Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/nNsIFsRQ8KPUASClNMSWhZFqzgg.roa
File:                     nNsIFsRQ8KPUASClNMSWhZFqzgg.roa (raw, json)
Hash identifier:          3ts8zd58dlbS2ejtGDD2JpcDnlek0cPc7JmFTjbGcT8=
Subject key identifier:   9C:DB:08:16:C4:50:F0:A3:D4:01:20:A5:34:C4:96:85:91:6A:CE:08
Certificate issuer:       /CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
Certificate serial:       019A034EBD77BE2A0E27524A16E41AD025A9
Authority key identifier: BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/nNsIFsRQ8KPUASClNMSWhZFqzgg.roa
Signing time:             Mon 20 Oct 2025 20:28:03 +0000
ROA not before:           Mon 20 Oct 2025 20:28:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14789
IP address blocks:        2a09:bac0:439::/48 maxlen: 48
                          2a09:bac0:477::/48 maxlen: 48
                          2a09:bac0:566::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Oct 2025 17:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:03:4e:bd:77:be:2a:0e:27:52:4a:16:e4:1a:d0:25:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
        Validity
            Not Before: Oct 20 20:28:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cdb0816c450f0a3d40120a534c49685916ace08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:40:25:bc:83:0d:d0:de:db:a1:40:f7:3f:bf:
                    50:95:ab:35:73:ee:b5:4f:67:33:b6:a5:46:19:4d:
                    a8:11:71:38:9a:5b:55:fc:98:b9:23:78:05:5a:57:
                    49:d9:2c:8e:13:0d:34:f0:de:a4:f6:77:06:c3:4d:
                    20:01:28:5b:ad:05:40:bb:00:e0:7f:dc:94:aa:8b:
                    da:9e:85:78:51:1d:5c:26:a4:73:6d:89:ae:a7:f4:
                    2f:5b:a7:f4:e1:a1:93:43:92:dd:4e:01:31:df:f6:
                    c6:54:21:e6:8a:fd:ba:df:55:ec:a7:1b:ff:5e:a0:
                    a6:da:d1:ed:12:27:84:43:c7:75:f8:00:dc:6c:5e:
                    c2:0f:f6:f8:9b:1a:7f:66:9a:ca:e5:99:2c:07:61:
                    00:19:fc:46:b3:98:f0:57:10:2f:1a:fd:c4:79:4b:
                    66:32:2b:d9:ab:59:4f:9c:41:23:50:d8:47:1d:96:
                    e6:ca:05:9f:7f:a8:c0:73:1d:73:89:12:22:00:56:
                    8d:03:e7:c0:bd:f4:6c:17:3a:b3:ac:b3:3a:83:64:
                    9e:a7:c0:d9:7c:3c:af:8f:73:a3:4f:9a:50:d7:62:
                    a6:f3:7d:65:8e:58:2e:c8:00:7c:3f:4b:ab:1c:2e:
                    77:bc:5f:29:6d:1c:a6:d3:23:30:a8:99:6d:ca:7b:
                    c5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DB:08:16:C4:50:F0:A3:D4:01:20:A5:34:C4:96:85:91:6A:CE:08
            X509v3 Authority Key Identifier:
                keyid:BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/nNsIFsRQ8KPUASClNMSWhZFqzgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:bac0:439::/48
                  2a09:bac0:477::/48
                  2a09:bac0:566::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:2b:f9:a1:55:c3:0c:f8:aa:1d:0e:1e:f0:b7:44:47:95:dd:
         20:5e:17:5f:3f:ba:44:37:70:f9:1c:db:3f:85:8a:de:b1:aa:
         97:59:19:bd:a2:4d:8b:b8:1d:dc:55:42:ff:5e:72:68:70:20:
         fb:59:38:c2:38:66:51:05:9a:b2:fa:0e:f9:ea:15:db:b6:4b:
         dc:75:9d:7e:b1:8a:73:28:66:25:bf:12:51:6f:ae:42:35:77:
         d2:11:0c:90:d0:23:f5:7d:1d:f8:3d:aa:a9:bc:a3:6c:54:5d:
         4a:a3:18:e8:1a:31:96:2e:77:66:87:bf:22:ce:ee:89:70:2b:
         cc:eb:7f:9f:7e:ff:c6:8d:50:4a:50:54:22:8d:1b:49:c5:58:
         d5:c2:54:25:ed:d6:8b:7e:6a:c4:8b:03:a7:1d:c6:97:b2:b7:
         d9:2b:10:b7:8d:57:6e:26:b0:be:7e:56:0e:db:b2:3d:ac:31:
         76:3d:9a:5c:72:77:5b:16:eb:cc:22:f6:1c:58:5b:7c:1b:86:
         93:fd:ca:c3:7d:23:7a:fb:2f:2e:b1:61:56:ec:88:72:c8:60:
         ef:41:73:45:c8:20:6d:7f:91:60:38:f4:ff:60:36:61:8c:5b:
         b0:4d:98:77:bc:52:25:b7:63:1d:ed:20:74:cf:e3:57:51:d9:
         34:4e:f3:55
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZoDTr13vioOJ1JKFuQa0CWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTlmMTJjOTZiYTIwNjgzYWZmNWM5NThiZmFkOGU0YzU3
N2Y3ZmUwHhcNMjUxMDIwMjAyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RiMDgxNmM0NTBmMGEzZDQwMTIwYTUzNGM0OTY4NTkxNmFjZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukAlvIMN0N7boUD3P79Qlas1c+61
T2cztqVGGU2oEXE4mltV/Ji5I3gFWldJ2SyOEw008N6k9ncGw00gAShbrQVAuwDg
f9yUqovanoV4UR1cJqRzbYmup/QvW6f04aGTQ5LdTgEx3/bGVCHmiv2631Xspxv/
XqCm2tHtEieEQ8d1+ADcbF7CD/b4mxp/ZprK5ZksB2EAGfxGs5jwVxAvGv3EeUtm
MivZq1lPnEEjUNhHHZbmygWff6jAcx1ziRIiAFaNA+fAvfRsFzqzrLM6g2Sep8DZ
fDyvj3OjT5pQ12Km831ljlguyAB8P0urHC53vF8pbRym0yMwqJltynvFWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJzbCBbEUPCj1AEgpTTEloWRas4IMB8GA1UdIwQY
MBaAFL/p8SyWuiBoOv9clYv62OTFd/f+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQt
Zjc4MjBjNWU5NjZhLzEvbk5zSUZzUlE4S1BVQVNDbE5NU1doWkZxemdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQtZjc4MjBjNWU5NjZh
LzEvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgm6wAQ5
AwcAKgm6wAR3AwcAKgm6wAVmMA0GCSqGSIb3DQEBCwUAA4IBAQAdK/mhVcMM+Kod
Dh7wt0RHld0gXhdfP7pEN3D5HNs/hYresaqXWRm9ok2LuB3cVUL/XnJocCD7WTjC
OGZRBZqy+g756hXbtkvcdZ1+sYpzKGYlvxJRb65CNXfSEQyQ0CP1fR34PaqpvKNs
VF1KoxjoGjGWLndmh78izu6JcCvM63+ffv/GjVBKUFQijRtJxVjVwlQl7daLfmrE
iwOnHcaXsrfZKxC3jVduJrC+flYO27I9rDF2PZpccndbFuvMIvYcWFt8G4aT/crD
fSN6+y8usWFW7IhyyGDvQXNFyCBtf5FgOPT/YDZhjFuwTZh3vFIlt2Md7SB0z+NX
Udk0TvNV
-----END CERTIFICATE-----