Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nKfPm9spmtPM1fSPgIuF3RMxFCc.roa
File:                     nKfPm9spmtPM1fSPgIuF3RMxFCc.roa (raw, json)
Hash identifier:          kRYSTEG94arj56oJo4kcSXsSabSa24f6TX9uvXrKqxE=
Subject key identifier:   9C:A7:CF:9B:DB:29:9A:D3:CC:D5:F4:8F:80:8B:85:DD:13:31:14:27
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0196430431E4D9EF113C91B9F8EC85C630D7
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nKfPm9spmtPM1fSPgIuF3RMxFCc.roa
Signing time:             Thu 17 Apr 2025 09:11:10 +0000
ROA not before:           Thu 17 Apr 2025 09:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a0e:4346::/32 maxlen: 32
                          2a0e:67c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:04:31:e4:d9:ef:11:3c:91:b9:f8:ec:85:c6:30:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 17 09:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ca7cf9bdb299ad3ccd5f48f808b85dd13311427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f8:b0:18:72:1a:19:b5:1c:42:1f:b6:fa:48:
                    51:eb:5d:3f:71:32:de:18:20:9d:17:cc:35:bc:2b:
                    5d:7d:66:ec:3d:90:7e:31:43:50:70:23:4c:9f:ad:
                    4b:00:cf:ed:95:3b:91:bd:a0:43:18:61:26:a3:7a:
                    10:7d:3b:77:59:ab:2b:3b:8e:8c:7b:22:b4:09:14:
                    17:b3:33:17:26:c6:f3:6b:4b:e9:16:d8:43:dc:0c:
                    f2:35:68:fe:55:3c:2a:11:49:68:8d:3d:00:99:48:
                    a2:1c:56:c2:74:3c:5c:12:46:da:43:c7:ee:10:9a:
                    86:9f:c0:9b:30:da:0c:4f:5d:4b:4e:42:41:df:f5:
                    c3:f8:48:c1:60:eb:17:03:cd:43:0c:7c:ff:f3:b2:
                    f1:21:b7:23:53:98:22:a1:1c:8c:21:7d:9e:02:9c:
                    08:4e:95:92:29:b6:c0:8c:7a:67:80:f0:23:66:a4:
                    7c:6a:77:c5:41:ef:5b:7c:14:86:df:0b:3d:86:93:
                    90:44:5a:84:fd:69:50:f3:17:6c:5f:07:80:ac:d1:
                    64:0a:60:ac:35:71:39:5a:9c:cd:0b:39:c1:ba:af:
                    81:c3:28:34:78:a5:fb:5d:a6:b0:8c:e3:7f:46:5e:
                    d1:f3:d2:26:9c:6b:c5:8c:62:29:7d:bc:94:66:74:
                    48:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A7:CF:9B:DB:29:9A:D3:CC:D5:F4:8F:80:8B:85:DD:13:31:14:27
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nKfPm9spmtPM1fSPgIuF3RMxFCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4346::/32
                  2a0e:67c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:6d:ac:ab:91:7c:32:4a:3c:4d:db:6b:7b:97:bf:74:07:d2:
         69:69:d4:cd:d6:c5:eb:48:71:c2:ff:e5:f9:4f:1a:f5:b9:5f:
         26:73:87:66:3c:49:40:f7:8a:f4:22:d8:d6:c1:85:f3:9a:a9:
         6b:67:36:7f:36:53:b2:04:44:3c:47:55:1d:ac:06:22:94:be:
         7b:9b:de:93:49:fd:5e:93:48:09:43:18:f7:d6:76:cb:e9:bb:
         b6:34:43:b8:91:94:34:37:72:bc:5c:88:ca:9e:4a:d4:c6:28:
         84:e7:1f:50:c4:5d:b5:d8:f8:1c:d2:14:e6:21:46:d7:d4:1a:
         46:b4:1f:8e:e7:f3:a9:eb:c4:bf:41:d8:c1:0b:56:2d:71:93:
         ff:c1:7f:5f:7c:d6:5c:af:e8:1a:08:85:8f:ec:48:d2:7a:79:
         3a:60:02:85:cd:e0:ed:6a:3f:2e:a1:b0:8f:32:8f:b2:49:1d:
         2c:a4:70:ca:ad:25:d2:15:51:36:ba:39:8d:b6:05:30:11:76:
         0a:42:99:25:90:64:ba:69:08:d8:cc:d4:f2:7d:dd:ff:66:46:
         2d:a0:21:47:c9:e1:9e:6a:1a:f3:1f:94:ed:3b:55:2e:25:bd:
         5f:24:c8:47:0a:76:aa:30:81:76:8d:36:e2:77:e3:47:7f:d1:
         ab:de:a1:b8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZDBDHk2e8RPJG5+OyFxjDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDE3MDkxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E3Y2Y5YmRiMjk5YWQzY2NkNWY0OGY4MDhiODVkZDEzMzExNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4viwGHIaGbUcQh+2+khR610/cTLe
GCCdF8w1vCtdfWbsPZB+MUNQcCNMn61LAM/tlTuRvaBDGGEmo3oQfTt3WasrO46M
eyK0CRQXszMXJsbza0vpFthD3AzyNWj+VTwqEUlojT0AmUiiHFbCdDxcEkbaQ8fu
EJqGn8CbMNoMT11LTkJB3/XD+EjBYOsXA81DDHz/87LxIbcjU5gioRyMIX2eApwI
TpWSKbbAjHpngPAjZqR8anfFQe9bfBSG3ws9hpOQRFqE/WlQ8xdsXweArNFkCmCs
NXE5WpzNCznBuq+Bwyg0eKX7XaawjON/Rl7R89ImnGvFjGIpfbyUZnRIXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJynz5vbKZrTzNX0j4CLhd0TMRQnMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbktmUG05c3BtdFBNMWZTUGdJdUYzUk14RkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5DRgMF
ACoOZ8YwDQYJKoZIhvcNAQELBQADggEBAJJtrKuRfDJKPE3ba3uXv3QH0mlp1M3W
xetIccL/5flPGvW5XyZzh2Y8SUD3ivQi2NbBhfOaqWtnNn82U7IERDxHVR2sBiKU
vnub3pNJ/V6TSAlDGPfWdsvpu7Y0Q7iRlDQ3crxciMqeStTGKITnH1DEXbXY+BzS
FOYhRtfUGka0H47n86nrxL9B2MELVi1xk//Bf1981lyv6BoIhY/sSNJ6eTpgAoXN
4O1qPy6hsI8yj7JJHSykcMqtJdIVUTa6OY22BTARdgpCmSWQZLppCNjM1PJ93f9m
Ri2gIUfJ4Z5qGvMflO07VS4lvV8kyEcKdqowgXaNNuJ340d/0aveobg=
-----END CERTIFICATE-----