Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nLsyVuehs4jeCS4JRJE2VO5aV5I.roa
File:                     nLsyVuehs4jeCS4JRJE2VO5aV5I.roa (raw, json)
Hash identifier:          ypIKdtNC4Ic9Sqbxvpei64KUmu5yr6lYiqShQ2+fMBo=
Subject key identifier:   9C:BB:32:56:E7:A1:B3:88:DE:09:2E:09:44:91:36:54:EE:5A:57:92
Certificate issuer:       /CN=606d37cf87f12f2ab2def31380c386b826c19d65
Certificate serial:       01976430EEC4505F8C76A02A9ABE9C50698F
Authority key identifier: 60:6D:37:CF:87:F1:2F:2A:B2:DE:F3:13:80:C3:86:B8:26:C1:9D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nLsyVuehs4jeCS4JRJE2VO5aV5I.roa
Signing time:             Thu 12 Jun 2025 12:50:17 +0000
ROA not before:           Thu 12 Jun 2025 12:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199936
IP address blocks:        31.131.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:30:ee:c4:50:5f:8c:76:a0:2a:9a:be:9c:50:69:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606d37cf87f12f2ab2def31380c386b826c19d65
        Validity
            Not Before: Jun 12 12:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cbb3256e7a1b388de092e0944913654ee5a5792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:91:dc:af:48:b7:0d:84:52:d5:89:a2:3d:
                    34:f9:ab:6a:87:a7:6c:a2:90:ff:ca:60:c2:1b:70:
                    3e:48:77:84:f5:08:aa:0e:43:cb:b9:a9:56:85:ff:
                    fd:50:d3:42:46:a9:f9:e3:b2:bb:4d:57:f0:4b:c6:
                    f9:a7:26:78:7f:ac:25:c4:94:2d:f0:07:e2:0d:84:
                    60:66:7a:b1:6b:68:55:4a:90:c7:ad:b1:70:81:74:
                    a2:4a:d6:e1:58:bc:1e:2b:1a:e2:3c:32:91:10:dd:
                    83:fc:19:00:67:8b:2e:cc:93:01:9a:ba:8d:17:38:
                    06:c4:2c:58:c1:21:5f:ee:29:c3:ba:e5:bd:ab:c7:
                    60:c4:30:fa:be:25:2b:50:91:f7:17:b3:72:50:55:
                    0c:52:be:d1:cd:14:f3:6e:05:8c:5d:67:01:95:6a:
                    51:96:04:ed:b2:da:1f:14:4c:8f:74:45:35:f6:08:
                    0e:f9:29:ea:a7:9e:19:e8:36:74:6e:27:d6:e0:09:
                    0e:a8:75:00:d5:fd:13:89:69:67:76:04:57:f9:f6:
                    c7:8b:b3:33:1e:82:51:59:20:bc:a4:7f:a9:90:7d:
                    fe:a9:a8:dd:63:b6:6e:02:d0:26:c5:80:ee:6a:ae:
                    1e:8c:21:68:c9:da:a8:0a:a0:4c:00:3b:ba:45:42:
                    d8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:BB:32:56:E7:A1:B3:88:DE:09:2E:09:44:91:36:54:EE:5A:57:92
            X509v3 Authority Key Identifier:
                keyid:60:6D:37:CF:87:F1:2F:2A:B2:DE:F3:13:80:C3:86:B8:26:C1:9D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YG03z4fxLyqy3vMTgMOGuCbBnWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/nLsyVuehs4jeCS4JRJE2VO5aV5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a20d6a-91ba-442f-8927-dc0043e9bb4d/1/YG03z4fxLyqy3vMTgMOGuCbBnWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:26:f0:1f:98:50:98:89:db:47:f4:c4:c7:56:56:c3:65:2b:
         77:4a:1b:01:83:c4:0e:6d:b6:a9:de:0b:6e:74:5d:8a:c9:e2:
         61:18:81:14:3d:66:53:f8:1a:3c:cc:19:00:8b:3d:4f:e0:fd:
         38:9d:6d:38:2a:97:85:55:be:a1:de:45:f7:d7:77:18:ab:5d:
         f7:a6:55:a8:b3:f1:69:a5:cc:f9:a9:4b:ce:68:52:50:19:79:
         56:c0:a9:26:2c:d1:68:f4:ad:63:1e:20:aa:d8:f2:71:bd:4b:
         8b:2e:c2:d6:fd:f9:4e:f6:8e:44:fb:d5:53:30:3b:2d:cb:39:
         30:eb:57:56:11:27:fb:53:11:53:5a:28:c8:6f:80:8c:c7:05:
         17:6e:9c:18:74:e8:84:89:45:30:ab:6d:2f:cb:b9:83:e7:37:
         61:52:e2:97:2b:93:1a:9c:a3:37:27:a0:c8:14:04:09:34:15:
         35:a8:2b:02:6b:e4:a0:b3:86:a1:26:ad:c8:0d:c8:18:60:3d:
         82:06:07:d9:1d:52:d4:4d:8c:ea:45:14:0a:c2:0e:c4:67:6d:
         9c:d9:28:84:83:17:08:ee:5c:73:7d:8b:25:87:f0:6b:ca:9b:
         48:26:10:a7:8e:14:95:e5:bd:27:68:ba:1a:a3:3c:7f:c9:c9:
         be:77:bd:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdkMO7EUF+MdqAqmr6cUGmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNmQzN2NmODdmMTJmMmFiMmRlZjMxMzgwYzM4NmI4MjZj
MTlkNjUwHhcNMjUwNjEyMTI1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2JiMzI1NmU3YTFiMzg4ZGUwOTJlMDk0NDkxMzY1NGVlNWE1NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaWR3K9Itw2EUtWJoj00+atqh6ds
opD/ymDCG3A+SHeE9QiqDkPLualWhf/9UNNCRqn547K7TVfwS8b5pyZ4f6wlxJQt
8AfiDYRgZnqxa2hVSpDHrbFwgXSiStbhWLweKxriPDKREN2D/BkAZ4suzJMBmrqN
FzgGxCxYwSFf7inDuuW9q8dgxDD6viUrUJH3F7NyUFUMUr7RzRTzbgWMXWcBlWpR
lgTtstofFEyPdEU19ggO+Snqp54Z6DZ0bifW4AkOqHUA1f0TiWlndgRX+fbHi7Mz
HoJRWSC8pH+pkH3+qajdY7ZuAtAmxYDuaq4ejCFoydqoCqBMADu6RULYZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJy7MlbnobOI3gkuCUSRNlTuWleSMB8GA1UdIwQY
MBaAFGBtN8+H8S8qst7zE4DDhrgmwZ1lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUcwM3o0ZnhMeXF5M3ZNVGdNT0d1Q2JCbldVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMjBkNmEtOTFiYS00NDJmLTg5Mjct
ZGMwMDQzZTliYjRkLzEvbkxzeVZ1ZWhzNGplQ1M0SlJKRTJWTzVhVjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMjBkNmEtOTFiYS00NDJmLTg5MjctZGMwMDQzZTliYjRk
LzEvWUcwM3o0ZnhMeXF5M3ZNVGdNT0d1Q2JCbldVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH4MwMA0G
CSqGSIb3DQEBCwUAA4IBAQCTJvAfmFCYidtH9MTHVlbDZSt3ShsBg8QObbap3gtu
dF2KyeJhGIEUPWZT+Bo8zBkAiz1P4P04nW04KpeFVb6h3kX313cYq133plWos/Fp
pcz5qUvOaFJQGXlWwKkmLNFo9K1jHiCq2PJxvUuLLsLW/flO9o5E+9VTMDstyzkw
61dWESf7UxFTWijIb4CMxwUXbpwYdOiEiUUwq20vy7mD5zdhUuKXK5ManKM3J6DI
FAQJNBU1qCsCa+Sgs4ahJq3IDcgYYD2CBgfZHVLUTYzqRRQKwg7EZ22c2SiEgxcI
7lxzfYslh/BryptIJhCnjhSV5b0naLoaozx/ycm+d70l
-----END CERTIFICATE-----