Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/nf_J-Be6PvK26ukKjJl6IQe1MJY.roa
File:                     nf_J-Be6PvK26ukKjJl6IQe1MJY.roa (raw, json)
Hash identifier:          0NfHfYZttT9eDOJu1RyDhX+/FDw371Nzr/BlGE9d+BA=
Subject key identifier:   9D:FF:C9:F8:17:BA:3E:F2:B6:EA:E9:0A:8C:99:7A:21:07:B5:30:96
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       01971AE6ADFB3F5E14D05038A68B5C5D2668
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/nf_J-Be6PvK26ukKjJl6IQe1MJY.roa
Signing time:             Thu 29 May 2025 07:16:54 +0000
ROA not before:           Thu 29 May 2025 07:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153589
IP address blocks:        153.112.128.0/24 maxlen: 24
                          153.112.210.0/24 maxlen: 24
                          192.131.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1a:e6:ad:fb:3f:5e:14:d0:50:38:a6:8b:5c:5d:26:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: May 29 07:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dffc9f817ba3ef2b6eae90a8c997a2107b53096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5f:76:26:f6:09:16:1c:96:36:19:b9:ad:04:
                    57:dc:a3:dd:e7:a7:c7:20:53:7b:97:88:5b:d5:42:
                    23:49:18:11:c0:58:87:18:52:1d:15:f5:97:3a:0a:
                    77:d1:76:2e:2f:18:61:43:05:c9:83:e6:27:b7:a9:
                    36:9b:9e:5b:d6:d6:eb:59:bf:b6:2a:60:1e:de:34:
                    70:28:ba:00:9e:fe:8a:ff:59:57:ee:d8:43:1c:9d:
                    75:61:0d:8a:0c:a2:e1:54:a5:dc:f6:ce:72:5d:92:
                    03:68:d0:21:49:37:41:46:3f:3b:a6:9a:c0:a5:97:
                    b0:2d:54:68:db:f8:2c:c6:59:fe:17:c7:e5:51:17:
                    f0:f3:a2:a2:6c:ff:45:e2:95:2f:f4:5b:88:c4:9e:
                    99:61:11:10:fe:f5:52:09:de:c2:8d:e1:8c:f5:ab:
                    96:25:5f:21:f0:97:e5:9c:11:8f:1b:12:87:5b:e4:
                    d3:26:70:e5:09:3c:7e:f5:df:14:62:58:f0:c6:29:
                    35:db:6b:f3:bc:f0:92:de:e7:f4:8b:e8:05:e6:64:
                    c9:78:8d:40:e5:42:2f:e1:ab:4f:91:72:c1:0d:d1:
                    75:4c:14:11:84:e9:1a:83:ab:fe:0f:c4:5d:2e:62:
                    b9:51:32:53:1e:c6:0a:14:22:7f:02:a3:6a:5f:b5:
                    73:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FF:C9:F8:17:BA:3E:F2:B6:EA:E9:0A:8C:99:7A:21:07:B5:30:96
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/nf_J-Be6PvK26ukKjJl6IQe1MJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.128.0/24
                  153.112.210.0/24
                  192.131.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:38:b7:c3:54:a3:06:34:5e:08:e9:b4:cd:fd:20:d6:90:eb:
         4d:b2:0a:56:2e:d8:37:dd:6b:bf:8f:a8:c1:c2:9b:32:4c:79:
         21:c3:dd:15:7c:c3:a2:1f:d5:6d:00:fe:3a:ca:07:15:69:90:
         66:b7:b0:01:ca:a8:3b:19:8a:41:b1:bd:2c:68:4a:f8:17:68:
         19:58:13:74:60:81:64:29:37:cc:0f:17:51:6d:c5:36:82:17:
         f3:7d:2f:7b:5f:d3:de:b4:cd:b3:92:72:8f:dc:f6:6c:66:71:
         07:0f:ad:bf:e3:81:18:89:d2:69:a4:5f:67:ba:14:ee:5d:2f:
         85:87:06:a4:3a:e3:54:53:53:48:da:59:6e:96:f7:44:cc:4a:
         8c:7d:49:a2:23:79:a5:9e:87:5a:85:16:f4:df:9d:05:6b:a5:
         4e:b7:c6:89:43:7e:58:2f:61:16:88:a2:ea:e0:05:2e:ba:46:
         67:13:01:c0:c8:68:d9:4a:56:69:d6:58:13:a3:d7:43:90:73:
         f1:da:fb:8d:2e:31:38:88:b8:f8:64:4f:5c:2a:c2:8a:76:7b:
         a4:d9:3f:00:84:cb:3c:9c:4d:99:77:78:70:1f:4d:67:6c:3f:
         da:b9:f5:65:eb:32:67:71:8c:7d:78:cd:08:77:c3:a5:08:90:
         d6:bd:3d:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZca5q37P14U0FA4potcXSZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjUwNTI5MDcxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZmYzlmODE3YmEzZWYyYjZlYWU5MGE4Yzk5N2EyMTA3YjUzMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF92JvYJFhyWNhm5rQRX3KPd56fH
IFN7l4hb1UIjSRgRwFiHGFIdFfWXOgp30XYuLxhhQwXJg+Ynt6k2m55b1tbrWb+2
KmAe3jRwKLoAnv6K/1lX7thDHJ11YQ2KDKLhVKXc9s5yXZIDaNAhSTdBRj87pprA
pZewLVRo2/gsxln+F8flURfw86KibP9F4pUv9FuIxJ6ZYREQ/vVSCd7CjeGM9auW
JV8h8JflnBGPGxKHW+TTJnDlCTx+9d8UYljwxik122vzvPCS3uf0i+gF5mTJeI1A
5UIv4atPkXLBDdF1TBQRhOkag6v+D8RdLmK5UTJTHsYKFCJ/AqNqX7Vz6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ3/yfgXuj7yturpCoyZeiEHtTCWMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvbmZfSi1CZTZQdksyNnVrS2pKbDZJUWUxTUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAmXCAAwQA
mXDSAwQAwIMZMA0GCSqGSIb3DQEBCwUAA4IBAQCnOLfDVKMGNF4I6bTN/SDWkOtN
sgpWLtg33Wu/j6jBwpsyTHkhw90VfMOiH9VtAP46ygcVaZBmt7AByqg7GYpBsb0s
aEr4F2gZWBN0YIFkKTfMDxdRbcU2ghfzfS97X9PetM2zknKP3PZsZnEHD62/44EY
idJppF9nuhTuXS+FhwakOuNUU1NI2llulvdEzEqMfUmiI3mlnodahRb0350Fa6VO
t8aJQ35YL2EWiKLq4AUuukZnEwHAyGjZSlZp1lgTo9dDkHPx2vuNLjE4iLj4ZE9c
KsKKdnuk2T8AhMs8nE2Zd3hwH01nbD/aufVl6zJncYx9eM0Id8OlCJDWvT1v
-----END CERTIFICATE-----