh
ZGUwNGYwHhcNMjUwNjE3MDkzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI5OGQ5MGQyY2Q1ZjEzZDQwNTllNzc2ZjI5MWJiNTg4ODVhMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwvzIhg8mWi9CaTA0R/HfspPwPVN
3sL9AcdkShxOHn8iwpaT8xusgv2BKfL4BLOaT3XeD6VabinV9gS6D2OaF9knc0rU
+fjF9forvgfWBU4yxVtK5KHJktZZm8v89lXSkM7AIicmrGsLWCVfW2WMVOxYNN9G
9PS6kABj0CuJT9yUHsDh02kulZPRoqow7+Ig12xWoqmwfLSfzRhfcPjKcn16PUaA
8c4YqATHav+j7jPfyBEJ0VgBnjZZ518fPR3keG6I8XzxweRDMzwvCldzNbcrfouF
7qYwNXiGNeJODafH0tu2kktQ0OF/ZY5ikI76JsCtUKj93uW+RBqUAKv2wQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKa5jZDSzV8T1AWed28pG7WIhaJKMB8GA1UdIwQY
MBaAFEe4DKqXwTFH1oDICXb4pLFcreBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAt
MTBlMjRlOWQwZmE3LzEvcHJtTmtOTE5YeFBVQlo1M2J5a2J0WWlGb2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAtMTBlMjRlOWQwZmE3
LzEvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgddwAMF
AyoM9QAwDQYJKoZIhvcNAQELBQADggEBAAsmuDgzIXRS5Sj4MN/c72QV3jWPBJIa
eS0oiXCUqFGGlsoS9EhLf/FJl4YCYVO/KtbsneOGNogbf2Hpyk70NLFh7s5DaUeC
zyxUxYKp7RoS8mxBlIC8J9OPGdxSDJJKziPeNPOVp4FV/VaYR048X1h7U7ntEpip
2cwiLJVkdytXHHaZ1xoEz9gDKQjW7o5BVK9Abp+UAuzaE+zAV2TLqfFJ9U/5IarA
PJbT3fu2gVU+vqB+WgicFFXTzb54kNFqp9REIXG/QByqKSASFj0ehDimxpD5nUJM
k57DX8lcoMxOQjjN0d7sb9Ja1qkyTiIFpOBA6jh2znrJNjk35kLVFKs=
-----END CERTIFICATE-----