Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/nbambIIqRFOhbaDA9uUUmbh_l5Q.roa
File:                     nbambIIqRFOhbaDA9uUUmbh_l5Q.roa (raw, json)
Hash identifier:          t9MxHGpdzO8JUyCRcCDuuUPr6RtFVNeR4ykpojFpuVs=
Subject key identifier:   9D:B6:A6:6C:82:2A:44:53:A1:6D:A0:C0:F6:E5:14:99:B8:7F:97:94
Certificate issuer:       /CN=28ab22fb2da473c5426bfcc1f880861004017087
Certificate serial:       0194282725EF2F8B30BFB87954268772F0D5
Authority key identifier: 28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/nbambIIqRFOhbaDA9uUUmbh_l5Q.roa
Signing time:             Thu 02 Jan 2025 17:54:01 +0000
ROA not before:           Thu 02 Jan 2025 17:54:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        195.85.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:25:ef:2f:8b:30:bf:b8:79:54:26:87:72:f0:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ab22fb2da473c5426bfcc1f880861004017087
        Validity
            Not Before: Jan  2 17:54:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9db6a66c822a4453a16da0c0f6e51499b87f9794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:87:bb:ae:a4:30:d6:f0:28:6c:40:ba:0c:70:
                    41:9b:9a:a2:ef:2a:db:a3:bd:64:ff:d5:74:2c:46:
                    c0:93:ef:0a:0e:db:ed:94:a1:ea:28:c3:dc:63:c5:
                    6c:89:ad:ac:17:fc:ce:c8:9b:e6:9d:a2:f4:8c:31:
                    10:19:df:cd:94:40:7c:ca:d3:86:f1:82:f7:dd:ac:
                    6e:a9:6e:d1:8b:df:ec:b7:db:ea:09:69:12:7f:6f:
                    f8:85:27:c2:14:0e:ef:7a:ef:b1:ea:71:3c:33:79:
                    22:68:0e:4d:f3:6d:f0:0f:68:6a:e5:2b:7e:03:3b:
                    3e:a6:04:0d:6e:82:29:5a:4b:bf:52:af:8e:13:aa:
                    b6:06:2e:e6:7f:a4:2d:1d:0a:f5:b3:51:6f:6b:6d:
                    0b:6a:03:77:97:ea:ca:ff:df:b7:71:1d:75:ea:3a:
                    de:dc:32:d0:42:fc:d4:9e:3b:0a:bc:54:40:dc:25:
                    42:2d:22:a0:91:9c:45:13:48:7c:18:11:15:da:ab:
                    25:ea:22:0a:e6:72:03:67:ef:6c:a9:af:d2:30:4a:
                    b6:05:a7:77:29:c3:10:6f:0f:c4:02:c9:a9:13:bb:
                    b9:c8:5d:ba:7c:7a:5a:ae:86:a6:03:ae:4a:6b:51:
                    24:c3:b1:6d:1b:49:99:b7:dd:b4:59:ed:18:ca:18:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B6:A6:6C:82:2A:44:53:A1:6D:A0:C0:F6:E5:14:99:B8:7F:97:94
            X509v3 Authority Key Identifier:
                keyid:28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/nbambIIqRFOhbaDA9uUUmbh_l5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:96:46:99:52:26:9d:6f:d4:19:d7:95:83:39:c1:9e:7a:4f:
         a6:d9:c1:87:24:b5:e1:de:8e:37:8e:4c:58:cb:57:6b:36:a5:
         09:a5:85:a5:72:79:17:60:05:23:98:fc:24:9c:3b:d7:21:27:
         1e:3e:13:b4:6d:3e:ea:41:d7:6f:f0:bc:45:2b:9e:b4:03:9c:
         93:ec:63:c6:1f:34:7b:54:8d:2a:3d:a9:8c:8c:9f:59:54:60:
         46:4f:1c:77:b4:6a:3d:07:d9:59:83:16:9e:5b:a1:7a:a1:cc:
         c9:0d:42:9f:09:3a:5e:f8:c7:bd:39:94:ed:36:b4:13:19:8e:
         8f:20:1e:19:39:06:2e:37:e9:06:4a:ba:1e:67:0b:d2:e9:00:
         5c:9c:08:19:be:76:3b:c2:53:9e:0b:e3:18:fb:09:b1:9e:93:
         4e:0b:f0:06:20:07:70:8a:64:2e:74:20:3e:b2:49:55:f4:d1:
         26:33:55:3e:98:b2:ea:e7:97:1f:83:80:96:35:92:bc:f7:c9:
         78:22:60:db:bf:f4:71:9e:78:9b:42:05:24:4e:31:b7:78:21:
         96:1c:31:4f:b8:b0:cc:51:e5:fc:bd:04:33:69:ad:71:2f:b8:
         79:7e:4a:bc:d2:6b:18:59:c7:e1:09:b9:d2:7e:02:b8:e2:ac:
         76:25:db:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJyXvL4swv7h5VCaHcvDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWIyMmZiMmRhNDczYzU0MjZiZmNjMWY4ODA4NjEwMDQw
MTcwODcwHhcNMjUwMTAyMTc1NDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI2YTY2YzgyMmE0NDUzYTE2ZGEwYzBmNmU1MTQ5OWI4N2Y5Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYe7rqQw1vAobEC6DHBBm5qi7yrb
o71k/9V0LEbAk+8KDtvtlKHqKMPcY8Vsia2sF/zOyJvmnaL0jDEQGd/NlEB8ytOG
8YL33axuqW7Ri9/st9vqCWkSf2/4hSfCFA7veu+x6nE8M3kiaA5N823wD2hq5St+
Azs+pgQNboIpWku/Uq+OE6q2Bi7mf6QtHQr1s1Fva20LagN3l+rK/9+3cR116jre
3DLQQvzUnjsKvFRA3CVCLSKgkZxFE0h8GBEV2qsl6iIK5nIDZ+9sqa/SMEq2Bad3
KcMQbw/EAsmpE7u5yF26fHparoamA65Ka1Ekw7FtG0mZt920We0YyhiydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ22pmyCKkRToW2gwPblFJm4f5eUMB8GA1UdIwQY
MBaAFCirIvstpHPFQmv8wfiAhhAEAXCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMt
M2ExNTk1ZmM4NmVmLzEvbmJhbWJJSXFSRk9oYmFEQTl1VVVtYmhfbDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMtM2ExNTk1ZmM4NmVm
LzEvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1UMMA0G
CSqGSIb3DQEBCwUAA4IBAQA6lkaZUiadb9QZ15WDOcGeek+m2cGHJLXh3o43jkxY
y1drNqUJpYWlcnkXYAUjmPwknDvXIScePhO0bT7qQddv8LxFK560A5yT7GPGHzR7
VI0qPamMjJ9ZVGBGTxx3tGo9B9lZgxaeW6F6oczJDUKfCTpe+Me9OZTtNrQTGY6P
IB4ZOQYuN+kGSroeZwvS6QBcnAgZvnY7wlOeC+MY+wmxnpNOC/AGIAdwimQudCA+
sklV9NEmM1U+mLLq55cfg4CWNZK898l4ImDbv/RxnnibQgUkTjG3eCGWHDFPuLDM
UeX8vQQzaa1xL7h5fkq80msYWcfhCbnSfgK44qx2JdsF
-----END CERTIFICATE-----