Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/NuvWFYQk-kiKl2MmMjAPNDb8So4.roa
File:                     NuvWFYQk-kiKl2MmMjAPNDb8So4.roa (raw, json)
Hash identifier:          HNkfwrKS+V0tdXG/bTci5kuusdPPHQbnnFcQ26SERCU=
Subject key identifier:   36:EB:D6:15:84:24:FA:48:8A:97:63:26:32:30:0F:34:36:FC:4A:8E
Certificate issuer:       /CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
Certificate serial:       019B797F4CCA0E17B310C543B061192B8CE4
Authority key identifier: 41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/NuvWFYQk-kiKl2MmMjAPNDb8So4.roa
Signing time:             Thu 01 Jan 2026 12:19:04 +0000
ROA not before:           Thu 01 Jan 2026 12:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:67c:2a10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:4c:ca:0e:17:b3:10:c5:43:b0:61:19:2b:8c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
        Validity
            Not Before: Jan  1 12:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36ebd6158424fa488a97632632300f3436fc4a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:08:fe:db:24:b8:30:36:87:06:fe:2f:ab:
                    fa:b7:3d:6f:15:72:f7:07:45:84:31:f2:2c:16:04:
                    ea:10:e6:f0:74:06:89:9a:68:92:80:2a:d6:d9:e4:
                    03:97:28:62:66:43:47:e0:41:8b:0f:17:1a:2b:dd:
                    9f:77:49:e5:70:07:47:1f:51:d5:c5:c5:13:44:22:
                    d6:ec:a0:75:9f:7b:d7:83:1e:6e:b8:39:fb:cc:20:
                    6a:e0:97:8b:62:04:48:b4:d4:ef:5e:a1:63:87:bc:
                    5a:61:09:f9:13:26:cd:37:62:39:61:8b:85:c6:55:
                    7b:92:f1:a5:73:c8:b8:67:64:a6:8f:b7:6f:31:30:
                    c0:74:e8:eb:b0:a0:43:c5:30:21:7e:28:fa:de:42:
                    5b:88:0c:b8:d5:40:c9:b7:9a:9e:f9:68:db:b4:91:
                    f4:36:e7:c9:c4:99:6d:65:0c:d7:30:0c:3e:8c:d7:
                    3f:f9:09:bf:d9:90:13:42:3f:68:6c:b2:55:58:f0:
                    b6:1e:9c:8b:d3:71:fa:86:a4:58:1a:1a:ec:95:94:
                    52:41:46:61:4e:5c:70:73:04:a7:5b:08:8c:9d:0d:
                    6d:ae:3b:78:32:4d:f1:7f:f9:00:f9:e6:7e:b9:e9:
                    75:2f:18:25:6c:ea:9c:a8:68:c4:79:9d:eb:c3:fd:
                    93:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EB:D6:15:84:24:FA:48:8A:97:63:26:32:30:0F:34:36:FC:4A:8E
            X509v3 Authority Key Identifier:
                keyid:41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/NuvWFYQk-kiKl2MmMjAPNDb8So4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:85:fc:5b:e4:56:4f:dc:8b:ee:f3:5c:c0:49:8d:75:76:a7:
         32:9d:23:c4:d5:c7:15:71:b1:cc:f2:4e:3d:79:cf:c9:17:24:
         37:0c:18:9c:67:4f:a5:aa:b6:db:64:ea:83:b4:15:f1:f2:8d:
         91:f7:46:7a:51:4e:1a:1f:fe:44:39:01:7c:60:9c:57:f4:72:
         8e:f2:bc:c6:1e:f4:65:03:3a:a7:24:26:76:6b:67:2b:e0:52:
         95:b2:36:3b:7b:cc:58:43:48:c4:8f:08:19:e8:8e:28:7c:b9:
         e6:d0:4f:ba:69:81:01:b0:55:d1:83:9c:cc:fa:a9:7c:9d:52:
         aa:4e:85:18:8f:b6:3c:fe:7d:92:f6:e5:99:9c:6f:78:fe:11:
         d6:81:df:f6:9a:97:1b:2e:ac:b1:22:53:0a:ea:1e:b0:a5:29:
         30:4b:2c:bc:08:2c:56:6f:a8:8e:fa:10:31:c2:7e:d1:eb:db:
         62:e3:8c:7c:5b:f6:fd:00:e3:f0:21:d0:c1:ce:bc:06:b8:79:
         b5:db:0a:da:9d:e8:18:2b:64:0c:53:97:1d:30:56:d7:66:9f:
         f6:47:a0:25:5f:ae:ef:2e:28:bc:b4:2e:87:1f:41:a0:68:d2:
         8a:d8:c3:e3:87:6a:36:4a:ea:17:7e:ff:83:d5:be:10:ed:b3:
         90:79:55:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5f0zKDhezEMVDsGEZK4zkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZDE0ZjI4Zjk4ZDNiZGNjNDVlMTkyMjZmMWY1NjE3MGUz
MTJhYmYwHhcNMjYwMTAxMTIxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmViZDYxNTg0MjRmYTQ4OGE5NzYzMjYzMjMwMGYzNDM2ZmM0YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquII/tskuDA2hwb+L6v6tz1vFXL3
B0WEMfIsFgTqEObwdAaJmmiSgCrW2eQDlyhiZkNH4EGLDxcaK92fd0nlcAdHH1HV
xcUTRCLW7KB1n3vXgx5uuDn7zCBq4JeLYgRItNTvXqFjh7xaYQn5EybNN2I5YYuF
xlV7kvGlc8i4Z2Smj7dvMTDAdOjrsKBDxTAhfij63kJbiAy41UDJt5qe+WjbtJH0
NufJxJltZQzXMAw+jNc/+Qm/2ZATQj9obLJVWPC2HpyL03H6hqRYGhrslZRSQUZh
TlxwcwSnWwiMnQ1trjt4Mk3xf/kA+eZ+uel1LxglbOqcqGjEeZ3rw/2TGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDbr1hWEJPpIipdjJjIwDzQ2/EqOMB8GA1UdIwQY
MBaAFEHRTyj5jTvcxF4ZIm8fVhcOMSq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTct
YjM4MDQ1MzI2N2Y5LzEvTnV2V0ZZUWsta2lLbDJNbU1qQVBORGI4U280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTctYjM4MDQ1MzI2N2Y5
LzEvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBdhfxb5FZP3Ivu81zASY11dqcynSPE1ccVcbHM
8k49ec/JFyQ3DBicZ0+lqrbbZOqDtBXx8o2R90Z6UU4aH/5EOQF8YJxX9HKO8rzG
HvRlAzqnJCZ2a2cr4FKVsjY7e8xYQ0jEjwgZ6I4ofLnm0E+6aYEBsFXRg5zM+ql8
nVKqToUYj7Y8/n2S9uWZnG94/hHWgd/2mpcbLqyxIlMK6h6wpSkwSyy8CCxWb6iO
+hAxwn7R69ti44x8W/b9AOPwIdDBzrwGuHm12wranegYK2QMU5cdMFbXZp/2R6Al
X67vLii8tC6HH0GgaNKK2MPjh2o2SuoXfv+D1b4Q7bOQeVUE
-----END CERTIFICATE-----