Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Nvqrypcu1rnarWNWdHjqDFPBMuo.roa
File:                     Nvqrypcu1rnarWNWdHjqDFPBMuo.roa (raw, json)
Hash identifier:          83S00/t8WNFCJVdz0+Z9C9hdsmHyg4uijWqkEK18AnY=
Subject key identifier:   36:FA:AB:CA:97:2E:D6:B9:DA:AD:63:56:74:78:EA:0C:53:C1:32:EA
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       01957650781F5623E8DF04A91D41B240C18B
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Nvqrypcu1rnarWNWdHjqDFPBMuo.roa
Signing time:             Sat 08 Mar 2025 15:12:19 +0000
ROA not before:           Sat 08 Mar 2025 15:12:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        195.96.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:76:50:78:1f:56:23:e8:df:04:a9:1d:41:b2:40:c1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Mar  8 15:12:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36faabca972ed6b9daad63567478ea0c53c132ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ab:e1:1a:8a:f5:33:0f:29:30:39:9b:28:ab:
                    d9:b4:c8:57:b0:1c:82:28:65:25:9b:b0:b7:9c:c8:
                    de:43:2b:6b:d4:02:39:d2:73:a2:21:20:2e:0e:b3:
                    e1:80:6d:b7:3c:b3:d8:b5:3e:13:58:be:b5:f2:bb:
                    25:dc:0b:a4:b1:bf:7a:f6:d8:9d:6d:be:cd:aa:6a:
                    16:94:13:83:6d:bc:89:e3:55:53:a9:fb:28:bf:c2:
                    ba:96:31:4f:3f:de:d2:7e:19:c7:df:76:87:9f:35:
                    dd:76:c7:cd:b7:60:84:8b:75:19:f4:be:f7:bd:82:
                    5a:d9:f2:29:e7:41:bd:e5:54:4e:1e:82:e9:cd:c5:
                    52:cb:59:d9:db:d5:d3:5f:a7:34:ca:c7:67:ea:96:
                    00:3a:72:34:a1:d7:0a:e2:ac:e7:5b:14:cc:99:f4:
                    50:16:44:77:53:f0:0c:d4:98:6f:da:42:75:36:dd:
                    53:c6:4f:7c:5d:80:14:b6:52:96:a2:9b:0a:b6:3c:
                    19:b0:25:3b:92:4c:b4:5f:7f:82:4a:40:d4:c4:2b:
                    9f:bb:20:35:e4:81:5b:38:35:5c:c2:27:16:4f:8b:
                    1f:9b:6c:77:eb:99:e7:89:d8:17:9f:2f:a3:3e:e2:
                    da:61:5d:81:19:0b:7d:30:e5:35:11:07:95:62:62:
                    7d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FA:AB:CA:97:2E:D6:B9:DA:AD:63:56:74:78:EA:0C:53:C1:32:EA
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Nvqrypcu1rnarWNWdHjqDFPBMuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:72:fa:dc:40:74:27:6b:af:8c:04:4b:ea:32:d4:9b:2a:3e:
         72:0e:77:6b:3b:5d:79:9e:53:2f:65:fb:71:0e:b6:68:99:ba:
         15:d7:0d:88:f4:fc:59:ed:99:86:1f:bd:d1:fa:8b:76:bc:fd:
         58:ae:f0:36:ab:32:e2:29:e8:71:d2:8a:24:7a:ca:d0:78:47:
         cf:20:94:26:53:44:4d:01:d4:92:ff:fa:12:d9:6b:2e:ea:ac:
         a4:73:b7:74:24:24:aa:5b:a8:72:51:4f:ba:01:de:20:1e:fc:
         05:14:d5:20:17:81:c8:8f:78:39:f8:e0:1f:45:0f:c2:54:b4:
         3b:7d:02:23:b0:2a:d3:c9:33:89:f2:52:d6:d0:0a:57:8c:19:
         1c:96:1b:0b:c4:7f:58:72:98:43:d2:fe:de:c0:14:04:ba:01:
         20:57:1e:ce:14:87:4d:20:b4:d8:89:ec:66:6c:a1:7d:85:5e:
         71:3f:f6:45:8d:49:e1:f8:b6:18:4d:5b:a2:d2:9e:6c:4e:5e:
         35:e5:6c:0a:63:6b:7d:54:5c:76:15:95:d7:bf:f0:3f:d9:7b:
         7d:33:88:97:c8:7c:15:9b:9a:9f:e4:13:fd:b7:bb:1a:88:12:
         15:8a:de:65:b7:81:28:18:e3:95:f3:f2:f2:53:56:6a:e1:89:
         68:c5:10:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV2UHgfViPo3wSpHUGyQMGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwMzA4MTUxMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmZhYWJjYTk3MmVkNmI5ZGFhZDYzNTY3NDc4ZWEwYzUzYzEzMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKvhGor1Mw8pMDmbKKvZtMhXsByC
KGUlm7C3nMjeQytr1AI50nOiISAuDrPhgG23PLPYtT4TWL618rsl3Auksb969tid
bb7NqmoWlBODbbyJ41VTqfsov8K6ljFPP97SfhnH33aHnzXddsfNt2CEi3UZ9L73
vYJa2fIp50G95VROHoLpzcVSy1nZ29XTX6c0ysdn6pYAOnI0odcK4qznWxTMmfRQ
FkR3U/AM1Jhv2kJ1Nt1Txk98XYAUtlKWopsKtjwZsCU7kky0X3+CSkDUxCufuyA1
5IFbODVcwicWT4sfm2x365nnidgXny+jPuLaYV2BGQt9MOU1EQeVYmJ9EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb6q8qXLta52q1jVnR46gxTwTLqMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvTnZxcnlwY3Uxcm5hcldOV2RIanFERlBCTXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CcMA0G
CSqGSIb3DQEBCwUAA4IBAQA/cvrcQHQna6+MBEvqMtSbKj5yDndrO115nlMvZftx
DrZomboV1w2I9PxZ7ZmGH73R+ot2vP1YrvA2qzLiKehx0ookesrQeEfPIJQmU0RN
AdSS//oS2Wsu6qykc7d0JCSqW6hyUU+6Ad4gHvwFFNUgF4HIj3g5+OAfRQ/CVLQ7
fQIjsCrTyTOJ8lLW0ApXjBkclhsLxH9YcphD0v7ewBQEugEgVx7OFIdNILTYiexm
bKF9hV5xP/ZFjUnh+LYYTVui0p5sTl415WwKY2t9VFx2FZXXv/A/2Xt9M4iXyHwV
m5qf5BP9t7saiBIVit5lt4EoGOOV8/LyU1Zq4YloxRBz
-----END CERTIFICATE-----