Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/nba05lV2Sy9rhfjgNPrCBt2I_AA.roa
File:                     nba05lV2Sy9rhfjgNPrCBt2I_AA.roa (raw, json)
Hash identifier:          8HWwJ1yyb1tO7QYCNqcRaEGioJ5eFBILfvmHK9fW+iQ=
Subject key identifier:   9D:B6:B4:E6:55:76:4B:2F:6B:85:F8:E0:34:FA:C2:06:DD:88:FC:00
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A36D1FF63965D6C1E92475BF23D0C91E0
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/nba05lV2Sy9rhfjgNPrCBt2I_AA.roa
Signing time:             Thu 30 Oct 2025 20:32:03 +0000
ROA not before:           Thu 30 Oct 2025 20:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        109.121.0.0/19 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          212.69.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:d1:ff:63:96:5d:6c:1e:92:47:5b:f2:3d:0c:91:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 30 20:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9db6b4e655764b2f6b85f8e034fac206dd88fc00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:39:a9:89:00:50:3a:37:f0:68:b3:16:1f:70:
                    e8:f8:df:b7:3e:fb:2c:b1:ae:c2:cf:37:63:34:7a:
                    af:38:7b:a4:72:b9:d6:d4:e1:1b:3b:51:70:ca:da:
                    b0:86:58:5b:87:05:b0:35:51:6d:83:fa:7e:7b:46:
                    bb:0e:a5:f0:de:6f:b5:1e:6e:2f:33:44:a1:73:25:
                    b0:9e:76:b0:0e:b8:35:12:00:3d:0e:2d:83:12:09:
                    0f:fd:75:a9:22:a0:4a:62:7c:03:97:0b:ac:45:02:
                    fb:d8:a7:6d:5a:49:1a:4b:5b:f9:1f:4a:05:73:eb:
                    4e:00:8c:25:57:f1:e8:df:25:5a:8f:47:4f:b9:6c:
                    96:e7:5b:1c:4b:9d:7e:46:ee:f3:14:d5:a7:8f:a1:
                    0c:d4:80:f6:55:a8:76:b0:54:9c:ee:71:cf:4d:92:
                    db:a9:af:60:57:67:48:13:e4:20:fd:51:e9:66:5a:
                    b4:9c:b1:5a:75:83:5d:87:35:28:b4:65:f4:90:a1:
                    4e:b0:a2:33:d4:8e:88:bd:cf:95:39:a9:bb:5d:40:
                    cc:be:d2:46:df:2f:6f:50:f5:9f:22:18:c2:81:1b:
                    98:8f:3f:8e:c3:37:3f:9b:20:55:22:81:32:dc:bc:
                    2c:e9:18:37:ef:bf:96:56:70:4b:b1:3d:1d:2b:21:
                    a5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B6:B4:E6:55:76:4B:2F:6B:85:F8:E0:34:FA:C2:06:DD:88:FC:00
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/nba05lV2Sy9rhfjgNPrCBt2I_AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.0.0/19
                  178.253.237.0/24
                  212.69.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:43:04:2f:ad:bc:78:f1:ce:4e:00:7d:41:ab:d2:a5:ee:57:
         7c:49:5a:43:29:f2:40:45:22:74:30:2c:d7:7b:39:c6:15:d4:
         dc:ae:f8:25:f0:f3:61:aa:e1:2e:8e:27:46:51:21:04:59:37:
         bc:e6:03:97:10:0d:56:38:8b:c0:8c:ca:81:b8:01:69:6f:fc:
         b6:80:50:21:89:b5:0b:3a:33:64:c1:4b:4d:d0:88:d7:e3:65:
         6c:3d:71:aa:db:b8:b7:eb:e9:2d:ab:9a:dd:eb:89:fe:e2:0d:
         42:dd:03:be:49:dd:fc:5f:d2:28:c7:b7:be:e7:9c:d2:4c:67:
         ea:f3:88:24:a5:8e:e9:35:b3:05:a7:b2:8e:a0:c9:40:6e:83:
         c6:56:4b:c6:ff:af:9d:70:bc:20:58:5e:2c:9e:46:60:1b:97:
         57:43:7e:86:cf:ff:df:7d:99:55:6f:03:3e:30:ef:d1:5f:53:
         5a:67:3d:9b:d1:15:1b:ae:2d:f3:5f:64:f9:85:df:ff:e8:35:
         69:50:6e:c8:87:7d:b7:67:c8:f1:d9:a0:6a:c8:2c:10:52:46:
         20:24:36:35:b0:82:fc:4f:93:69:bb:a2:30:5e:90:5e:da:1d:
         80:17:b6:a9:1d:e6:71:ec:f8:43:ac:ec:84:9f:4d:3f:70:82:
         55:e5:a6:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo20f9jll1sHpJHW/I9DJHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDMwMjAzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI2YjRlNjU1NzY0YjJmNmI4NWY4ZTAzNGZhYzIwNmRkODhmYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTmpiQBQOjfwaLMWH3Do+N+3Pvss
sa7CzzdjNHqvOHukcrnW1OEbO1FwytqwhlhbhwWwNVFtg/p+e0a7DqXw3m+1Hm4v
M0ShcyWwnnawDrg1EgA9Di2DEgkP/XWpIqBKYnwDlwusRQL72KdtWkkaS1v5H0oF
c+tOAIwlV/Ho3yVaj0dPuWyW51scS51+Ru7zFNWnj6EM1ID2Vah2sFSc7nHPTZLb
qa9gV2dIE+Qg/VHpZlq0nLFadYNdhzUotGX0kKFOsKIz1I6Ivc+VOam7XUDMvtJG
3y9vUPWfIhjCgRuYjz+Owzc/myBVIoEy3Lws6Rg377+WVnBLsT0dKyGl6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ22tOZVdksva4X44DT6wgbdiPwAMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvbmJhMDVsVjJTeTlyaGZqZ05QckNCdDJJX0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFbXkAAwQA
sv3tAwQB1EUKMA0GCSqGSIb3DQEBCwUAA4IBAQBQQwQvrbx48c5OAH1Bq9Kl7ld8
SVpDKfJARSJ0MCzXeznGFdTcrvgl8PNhquEujidGUSEEWTe85gOXEA1WOIvAjMqB
uAFpb/y2gFAhibULOjNkwUtN0IjX42VsPXGq27i36+ktq5rd64n+4g1C3QO+Sd38
X9Iox7e+55zSTGfq84gkpY7pNbMFp7KOoMlAboPGVkvG/6+dcLwgWF4snkZgG5dX
Q36Gz//ffZlVbwM+MO/RX1NaZz2b0RUbri3zX2T5hd//6DVpUG7Ih323Z8jx2aBq
yCwQUkYgJDY1sIL8T5Npu6IwXpBe2h2AF7apHeZx7PhDrOyEn00/cIJV5ab7
-----END CERTIFICATE-----