Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/exV_NxoACh9PVI2yk3AFGxcSE74.roa
File:                     exV_NxoACh9PVI2yk3AFGxcSE74.roa (raw, json)
Hash identifier:          /7CsSD2D8O74c2ToqHoUhp+nSCjsquhAS9BwzWD3GKk=
Subject key identifier:   7B:15:7F:37:1A:00:0A:1F:4F:54:8D:B2:93:70:05:1B:17:12:13:BE
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019CB570FE3FE9BAC81C180981E3AB49494D
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/exV_NxoACh9PVI2yk3AFGxcSE74.roa
Signing time:             Tue 03 Mar 2026 20:43:27 +0000
ROA not before:           Tue 03 Mar 2026 20:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201823
IP address blocks:        2a0d:d940:7e::/47 maxlen: 47
                          2a0d:d940:200b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:70:fe:3f:e9:ba:c8:1c:18:09:81:e3:ab:49:49:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar  3 20:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b157f371a000a1f4f548db29370051b171213be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:68:83:b0:2f:3d:c3:a8:97:15:e9:b1:e5:75:
                    bc:a0:99:74:b4:81:84:64:a9:00:93:94:06:8f:34:
                    cf:9a:fc:83:e6:44:d6:16:53:80:37:2c:0c:27:04:
                    32:1a:ae:9c:47:3c:0b:7e:66:e4:c8:a1:77:3e:64:
                    a7:29:ed:64:34:a8:f8:0e:42:95:ab:5a:8f:39:66:
                    9a:31:ae:a3:0b:94:c8:72:65:59:dd:2c:77:8d:60:
                    72:40:90:53:97:8c:9d:26:b8:30:77:19:72:24:96:
                    28:c6:d9:9c:d6:77:eb:39:a6:47:8e:48:64:eb:6f:
                    68:88:b8:39:eb:68:85:81:ae:c8:32:a7:25:fe:74:
                    3c:6a:bc:69:d3:82:63:5d:37:a8:9d:e3:09:84:52:
                    81:e8:1a:d6:97:dd:26:a1:9c:c4:d8:d6:7e:4f:eb:
                    3f:d8:a4:62:f3:35:5a:53:d3:f1:a0:37:eb:91:2b:
                    ec:d9:60:82:b9:4e:bd:a9:00:be:a5:4c:f8:99:49:
                    f0:90:7e:51:c7:ab:db:e3:26:2f:bb:f9:d7:58:5a:
                    cd:a4:49:18:f5:6b:98:2b:68:bb:34:03:ed:d5:85:
                    a6:ef:f4:72:83:06:2a:ce:7a:87:0d:03:cb:31:2e:
                    d2:06:3b:19:32:af:58:13:ac:f5:b8:cb:d7:84:f4:
                    28:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:15:7F:37:1A:00:0A:1F:4F:54:8D:B2:93:70:05:1B:17:12:13:BE
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/exV_NxoACh9PVI2yk3AFGxcSE74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:7e::/47
                  2a0d:d940:200b::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:bb:ca:29:53:14:9c:9b:64:c0:43:06:18:fb:5a:ca:f3:37:
         27:c6:54:a2:9a:59:7a:a1:fa:b0:7d:33:de:12:b9:af:a3:db:
         a3:28:2c:97:ef:36:8b:72:d4:b8:9d:0b:29:e6:5c:76:f0:a3:
         45:9c:8d:0e:ed:27:df:b5:da:f0:57:37:bd:f1:95:de:bf:c2:
         6a:e3:7b:ca:c8:1a:5f:87:a0:3f:f8:ff:0a:00:43:ef:b8:cf:
         77:c3:63:e0:97:bb:f9:36:87:e4:4a:50:18:aa:f5:57:d5:33:
         18:16:e7:44:99:5c:05:8d:93:e1:72:bd:e2:8b:25:03:06:6f:
         93:4f:ff:6b:16:ea:97:73:97:9e:a2:3b:7d:3f:43:49:a0:ee:
         de:cb:6f:50:b2:2e:df:a9:cf:62:cf:6a:12:9c:a8:e7:3a:d0:
         75:d3:39:ef:ed:8c:5a:21:34:2b:e3:6e:18:8e:8a:6d:2b:0b:
         0d:78:e7:ab:8d:14:e5:67:a8:39:12:d7:8d:9a:b0:78:ac:dd:
         c4:20:0a:53:99:87:4b:80:13:e7:14:05:86:54:db:b2:6b:5b:
         d7:8c:6c:92:3a:04:78:42:e6:22:1a:55:3c:03:93:61:7f:91:
         8c:11:29:eb:bd:69:00:ca:e6:64:df:94:b7:63:45:9b:bb:f6:
         a4:c2:db:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy1cP4/6brIHBgJgeOrSUlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzAzMjA0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE1N2YzNzFhMDAwYTFmNGY1NDhkYjI5MzcwMDUxYjE3MTIxM2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGiDsC89w6iXFemx5XW8oJl0tIGE
ZKkAk5QGjzTPmvyD5kTWFlOANywMJwQyGq6cRzwLfmbkyKF3PmSnKe1kNKj4DkKV
q1qPOWaaMa6jC5TIcmVZ3Sx3jWByQJBTl4ydJrgwdxlyJJYoxtmc1nfrOaZHjkhk
629oiLg562iFga7IMqcl/nQ8arxp04JjXTeoneMJhFKB6BrWl90moZzE2NZ+T+s/
2KRi8zVaU9PxoDfrkSvs2WCCuU69qQC+pUz4mUnwkH5Rx6vb4yYvu/nXWFrNpEkY
9WuYK2i7NAPt1YWm7/RygwYqznqHDQPLMS7SBjsZMq9YE6z1uMvXhPQoYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHsVfzcaAAofT1SNspNwBRsXEhO+MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvZXhWX054b0FDaDlQVkkyeWszQUZHeGNTRTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKg3ZQAB+
AwcAKg3ZQCALMA0GCSqGSIb3DQEBCwUAA4IBAQCZu8opUxScm2TAQwYY+1rK8zcn
xlSimll6ofqwfTPeErmvo9ujKCyX7zaLctS4nQsp5lx28KNFnI0O7SfftdrwVze9
8ZXev8Jq43vKyBpfh6A/+P8KAEPvuM93w2Pgl7v5NofkSlAYqvVX1TMYFudEmVwF
jZPhcr3iiyUDBm+TT/9rFuqXc5eeojt9P0NJoO7ey29Qsi7fqc9iz2oSnKjnOtB1
0znv7YxaITQr424YjoptKwsNeOerjRTlZ6g5EteNmrB4rN3EIApTmYdLgBPnFAWG
VNuya1vXjGySOgR4QuYiGlU8A5Nhf5GMESnrvWkAyuZk35S3Y0Wbu/akwttD
-----END CERTIFICATE-----