Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/NWnnwK9I8wP3Or6FJHn1SqSLopk.roa
File:                     NWnnwK9I8wP3Or6FJHn1SqSLopk.roa (raw, json)
Hash identifier:          8ldjsoYuIJKPxFfa19l3U4pzPGfgBiSMm2mGccBHKGY=
Subject key identifier:   35:69:E7:C0:AF:48:F3:03:F7:3A:BE:85:24:79:F5:4A:A4:8B:A2:99
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       0195F6E3F72CFDC3379A2FB543E89FF687C6
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/NWnnwK9I8wP3Or6FJHn1SqSLopk.roa
Signing time:             Wed 02 Apr 2025 14:24:49 +0000
ROA not before:           Wed 02 Apr 2025 14:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a12:1540::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:e3:f7:2c:fd:c3:37:9a:2f:b5:43:e8:9f:f6:87:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Apr  2 14:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3569e7c0af48f303f73abe852479f54aa48ba299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9e:9e:df:a3:e2:c1:59:ed:92:50:50:b0:bf:
                    ca:df:bf:1b:64:3a:5e:5d:51:97:02:64:59:ee:ed:
                    17:70:74:aa:b4:48:95:d5:81:7d:fc:4a:68:dd:2f:
                    80:1e:90:69:aa:9d:db:95:d4:25:a3:ff:12:b3:d9:
                    31:15:64:30:1c:be:e8:dc:39:32:10:cc:b2:73:23:
                    a7:05:44:9a:8e:a3:10:08:2a:51:c4:3a:2a:4e:5b:
                    82:78:e5:7d:7a:8b:85:b0:85:c7:ea:e2:d5:e9:76:
                    18:fd:f5:c7:2c:a1:89:be:da:2c:d0:86:87:ab:dc:
                    50:d4:99:06:1c:77:60:01:d6:6f:f4:0d:e9:fc:7a:
                    f7:82:d0:a2:2f:e2:2d:21:a2:58:ac:b1:5b:5a:75:
                    b7:e2:4a:82:59:17:e3:06:ad:10:fb:8d:8e:45:3d:
                    2e:17:5d:2a:5d:44:d9:a7:b3:be:5a:0c:36:3c:cc:
                    8b:d4:4d:d4:1a:b3:35:ac:81:b5:3b:11:5a:f6:7a:
                    da:f6:95:61:55:66:19:55:97:74:5a:04:d2:c8:6e:
                    15:e8:7a:d5:45:ac:78:a4:58:cc:b5:ea:7b:64:e5:
                    73:a7:6a:a1:d1:9f:61:fd:63:50:86:2b:83:22:41:
                    a2:75:9c:c7:c3:f3:93:61:01:8c:5c:7d:98:27:0d:
                    0b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:69:E7:C0:AF:48:F3:03:F7:3A:BE:85:24:79:F5:4A:A4:8B:A2:99
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/NWnnwK9I8wP3Or6FJHn1SqSLopk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1540::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:d8:06:47:32:e0:49:c3:69:aa:2b:51:28:30:7b:e6:63:0b:
         c0:8f:2d:bc:11:e1:5f:3c:92:96:de:86:6a:87:87:ac:ce:c6:
         52:7a:13:84:85:a1:51:ed:92:c4:8a:1c:6a:6c:69:d1:2b:00:
         b1:8f:db:66:99:43:b0:4a:de:34:be:5b:08:86:ba:cc:97:23:
         9f:02:67:60:d9:be:67:06:8a:63:ad:d4:35:b7:50:77:89:97:
         2a:1a:1c:db:0c:49:69:61:c4:6d:f1:c4:0c:dd:08:e2:3a:da:
         e4:64:8d:50:c1:30:43:5d:95:cd:9b:5f:d7:df:a4:30:bf:f3:
         0b:79:50:22:a5:da:96:ed:17:45:ed:c1:13:6a:21:5e:7a:f9:
         b2:c1:e8:c5:17:58:99:5c:7a:70:83:69:f3:7e:e0:d7:0f:50:
         30:e9:6a:bc:d7:ea:75:30:5c:16:e6:6f:15:73:2e:79:5d:b9:
         1c:72:62:26:f3:3b:42:75:41:3c:27:8b:e8:c5:37:f6:ae:dd:
         b3:60:83:ab:1a:72:0d:3f:a3:65:ca:fe:5d:f3:94:f6:2c:1a:
         fa:38:06:2b:42:d7:4d:00:cf:a7:18:e2:7c:cd:83:ac:7b:2c:
         67:b1:e9:ef:47:2e:b9:21:18:2c:92:29:cf:3d:c5:b5:1b:77:
         74:a6:b3:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZX24/cs/cM3mi+1Q+if9ofGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjUwNDAyMTQyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTY5ZTdjMGFmNDhmMzAzZjczYWJlODUyNDc5ZjU0YWE0OGJhMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA256e36PiwVntklBQsL/K378bZDpe
XVGXAmRZ7u0XcHSqtEiV1YF9/Epo3S+AHpBpqp3bldQlo/8Ss9kxFWQwHL7o3Dky
EMyycyOnBUSajqMQCCpRxDoqTluCeOV9eouFsIXH6uLV6XYY/fXHLKGJvtos0IaH
q9xQ1JkGHHdgAdZv9A3p/Hr3gtCiL+ItIaJYrLFbWnW34kqCWRfjBq0Q+42ORT0u
F10qXUTZp7O+Wgw2PMyL1E3UGrM1rIG1OxFa9nra9pVhVWYZVZd0WgTSyG4V6HrV
Rax4pFjMtep7ZOVzp2qh0Z9h/WNQhiuDIkGidZzHw/OTYQGMXH2YJw0LmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDVp58CvSPMD9zq+hSR59Uqki6KZMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvTldubndLOUk4d1AzT3I2RkpIbjFTcVNMb3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIVQDAN
BgkqhkiG9w0BAQsFAAOCAQEAOtgGRzLgScNpqitRKDB75mMLwI8tvBHhXzySlt6G
aoeHrM7GUnoThIWhUe2SxIocamxp0SsAsY/bZplDsEreNL5bCIa6zJcjnwJnYNm+
ZwaKY63UNbdQd4mXKhoc2wxJaWHEbfHEDN0I4jra5GSNUMEwQ12VzZtf19+kML/z
C3lQIqXalu0XRe3BE2ohXnr5ssHoxRdYmVx6cINp837g1w9QMOlqvNfqdTBcFuZv
FXMueV25HHJiJvM7QnVBPCeL6MU39q7ds2CDqxpyDT+jZcr+XfOU9iwa+jgGK0LX
TQDPpxjifM2DrHssZ7Hp70cuuSEYLJIpzz3FtRt3dKazkQ==
-----END CERTIFICATE-----