Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/npfW86bzVUIBWQHFlbmhnRV4Ph8.roa
File:                     npfW86bzVUIBWQHFlbmhnRV4Ph8.roa (raw, json)
Hash identifier:          XKuss+rSffzcmWNLY+1FYtySKSs4mvxaRMowYWtn0pU=
Subject key identifier:   9E:97:D6:F3:A6:F3:55:42:01:59:01:C5:95:B9:A1:9D:15:78:3E:1F
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       0196195179E10DD469C06BD1A76DFBDAC417
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/npfW86bzVUIBWQHFlbmhnRV4Ph8.roa
Signing time:             Wed 09 Apr 2025 06:51:31 +0000
ROA not before:           Wed 09 Apr 2025 06:51:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51647
IP address blocks:        2a07:3500:1020::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:19:51:79:e1:0d:d4:69:c0:6b:d1:a7:6d:fb:da:c4:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Apr  9 06:51:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e97d6f3a6f35542015901c595b9a19d15783e1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d8:85:fc:21:b4:26:89:68:58:98:9b:c3:9d:
                    dc:eb:4c:be:29:01:22:f8:27:1a:7c:ad:f5:fe:64:
                    ef:10:db:16:0c:83:cd:3c:03:ed:6b:b9:a2:e8:8a:
                    32:d8:3b:1b:1c:7f:05:5b:0e:89:12:0d:c7:f4:36:
                    f0:90:0c:72:87:1c:b3:e2:a3:b2:6c:97:63:d3:e9:
                    e2:08:9a:0e:63:21:54:62:68:58:f4:7b:ee:b3:7a:
                    c3:d9:4b:3b:9e:35:dd:e1:48:e6:f7:02:6c:54:81:
                    04:7b:37:0b:b6:68:30:bd:ef:e7:60:24:9b:47:a0:
                    bf:d4:1f:67:df:7b:ac:44:72:ea:4c:d6:51:c3:79:
                    95:52:70:7c:18:b6:13:7e:dc:2b:d3:10:43:85:85:
                    51:c8:c1:5d:b1:e9:7f:c3:6b:34:53:27:fe:5b:4b:
                    54:d6:b6:d4:68:16:a9:ba:69:fc:fb:2d:7b:e8:56:
                    a9:aa:9e:ba:98:17:a1:a0:02:f7:00:7b:4a:02:bd:
                    1a:fb:ad:58:0d:de:e7:b6:f2:ed:1b:16:c7:7c:aa:
                    c1:94:cd:fb:ed:71:eb:f4:08:39:3d:0c:65:12:f0:
                    5a:f1:2f:dd:7b:2f:ad:cc:82:e7:d8:94:4f:61:e9:
                    e4:f4:d4:9b:d8:51:d7:b4:c0:71:e8:c7:0c:20:73:
                    ee:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:97:D6:F3:A6:F3:55:42:01:59:01:C5:95:B9:A1:9D:15:78:3E:1F
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/npfW86bzVUIBWQHFlbmhnRV4Ph8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1020::/46

    Signature Algorithm: sha256WithRSAEncryption
         b4:65:e1:ec:2e:1d:55:e0:d1:a0:8f:73:b6:0a:dc:0b:d7:ac:
         84:71:23:8e:ba:40:bd:ca:e8:e8:4d:25:86:94:e4:32:28:ca:
         ff:1f:3a:01:63:d4:77:6e:91:e7:48:7b:fd:52:ff:27:8d:d2:
         ae:b9:e4:30:ff:bf:24:14:eb:f8:25:98:1d:9f:68:9f:53:c0:
         33:54:a3:fb:11:46:e1:d0:58:03:e4:d4:1e:52:03:11:87:29:
         55:07:3f:26:3a:b6:5d:05:6e:e1:7b:17:28:c8:33:2c:02:ec:
         33:f8:88:22:61:61:77:d6:d9:70:e2:14:0a:2e:17:6a:56:24:
         8a:0a:a3:e2:04:19:34:ec:25:5e:f3:21:57:d8:26:7c:d4:00:
         ed:b1:55:7c:80:54:f0:08:06:59:13:24:7a:ae:f2:1a:0b:3e:
         b2:f9:db:4d:ab:0b:85:14:82:7a:40:92:02:ae:30:a8:2f:b3:
         ae:6e:c7:a1:fb:66:4c:5a:a1:7b:8e:6c:02:5d:3e:6b:fa:5b:
         fb:db:fc:07:df:58:49:af:37:bc:57:2d:b8:c5:8d:d0:40:fa:
         2b:ea:cc:70:59:29:03:7a:7c:01:49:bc:da:f6:68:ad:c8:50:
         a3:9d:04:4b:32:d8:c4:4b:4a:93:2f:3c:50:d2:cf:5a:8e:c8:
         8d:e9:c9:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZYZUXnhDdRpwGvRp2372sQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwNDA5MDY1MTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTk3ZDZmM2E2ZjM1NTQyMDE1OTAxYzU5NWI5YTE5ZDE1NzgzZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9iF/CG0JoloWJibw53c60y+KQEi
+CcafK31/mTvENsWDIPNPAPta7mi6Ioy2DsbHH8FWw6JEg3H9DbwkAxyhxyz4qOy
bJdj0+niCJoOYyFUYmhY9Hvus3rD2Us7njXd4Ujm9wJsVIEEezcLtmgwve/nYCSb
R6C/1B9n33usRHLqTNZRw3mVUnB8GLYTftwr0xBDhYVRyMFdsel/w2s0Uyf+W0tU
1rbUaBapumn8+y176Fapqp66mBehoAL3AHtKAr0a+61YDd7ntvLtGxbHfKrBlM37
7XHr9Ag5PQxlEvBa8S/dey+tzILn2JRPYenk9NSb2FHXtMBx6McMIHPuEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ6X1vOm81VCAVkBxZW5oZ0VeD4fMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvbnBmVzg2YnpWVUlCV1FIRmxibWhuUlY0UGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgc1ABAg
MA0GCSqGSIb3DQEBCwUAA4IBAQC0ZeHsLh1V4NGgj3O2CtwL16yEcSOOukC9yujo
TSWGlOQyKMr/HzoBY9R3bpHnSHv9Uv8njdKuueQw/78kFOv4JZgdn2ifU8AzVKP7
EUbh0FgD5NQeUgMRhylVBz8mOrZdBW7hexcoyDMsAuwz+IgiYWF31tlw4hQKLhdq
ViSKCqPiBBk07CVe8yFX2CZ81ADtsVV8gFTwCAZZEyR6rvIaCz6y+dtNqwuFFIJ6
QJICrjCoL7Oubseh+2ZMWqF7jmwCXT5r+lv72/wH31hJrze8Vy24xY3QQPor6sxw
WSkDenwBSbza9mityFCjnQRLMtjES0qTLzxQ0s9ajsiN6cmr
-----END CERTIFICATE-----