Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/nHxs1XMfnqzh-Z8aeIMb_NiElkE.roa
File:                     nHxs1XMfnqzh-Z8aeIMb_NiElkE.roa (raw, json)
Hash identifier:          8Qy8fF7R1NwaP6gn0wt2uKO1stfFsvaIv7LK8MDpXo4=
Subject key identifier:   9C:7C:6C:D5:73:1F:9E:AC:E1:F9:9F:1A:78:83:1B:FC:D8:84:96:41
Certificate issuer:       /CN=12520f8b2af8a1453089a620d2392f66b0a3ebf4
Certificate serial:       01973C6A6FCEBD9975C105717B657FBDDDCD
Authority key identifier: 12:52:0F:8B:2A:F8:A1:45:30:89:A6:20:D2:39:2F:66:B0:A3:EB:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/nHxs1XMfnqzh-Z8aeIMb_NiElkE.roa
Signing time:             Wed 04 Jun 2025 19:28:17 +0000
ROA not before:           Wed 04 Jun 2025 19:28:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a07:eb80::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:6a:6f:ce:bd:99:75:c1:05:71:7b:65:7f:bd:dd:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12520f8b2af8a1453089a620d2392f66b0a3ebf4
        Validity
            Not Before: Jun  4 19:28:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c7c6cd5731f9eace1f99f1a78831bfcd8849641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:88:08:97:c1:91:0d:af:fd:53:db:5d:7a:f2:
                    11:1c:fe:a1:6f:d3:5c:ca:d0:44:0b:f1:0a:24:59:
                    07:c8:9b:57:76:69:aa:86:c9:2d:f5:3d:cb:5f:dc:
                    42:47:75:e8:42:c5:2d:e7:c1:1c:c0:10:b4:55:02:
                    29:77:79:b5:ce:29:92:fd:15:d9:1e:3f:14:4e:77:
                    c6:85:aa:04:2c:2e:ed:71:9c:f4:c3:e0:c3:bf:73:
                    d3:c4:16:ee:bc:cb:86:72:bb:8f:18:0f:f7:06:59:
                    cf:42:66:b9:18:f7:bd:2c:09:e4:90:d7:15:41:fd:
                    9f:40:c1:57:55:cf:5d:84:eb:2c:de:84:21:f7:f6:
                    94:cf:ee:9d:5f:92:f0:f5:e2:21:53:c2:ad:33:95:
                    43:e4:91:68:dc:c5:8f:a7:b9:21:5f:ad:09:3d:f6:
                    11:57:57:7f:fb:01:40:30:d8:4e:99:bc:c8:0b:60:
                    2a:b5:06:fe:ba:21:2b:bc:cf:14:5c:89:32:ab:f1:
                    b9:8d:e6:f3:72:fc:69:f6:74:1b:6d:7c:75:6f:ce:
                    4b:3d:0f:03:f5:17:b6:ac:25:ca:16:02:d2:07:0b:
                    a3:62:72:39:19:4d:62:cc:2e:e8:e9:08:18:7e:75:
                    c1:84:53:15:f6:f0:d1:82:9d:4f:a8:17:7b:ac:80:
                    18:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7C:6C:D5:73:1F:9E:AC:E1:F9:9F:1A:78:83:1B:FC:D8:84:96:41
            X509v3 Authority Key Identifier:
                keyid:12:52:0F:8B:2A:F8:A1:45:30:89:A6:20:D2:39:2F:66:B0:A3:EB:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/nHxs1XMfnqzh-Z8aeIMb_NiElkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:eb80::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:f0:cb:a1:0c:42:08:5b:33:67:55:f0:f3:03:bc:76:f6:d7:
         f5:99:b3:fb:00:16:56:85:66:82:2b:cf:15:c3:83:b9:6e:8b:
         23:11:5a:b2:62:24:1c:9f:b9:f8:e6:da:82:64:d4:bf:d2:4c:
         b6:ba:02:ca:e8:10:3d:aa:64:e8:f2:3e:61:a9:eb:bb:5a:8d:
         42:cb:f6:1b:f5:63:0d:37:04:be:ab:7d:32:55:86:22:a8:d0:
         aa:68:99:39:aa:e0:31:e7:d5:8f:0e:11:40:d3:af:f7:d7:a5:
         12:58:49:c8:1d:c9:58:a5:bb:62:83:b9:1f:b7:2b:ff:80:53:
         b1:24:0c:bc:f6:0f:3c:be:b1:9e:1f:ba:ba:6c:d1:c9:0e:eb:
         d0:df:e3:f0:2b:97:4d:c1:d8:c0:7f:07:d4:b6:d3:3b:07:92:
         37:63:99:f4:6c:68:db:9a:f1:c0:98:aa:41:e6:4c:6a:ce:60:
         c9:c0:21:a1:10:c5:55:41:34:4c:d8:25:1c:9c:6a:61:78:6f:
         e5:b1:c0:5d:dd:0e:d0:51:27:3b:28:94:10:65:97:db:db:ea:
         5b:ff:fb:92:57:e6:da:9f:ac:b0:79:1a:05:72:9c:93:ab:be:
         cc:95:21:11:b1:8b:af:29:b9:f7:92:78:e8:4c:a4:d7:1e:39:
         9f:71:ec:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc8am/OvZl1wQVxe2V/vd3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNTIwZjhiMmFmOGExNDUzMDg5YTYyMGQyMzkyZjY2YjBh
M2ViZjQwHhcNMjUwNjA0MTkyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdjNmNkNTczMWY5ZWFjZTFmOTlmMWE3ODgzMWJmY2Q4ODQ5NjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnogIl8GRDa/9U9tdevIRHP6hb9Nc
ytBEC/EKJFkHyJtXdmmqhskt9T3LX9xCR3XoQsUt58EcwBC0VQIpd3m1zimS/RXZ
Hj8UTnfGhaoELC7tcZz0w+DDv3PTxBbuvMuGcruPGA/3BlnPQma5GPe9LAnkkNcV
Qf2fQMFXVc9dhOss3oQh9/aUz+6dX5Lw9eIhU8KtM5VD5JFo3MWPp7khX60JPfYR
V1d/+wFAMNhOmbzIC2AqtQb+uiErvM8UXIkyq/G5jebzcvxp9nQbbXx1b85LPQ8D
9Re2rCXKFgLSBwujYnI5GU1izC7o6QgYfnXBhFMV9vDRgp1PqBd7rIAY3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJx8bNVzH56s4fmfGniDG/zYhJZBMB8GA1UdIwQY
MBaAFBJSD4sq+KFFMImmINI5L2awo+v0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWxJUGl5cjRvVVV3aWFZZzBqa3ZackNqNl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NzY1NjUtYTY5OS00ZDg4LTgxMTct
MzQyMWVhNDFkZjM2LzEvbkh4czFYTWZucXpoLVo4YWVJTWJfTmlFbGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NzY1NjUtYTY5OS00ZDg4LTgxMTctMzQyMWVhNDFkZjM2
LzEvRWxJUGl5cjRvVVV3aWFZZzBqa3ZackNqNl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfrgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCo8MuhDEIIWzNnVfDzA7x29tf1mbP7ABZWhWaC
K88Vw4O5bosjEVqyYiQcn7n45tqCZNS/0ky2ugLK6BA9qmTo8j5hqeu7Wo1Cy/Yb
9WMNNwS+q30yVYYiqNCqaJk5quAx59WPDhFA06/316USWEnIHclYpbtig7kftyv/
gFOxJAy89g88vrGeH7q6bNHJDuvQ3+PwK5dNwdjAfwfUttM7B5I3Y5n0bGjbmvHA
mKpB5kxqzmDJwCGhEMVVQTRM2CUcnGpheG/lscBd3Q7QUSc7KJQQZZfb2+pb//uS
V+ban6yweRoFcpyTq77MlSERsYuvKbn3knjoTKTXHjmfcexS
-----END CERTIFICATE-----