Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/nvafS3Xex0niyMkHQH02Uhvk-x0.roa
File:                     nvafS3Xex0niyMkHQH02Uhvk-x0.roa (raw, json)
Hash identifier:          iu++9o654AyM9gCXyG66N1SbfpnxCSghaH87DI0d5l8=
Subject key identifier:   9E:F6:9F:4B:75:DE:C7:49:E2:C8:C9:07:40:7D:36:52:1B:E4:FB:1D
Certificate issuer:       /CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
Certificate serial:       0197C745FE7592FA6CA1B99570B774F73C46
Authority key identifier: 71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/nvafS3Xex0niyMkHQH02Uhvk-x0.roa
Signing time:             Tue 01 Jul 2025 18:35:42 +0000
ROA not before:           Tue 01 Jul 2025 18:35:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47164
IP address blocks:        78.41.59.0/24 maxlen: 24
                          103.152.1.0/24 maxlen: 24
                          2a14:4580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:45:fe:75:92:fa:6c:a1:b9:95:70:b7:74:f7:3c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
        Validity
            Not Before: Jul  1 18:35:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ef69f4b75dec749e2c8c907407d36521be4fb1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0b:78:cc:da:34:f6:83:3f:24:f6:d5:d6:02:
                    ee:53:14:a5:3e:b3:c8:a8:c1:aa:74:74:c6:7e:c3:
                    73:67:3c:a6:ba:f1:5b:04:91:6d:01:1d:ad:f7:b0:
                    dc:3e:0c:ea:24:9d:b3:d3:c2:b8:5b:d8:13:e5:76:
                    4f:7f:f8:ed:fe:f6:56:50:95:3c:32:33:0e:0c:3c:
                    c9:81:0b:5c:c8:60:e0:19:a9:3c:ce:d1:2e:71:f6:
                    bf:21:4c:db:82:c9:6d:c6:42:82:a4:a2:03:7c:c8:
                    54:f3:7f:e5:3a:4b:f7:da:4a:f0:a8:06:cb:26:3f:
                    f1:b2:c7:1d:1e:36:a5:1a:89:79:d6:05:3c:e9:44:
                    ad:59:34:50:59:21:95:b8:8c:92:46:7f:7e:9c:fa:
                    4d:94:f5:9f:58:f6:16:9d:a5:70:ad:0d:de:d2:d3:
                    c9:50:d0:6f:ee:09:c3:f8:7d:b6:46:b0:62:59:bf:
                    bf:78:d8:65:f5:40:aa:24:89:1f:9b:cd:19:8c:4e:
                    4b:8b:b3:80:c2:e7:e5:d9:91:c0:c4:34:15:3b:c2:
                    fb:4b:49:38:bf:a2:c7:12:69:6f:8e:66:33:c9:dd:
                    f6:cd:20:84:dd:44:49:56:01:99:20:70:d3:e1:53:
                    1c:71:9f:68:3b:ff:c7:10:99:00:a7:83:e8:ff:fe:
                    c3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F6:9F:4B:75:DE:C7:49:E2:C8:C9:07:40:7D:36:52:1B:E4:FB:1D
            X509v3 Authority Key Identifier:
                keyid:71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/nvafS3Xex0niyMkHQH02Uhvk-x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.59.0/24
                  103.152.1.0/24
                IPv6:
                  2a14:4580::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:15:fb:34:c7:13:4a:0f:be:8a:d1:db:20:9a:59:db:db:12:
         ac:0a:f5:53:12:e9:57:4c:8d:0f:df:c2:2d:b3:b4:a0:1c:02:
         20:13:87:3c:b5:e8:a0:34:2f:af:c8:aa:b1:19:dc:fe:db:b6:
         0a:b9:3a:6c:1b:d5:23:37:ca:f6:6b:ab:02:60:66:78:5d:11:
         04:b7:0f:bc:3c:f9:36:51:15:3f:5b:32:ef:fa:be:b0:7a:6a:
         1f:6a:d6:e5:6f:f2:14:fc:d6:b0:07:a6:66:31:99:a0:7b:f9:
         63:8a:48:06:cf:81:dd:50:dd:8c:2a:f4:89:2f:4f:c1:db:7b:
         97:ca:7b:1d:4d:ef:9e:fe:01:db:14:48:aa:fb:6a:53:9c:77:
         d7:55:c8:55:c1:0b:86:2b:54:4a:f5:13:ec:5c:87:3c:cd:5a:
         11:2e:88:60:d1:8b:e7:51:8f:cc:a9:f5:a2:f5:1e:97:a3:da:
         cd:7a:72:df:7c:36:6d:6b:aa:32:db:26:07:58:3e:03:f1:26:
         c4:6e:d0:0c:e2:99:2f:6a:d6:60:52:83:cf:cc:ba:0b:84:92:
         d8:15:e4:b5:72:bf:b0:60:cd:32:4a:cf:08:1e:e2:76:3f:86:
         dc:a5:11:ad:71:43:40:fb:6a:58:60:4d:20:68:5c:0e:bf:9c:
         e7:a5:8e:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZfHRf51kvpsobmVcLd09zxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDgzZmQ4ZGFiZmUxNGIxNzRjY2NkMzViMzViODA3MTMz
MzRiYTUwHhcNMjUwNzAxMTgzNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY2OWY0Yjc1ZGVjNzQ5ZTJjOGM5MDc0MDdkMzY1MjFiZTRmYjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Qt4zNo09oM/JPbV1gLuUxSlPrPI
qMGqdHTGfsNzZzymuvFbBJFtAR2t97DcPgzqJJ2z08K4W9gT5XZPf/jt/vZWUJU8
MjMODDzJgQtcyGDgGak8ztEucfa/IUzbgsltxkKCpKIDfMhU83/lOkv32krwqAbL
Jj/xsscdHjalGol51gU86UStWTRQWSGVuIySRn9+nPpNlPWfWPYWnaVwrQ3e0tPJ
UNBv7gnD+H22RrBiWb+/eNhl9UCqJIkfm80ZjE5Li7OAwufl2ZHAxDQVO8L7S0k4
v6LHEmlvjmYzyd32zSCE3URJVgGZIHDT4VMccZ9oO//HEJkAp4Po//7D6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ72n0t13sdJ4sjJB0B9NlIb5PsdMB8GA1UdIwQY
MBaAFHHYP9jav+FLF0zM01s1uAcTM0ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAt
MDY0ZDdhZGY0YmUzLzEvbnZhZlMzWGV4MG5peU1rSFFIMDJVaHZrLXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAtMDY0ZDdhZGY0YmUz
LzEvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATik7AwQA
Z5gBMA0EAgACMAcDBQMqFEWAMA0GCSqGSIb3DQEBCwUAA4IBAQACFfs0xxNKD76K
0dsgmlnb2xKsCvVTEulXTI0P38Its7SgHAIgE4c8teigNC+vyKqxGdz+27YKuTps
G9UjN8r2a6sCYGZ4XREEtw+8PPk2URU/WzLv+r6wemofatblb/IU/NawB6ZmMZmg
e/ljikgGz4HdUN2MKvSJL0/B23uXynsdTe+e/gHbFEiq+2pTnHfXVchVwQuGK1RK
9RPsXIc8zVoRLohg0YvnUY/MqfWi9R6Xo9rNenLffDZta6oy2yYHWD4D8SbEbtAM
4pkvatZgUoPPzLoLhJLYFeS1cr+wYM0ySs8IHuJ2P4bcpRGtcUNA+2pYYE0gaFwO
v5znpY71
-----END CERTIFICATE-----