Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/NyUxlhwtEkrfLySazfcIwYLq2uE.roa
File:                     NyUxlhwtEkrfLySazfcIwYLq2uE.roa (raw, json)
Hash identifier:          nbUnPx7laXVoJ1K+1QDprr0SXDSN8ACCPbp85TtzNB8=
Subject key identifier:   37:25:31:96:1C:2D:12:4A:DF:2F:24:9A:CD:F7:08:C1:82:EA:DA:E1
Certificate issuer:       /CN=65aa451b783fc91a04b82f82f156f0b489715dc9
Certificate serial:       019A43C8C7E7582769783C4830E9E72A2D9D
Authority key identifier: 65:AA:45:1B:78:3F:C9:1A:04:B8:2F:82:F1:56:F0:B4:89:71:5D:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/NyUxlhwtEkrfLySazfcIwYLq2uE.roa
Signing time:             Sun 02 Nov 2025 08:57:03 +0000
ROA not before:           Sun 02 Nov 2025 08:57:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214361
IP address blocks:        2a12:fa00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:c8:c7:e7:58:27:69:78:3c:48:30:e9:e7:2a:2d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65aa451b783fc91a04b82f82f156f0b489715dc9
        Validity
            Not Before: Nov  2 08:57:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=372531961c2d124adf2f249acdf708c182eadae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fe:85:28:2f:47:bb:e1:d2:9c:ac:b0:13:a2:
                    f1:44:81:c8:1f:25:ac:6f:17:94:32:86:65:a9:50:
                    e3:bd:69:14:05:3b:33:ca:fb:cc:5a:cb:32:89:31:
                    63:e0:93:81:48:e5:2f:8c:93:f8:88:b0:56:88:77:
                    82:63:57:f8:86:d5:59:94:6c:ab:5f:b2:13:ff:41:
                    de:26:27:6a:fe:75:6a:31:1f:69:2b:95:8a:4b:a3:
                    c5:ff:48:21:0e:94:97:67:65:eb:98:cc:47:fa:3c:
                    7f:03:52:68:05:da:6c:80:fe:0d:1d:3f:14:f3:99:
                    74:6d:23:94:1d:de:81:3e:6e:59:7c:24:99:fa:63:
                    d0:cf:27:32:a1:0e:a2:5e:fe:8d:70:af:05:f6:c7:
                    1a:2d:88:47:67:4e:5a:23:70:4f:1b:2a:76:9e:7d:
                    34:2d:1a:db:f5:28:d0:13:40:02:ca:a8:ae:8e:4f:
                    5e:8d:75:76:da:0c:88:be:59:a2:36:fc:91:1c:29:
                    9d:c8:65:61:64:41:ff:76:93:15:63:49:97:5e:27:
                    79:f4:43:c2:ec:49:6b:a7:e2:d1:ca:9b:72:14:89:
                    fa:50:9e:3a:79:be:e6:4b:7b:64:d1:b2:a0:f7:5c:
                    3e:c9:26:f4:4f:40:9b:cb:3f:22:c1:d6:8f:ce:85:
                    a4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:25:31:96:1C:2D:12:4A:DF:2F:24:9A:CD:F7:08:C1:82:EA:DA:E1
            X509v3 Authority Key Identifier:
                keyid:65:AA:45:1B:78:3F:C9:1A:04:B8:2F:82:F1:56:F0:B4:89:71:5D:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZapFG3g_yRoEuC-C8VbwtIlxXck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/NyUxlhwtEkrfLySazfcIwYLq2uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b2e1ef-75b4-4fe9-871b-3bc3df7a298a/1/ZapFG3g_yRoEuC-C8VbwtIlxXck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:fa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:f3:20:22:98:f3:b0:4e:04:59:14:0d:74:4c:07:0a:af:9c:
         5a:c8:4b:96:05:1c:bf:a6:98:e1:c4:e5:0f:3d:d8:03:72:c0:
         c6:b0:a3:e8:53:a3:9e:4a:34:61:6b:8d:f4:68:71:97:63:2e:
         b5:30:d6:35:7e:16:d9:f1:ea:33:00:4a:de:25:6b:e7:45:08:
         98:24:d6:52:0e:e4:c5:bd:cc:63:75:f6:7e:85:60:77:09:88:
         44:64:bd:24:e0:8f:15:98:f5:cd:91:57:2f:c2:6b:aa:57:92:
         ef:6d:1c:f5:41:7e:21:b0:33:4d:03:3f:c8:e2:e3:b1:0a:f9:
         c9:22:ca:01:a9:3d:2d:8c:fc:d6:2d:f7:52:63:29:3e:19:a7:
         8b:b8:e9:bc:ad:a8:14:5c:92:40:de:b1:3f:c9:df:db:a1:fe:
         f7:26:27:dc:36:e4:a6:bd:3f:0e:48:eb:a0:08:4d:20:14:29:
         7d:18:7a:c4:d7:37:f2:c6:6c:00:0f:2e:72:f5:ff:0f:87:4d:
         06:64:eb:24:a4:c2:3a:53:59:23:df:8f:d4:8c:c6:1c:a8:5d:
         c2:fc:6f:c1:89:12:0d:92:0b:ab:19:2f:09:cd:5b:ed:3d:5e:
         2a:e2:80:85:ff:da:7f:11:47:76:1d:c2:92:a8:af:96:9f:56:
         74:ab:f7:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpDyMfnWCdpeDxIMOnnKi2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YWE0NTFiNzgzZmM5MWEwNGI4MmY4MmYxNTZmMGI0ODk3
MTVkYzkwHhcNMjUxMTAyMDg1NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI1MzE5NjFjMmQxMjRhZGYyZjI0OWFjZGY3MDhjMTgyZWFkYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf6FKC9Hu+HSnKywE6LxRIHIHyWs
bxeUMoZlqVDjvWkUBTszyvvMWssyiTFj4JOBSOUvjJP4iLBWiHeCY1f4htVZlGyr
X7IT/0HeJidq/nVqMR9pK5WKS6PF/0ghDpSXZ2XrmMxH+jx/A1JoBdpsgP4NHT8U
85l0bSOUHd6BPm5ZfCSZ+mPQzycyoQ6iXv6NcK8F9scaLYhHZ05aI3BPGyp2nn00
LRrb9SjQE0ACyqiujk9ejXV22gyIvlmiNvyRHCmdyGVhZEH/dpMVY0mXXid59EPC
7Elrp+LRyptyFIn6UJ46eb7mS3tk0bKg91w+ySb0T0Cbyz8iwdaPzoWk2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDclMZYcLRJK3y8kms33CMGC6trhMB8GA1UdIwQY
MBaAFGWqRRt4P8kaBLgvgvFW8LSJcV3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFwRkczZ195Um9FdUMtQzhWYnd0SWx4WGNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9iMmUxZWYtNzViNC00ZmU5LTg3MWIt
M2JjM2RmN2EyOThhLzEvTnlVeGxod3RFa3JmTHlTYXpmY0l3WUxxMnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9iMmUxZWYtNzViNC00ZmU5LTg3MWItM2JjM2RmN2EyOThh
LzEvWmFwRkczZ195Um9FdUMtQzhWYnd0SWx4WGNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL6ADAN
BgkqhkiG9w0BAQsFAAOCAQEAR/MgIpjzsE4EWRQNdEwHCq+cWshLlgUcv6aY4cTl
Dz3YA3LAxrCj6FOjnko0YWuN9Ghxl2MutTDWNX4W2fHqMwBK3iVr50UImCTWUg7k
xb3MY3X2foVgdwmIRGS9JOCPFZj1zZFXL8JrqleS720c9UF+IbAzTQM/yOLjsQr5
ySLKAak9LYz81i33UmMpPhmni7jpvK2oFFySQN6xP8nf26H+9yYn3Dbkpr0/Dkjr
oAhNIBQpfRh6xNc38sZsAA8ucvX/D4dNBmTrJKTCOlNZI9+P1IzGHKhdwvxvwYkS
DZILqxkvCc1b7T1eKuKAhf/afxFHdh3Ckqivlp9WdKv3HQ==
-----END CERTIFICATE-----