Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/n0559nrrxWlTiJJeG18heWs2pIU.roa
File:                     n0559nrrxWlTiJJeG18heWs2pIU.roa (raw, json)
Hash identifier:          MAU9xz4lV/zxBb8iBC0mDqVvEPA9rfYw9hMbacTD5Ec=
Subject key identifier:   9F:4E:79:F6:7A:EB:C5:69:53:88:92:5E:1B:5F:21:79:6B:36:A4:85
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0196C9224C61AA73D0019FF94A9BC70E2154
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/n0559nrrxWlTiJJeG18heWs2pIU.roa
Signing time:             Tue 13 May 2025 10:13:10 +0000
ROA not before:           Tue 13 May 2025 10:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        2a0d:d940:11::/48 maxlen: 48
                          2a0d:d940:100::/40 maxlen: 40
                          2a0d:d940:9002::/48 maxlen: 48
                          2a0d:d940:9007::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:22:4c:61:aa:73:d0:01:9f:f9:4a:9b:c7:0e:21:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: May 13 10:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f4e79f67aebc5695388925e1b5f21796b36a485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a9:00:d1:f0:f3:a2:d7:4d:bb:6a:ed:c1:44:
                    22:6a:df:88:97:5a:9d:69:75:e8:cf:97:e0:10:5b:
                    89:cf:38:4b:43:11:73:80:e2:54:37:86:68:66:dc:
                    35:29:22:dc:2f:fc:06:2a:c0:1c:60:f4:4d:67:13:
                    51:d4:5e:0c:f6:b7:5c:d8:05:a2:11:fb:8b:cf:c9:
                    51:ee:8b:f8:d0:9b:df:62:8d:72:85:71:7c:75:b2:
                    dd:f2:6b:51:63:d8:2f:32:b8:57:77:5d:f1:e6:54:
                    0d:77:63:b5:53:8b:d1:46:e1:85:9f:74:5c:3b:7d:
                    28:0a:c6:c2:d0:d9:e5:50:fd:a2:d4:c9:07:c3:4a:
                    d7:08:b4:63:35:0f:04:e6:dc:37:0e:db:f6:0a:7c:
                    63:34:46:3a:70:a3:a5:4c:45:52:ad:79:32:54:3f:
                    bf:01:d2:d5:47:80:d5:33:e1:ec:99:ba:c6:4e:52:
                    e6:a8:f4:8d:d8:1d:47:58:c2:67:e3:70:c4:02:9e:
                    5f:46:75:12:e2:d1:7c:f1:db:fd:de:3d:9f:25:b0:
                    4a:4b:aa:72:55:f5:8e:2f:97:b5:42:da:ef:f1:ca:
                    a2:8f:3b:f1:d8:db:87:4d:fd:b4:78:a1:0e:ba:c3:
                    89:7b:88:cb:84:2c:c5:94:eb:b2:d0:ab:dc:a8:e9:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4E:79:F6:7A:EB:C5:69:53:88:92:5E:1B:5F:21:79:6B:36:A4:85
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/n0559nrrxWlTiJJeG18heWs2pIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:11::/48
                  2a0d:d940:100::/40
                  2a0d:d940:9002::/48
                  2a0d:d940:9007::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:b7:fd:19:ba:da:0b:ac:5a:e8:38:38:7d:54:8d:3e:48:37:
         5b:34:c7:3c:0a:00:28:69:46:d7:8f:85:99:af:cb:4c:b1:43:
         e3:ee:c4:86:a6:7c:e8:cf:84:05:04:cf:30:7f:7e:41:d5:d5:
         fb:44:f2:51:d0:6f:09:65:2f:b9:9f:d8:85:09:3f:a5:43:5a:
         de:56:ee:80:65:02:89:ac:03:c4:6a:3b:3d:04:ed:07:43:6f:
         e2:96:47:46:11:e6:d9:cd:34:16:a6:e5:14:8d:d7:95:b1:11:
         59:0b:b2:e4:94:49:56:42:d1:73:04:bf:16:b8:72:6d:94:52:
         70:ec:3f:24:9e:d6:89:71:a0:aa:fe:be:00:f7:70:9a:26:f1:
         9a:6e:ef:ca:be:ac:bf:a6:b4:0d:b1:0d:cb:e5:b8:fc:b9:e9:
         df:10:9b:38:9f:3d:38:65:9c:7e:a6:89:27:06:56:48:4a:94:
         47:74:88:a8:c5:f8:a8:6a:d1:67:80:7b:d4:b3:ae:46:0a:20:
         a1:ab:25:1f:d0:17:35:25:97:85:92:0a:4b:07:4c:4b:f8:39:
         fc:1c:e2:fa:83:5b:81:b6:f9:3e:95:96:ce:e1:5e:1f:64:dc:
         b4:11:f2:7f:c6:7a:28:c0:96:8d:e0:a9:3a:12:30:79:3e:e9:
         09:bd:1e:67
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZbJIkxhqnPQAZ/5SpvHDiFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNTEzMTAxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRlNzlmNjdhZWJjNTY5NTM4ODkyNWUxYjVmMjE3OTZiMzZhNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KkA0fDzotdNu2rtwUQiat+Il1qd
aXXoz5fgEFuJzzhLQxFzgOJUN4ZoZtw1KSLcL/wGKsAcYPRNZxNR1F4M9rdc2AWi
EfuLz8lR7ov40JvfYo1yhXF8dbLd8mtRY9gvMrhXd13x5lQNd2O1U4vRRuGFn3Rc
O30oCsbC0NnlUP2i1MkHw0rXCLRjNQ8E5tw3Dtv2CnxjNEY6cKOlTEVSrXkyVD+/
AdLVR4DVM+HsmbrGTlLmqPSN2B1HWMJn43DEAp5fRnUS4tF88dv93j2fJbBKS6py
VfWOL5e1Qtrv8cqijzvx2NuHTf20eKEOusOJe4jLhCzFlOuy0KvcqOk11QIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJ9OefZ668VpU4iSXhtfIXlrNqSFMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbjA1NTlucnJ4V2xUaUpKZUcxOGhlV3MycElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwcAKg3ZQAAR
AwYAKg3ZQAEDBwAqDdlAkAIDBwAqDdlAkAcwDQYJKoZIhvcNAQELBQADggEBAJK3
/Rm62gusWug4OH1UjT5IN1s0xzwKAChpRtePhZmvy0yxQ+PuxIamfOjPhAUEzzB/
fkHV1ftE8lHQbwllL7mf2IUJP6VDWt5W7oBlAomsA8RqOz0E7QdDb+KWR0YR5tnN
NBam5RSN15WxEVkLsuSUSVZC0XMEvxa4cm2UUnDsPySe1olxoKr+vgD3cJom8Zpu
78q+rL+mtA2xDcvluPy56d8QmzifPThlnH6miScGVkhKlEd0iKjF+Khq0WeAe9Sz
rkYKIKGrJR/QFzUll4WSCksHTEv4Ofwc4vqDW4G2+T6Vls7hXh9k3LQR8n/GeijA
lo3gqToSMHk+6Qm9Hmc=
-----END CERTIFICATE-----
Generated at Mon Jun 9 15:24:23 2025 by rpki-client