Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NHXmAMP9OfG23HqRRxSGbF25ehg.roa
File:                     NHXmAMP9OfG23HqRRxSGbF25ehg.roa (raw, json)
Hash identifier:          igIqljndItKCTKdCnlmyGEFNCEW3o97rBxTD2oBMs1c=
Subject key identifier:   34:75:E6:00:C3:FD:39:F1:B6:DC:7A:91:47:14:86:6C:5D:B9:7A:18
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       0195C8FF028E1B360893EDAA9BC6DA2D28A9
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NHXmAMP9OfG23HqRRxSGbF25ehg.roa
Signing time:             Mon 24 Mar 2025 16:31:50 +0000
ROA not before:           Mon 24 Mar 2025 16:31:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215258
IP address blocks:        2a09:e1c1:f020::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:ff:02:8e:1b:36:08:93:ed:aa:9b:c6:da:2d:28:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Mar 24 16:31:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3475e600c3fd39f1b6dc7a914714866c5db97a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a5:ea:f0:b6:9d:3a:3c:d3:7d:a6:f3:b8:be:
                    65:e5:70:f4:52:81:7b:7d:ea:e8:f9:7a:35:01:61:
                    1a:f3:f0:25:2d:bb:cc:f3:44:5e:03:11:c4:53:5f:
                    9d:15:c9:d7:e6:8a:c6:d6:52:ea:9f:85:67:29:c1:
                    7c:7e:67:20:0d:60:e2:62:a3:9b:b8:16:d4:8b:41:
                    79:14:e9:dc:37:22:36:c4:af:f4:2a:b0:a0:e3:67:
                    57:93:30:e1:68:3f:52:6a:00:35:91:1e:05:7b:df:
                    a1:86:c6:65:0f:d5:4e:24:34:cd:1a:d7:01:12:5b:
                    24:42:09:1e:7e:cc:a4:ae:6f:a4:09:7e:39:b1:7d:
                    c5:5e:4d:8b:9d:1a:13:05:cd:f9:00:d3:e1:7b:4e:
                    8a:b7:bf:fa:ec:91:a9:bc:84:e7:a9:4d:f4:2f:d0:
                    e0:ea:6e:e8:ca:bc:7a:d0:11:fc:40:ab:80:c1:ad:
                    00:b5:fa:61:f3:4f:9b:0c:f6:01:a6:42:79:c7:e2:
                    47:19:08:d1:4a:42:4d:2d:6c:49:1a:e6:b6:aa:bd:
                    9b:97:59:ed:ac:64:79:d4:13:6e:6a:ad:da:bd:d6:
                    6b:8b:a5:77:cb:c0:74:58:86:bb:0d:ee:fd:ac:2c:
                    7a:74:d0:cc:7e:84:1e:fc:23:5b:03:21:e9:58:c1:
                    9e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:75:E6:00:C3:FD:39:F1:B6:DC:7A:91:47:14:86:6C:5D:B9:7A:18
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NHXmAMP9OfG23HqRRxSGbF25ehg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:f020::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:ac:4f:3f:c7:94:e4:4c:1d:61:61:aa:91:2e:52:c9:1c:99:
         db:da:e7:4c:35:3e:1b:ff:47:dd:e7:37:a0:b1:e9:5e:d9:dc:
         de:e1:79:39:1c:f2:93:aa:14:5e:a0:5d:5b:00:96:d7:77:b3:
         03:92:2c:dd:09:63:08:58:f8:84:73:7c:d2:49:bd:5a:87:64:
         24:14:e4:f6:e3:8c:22:86:e4:a6:8a:5f:a3:54:ab:fc:d8:a3:
         a8:1b:f1:09:be:16:49:df:ae:cb:a8:c2:94:73:48:f0:46:70:
         f1:87:3e:ad:bd:c6:67:35:79:ee:21:5b:dd:20:a9:b0:f8:a6:
         69:96:a1:71:d5:cc:f8:3d:f6:a3:95:4f:3d:b5:a2:d0:ef:6b:
         4a:b2:b2:8e:fd:13:45:90:54:47:36:19:c5:d0:82:0b:6d:97:
         8d:91:23:0c:1f:7c:05:08:3d:b8:6e:c9:8c:9f:86:79:b1:e6:
         3f:71:52:94:6c:1d:0e:7e:e4:1d:ac:ab:b2:70:b4:e9:25:67:
         5e:69:43:ba:cd:6c:26:d7:02:5e:64:ba:ba:8f:53:5c:8c:ac:
         9c:e1:cf:08:3d:9f:19:5e:3f:54:93:5b:1e:e9:1b:14:30:40:
         fc:22:b2:73:e9:50:ed:89:de:2b:2d:41:3b:87:6f:5d:79:7a:
         fa:99:ef:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZXI/wKOGzYIk+2qm8baLSipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMzI0MTYzMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDc1ZTYwMGMzZmQzOWYxYjZkYzdhOTE0NzE0ODY2YzVkYjk3YTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6Xq8LadOjzTfabzuL5l5XD0UoF7
fero+Xo1AWEa8/AlLbvM80ReAxHEU1+dFcnX5orG1lLqn4VnKcF8fmcgDWDiYqOb
uBbUi0F5FOncNyI2xK/0KrCg42dXkzDhaD9SagA1kR4Fe9+hhsZlD9VOJDTNGtcB
ElskQgkefsykrm+kCX45sX3FXk2LnRoTBc35ANPhe06Kt7/67JGpvITnqU30L9Dg
6m7oyrx60BH8QKuAwa0Atfph80+bDPYBpkJ5x+JHGQjRSkJNLWxJGua2qr2bl1nt
rGR51BNuaq3avdZri6V3y8B0WIa7De79rCx6dNDMfoQe/CNbAyHpWMGe2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDR15gDD/Tnxttx6kUcUhmxduXoYMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvTkhYbUFNUDlPZkcyM0hxUlJ4U0diRjI1ZWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwfAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCFrE8/x5TkTB1hYaqRLlLJHJnb2udMNT4b/0fd
5zegsele2dze4Xk5HPKTqhReoF1bAJbXd7MDkizdCWMIWPiEc3zSSb1ah2QkFOT2
44wihuSmil+jVKv82KOoG/EJvhZJ367LqMKUc0jwRnDxhz6tvcZnNXnuIVvdIKmw
+KZplqFx1cz4PfajlU89taLQ72tKsrKO/RNFkFRHNhnF0IILbZeNkSMMH3wFCD24
bsmMn4Z5seY/cVKUbB0OfuQdrKuycLTpJWdeaUO6zWwm1wJeZLq6j1NcjKyc4c8I
PZ8ZXj9Uk1se6RsUMED8IrJz6VDtid4rLUE7h29deXr6me93
-----END CERTIFICATE-----