Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Nt9ND-MMeXw4WMscugEXD9h-l2k.roa
File:                     Nt9ND-MMeXw4WMscugEXD9h-l2k.roa (raw, json)
Hash identifier:          +O2AiXlzhayfdWcajRKOtp0UP/P93QZHuIrykLEb3Xo=
Subject key identifier:   36:DF:4D:0F:E3:0C:79:7C:38:58:CB:1C:BA:01:17:0F:D8:7E:97:69
Certificate issuer:       /CN=9344b4879f19ee719a351463001726f686d659ef
Certificate serial:       0198980B75EB98C266EEACA55464C3A63DE9
Authority key identifier: 93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Nt9ND-MMeXw4WMscugEXD9h-l2k.roa
Signing time:             Mon 11 Aug 2025 07:32:24 +0000
ROA not before:           Mon 11 Aug 2025 07:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51432
IP address blocks:        2a02:22f8::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:0b:75:eb:98:c2:66:ee:ac:a5:54:64:c3:a6:3d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9344b4879f19ee719a351463001726f686d659ef
        Validity
            Not Before: Aug 11 07:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36df4d0fe30c797c3858cb1cba01170fd87e9769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c1:aa:18:a2:06:c7:ab:f1:d3:40:6b:68:ea:
                    c7:67:c6:a1:34:c3:ef:e5:81:70:56:7d:92:f5:fe:
                    01:1b:13:b3:49:e0:eb:bb:1c:b7:d6:49:c7:77:62:
                    8b:89:c2:93:7a:c9:77:88:2d:ff:3f:01:c6:5d:38:
                    fd:de:9c:ef:b5:b4:52:9b:89:72:bd:9d:0a:8f:a4:
                    d3:c2:a7:db:e2:f1:6f:e1:8a:16:2d:64:f5:77:ff:
                    19:4c:3d:68:af:cd:0c:1d:48:20:ef:5f:8d:e9:61:
                    2b:b9:0e:02:51:88:90:fa:f5:31:96:28:bf:4b:f5:
                    e2:e9:aa:b5:f7:3d:4e:85:a9:db:b8:3a:07:86:0f:
                    22:56:cc:f2:53:93:c4:f7:90:d2:84:aa:80:17:a8:
                    9d:20:9a:b0:78:1c:c2:73:a0:45:b5:15:52:e2:02:
                    d0:7a:96:1b:45:56:81:1c:04:d0:51:3f:81:77:a3:
                    9b:8b:74:89:2b:c4:59:d1:65:ea:31:eb:50:d6:78:
                    6c:04:fe:e1:a9:8d:b7:7b:7f:31:11:6e:66:cc:db:
                    ee:4c:2c:f3:e5:2b:54:48:26:d6:82:dd:93:13:b0:
                    3b:0c:f8:e0:28:44:a5:f1:db:9d:22:65:cf:67:00:
                    09:5c:98:15:7c:c1:7d:6e:a6:c4:fe:14:43:af:ad:
                    4b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DF:4D:0F:E3:0C:79:7C:38:58:CB:1C:BA:01:17:0F:D8:7E:97:69
            X509v3 Authority Key Identifier:
                keyid:93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Nt9ND-MMeXw4WMscugEXD9h-l2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:22f8::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:1c:d8:0d:31:b8:d6:c2:8d:38:27:62:3f:5a:a7:f3:ff:da:
         86:c2:16:e2:71:1f:30:48:c6:4c:8d:6a:87:5f:57:5d:5b:99:
         c0:fe:1c:0f:06:85:96:db:3d:af:21:2d:ab:b1:de:80:23:60:
         97:90:c5:94:89:4f:04:b5:a2:61:8d:62:69:05:56:38:db:c3:
         2f:8e:d7:aa:2e:c3:85:33:1f:1d:f3:af:ea:89:53:d3:aa:d3:
         43:c6:2b:a2:f8:7a:cc:88:a6:bc:21:d7:dc:ed:c2:43:e9:8c:
         9d:d8:9e:d2:b8:98:e5:03:e0:d9:74:33:b3:be:71:0b:8c:a0:
         f7:a4:bc:77:ba:a0:98:46:05:76:62:1f:29:4e:56:51:55:3a:
         0b:35:37:74:1e:a8:70:78:e2:37:ea:7d:15:6a:d7:2c:14:5f:
         a4:8a:fc:19:16:08:0f:ee:2a:7f:88:58:f2:31:a4:82:31:68:
         ff:97:dd:91:68:dc:c0:d4:43:8c:6d:dc:06:5c:6a:01:0b:ea:
         b5:2d:7a:f6:f8:8c:c4:98:b4:10:14:d1:94:aa:84:88:90:fb:
         98:47:de:4d:7d:a9:b4:b9:87:58:a0:1c:61:19:ab:5d:df:26:
         c0:e6:54:f4:32:10:48:80:8b:97:d6:10:cd:72:0b:ee:35:b4:
         d0:ff:f5:a1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiYC3XrmMJm7qylVGTDpj3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNDRiNDg3OWYxOWVlNzE5YTM1MTQ2MzAwMTcyNmY2ODZk
NjU5ZWYwHhcNMjUwODExMDczMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRmNGQwZmUzMGM3OTdjMzg1OGNiMWNiYTAxMTcwZmQ4N2U5NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMGqGKIGx6vx00BraOrHZ8ahNMPv
5YFwVn2S9f4BGxOzSeDruxy31knHd2KLicKTesl3iC3/PwHGXTj93pzvtbRSm4ly
vZ0Kj6TTwqfb4vFv4YoWLWT1d/8ZTD1or80MHUgg71+N6WEruQ4CUYiQ+vUxlii/
S/Xi6aq19z1OhanbuDoHhg8iVszyU5PE95DShKqAF6idIJqweBzCc6BFtRVS4gLQ
epYbRVaBHATQUT+Bd6Obi3SJK8RZ0WXqMetQ1nhsBP7hqY23e38xEW5mzNvuTCzz
5StUSCbWgt2TE7A7DPjgKESl8dudImXPZwAJXJgVfMF9bqbE/hRDr61LeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDbfTQ/jDHl8OFjLHLoBFw/YfpdpMB8GA1UdIwQY
MBaAFJNEtIefGe5xmjUUYwAXJvaG1lnvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazBTMGg1OFo3bkdhTlJSakFCY205b2JXV2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81ODU4ZjEtMjljNS00NmU2LWE3NmQt
NWE0MGU1MmNkNDgxLzEvTnQ5TkQtTU1lWHc0V01zY3VnRVhEOWgtbDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81ODU4ZjEtMjljNS00NmU2LWE3NmQtNWE0MGU1MmNkNDgx
LzEvazBTMGg1OFo3bkdhTlJSakFCY205b2JXV2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgIi+DAN
BgkqhkiG9w0BAQsFAAOCAQEAChzYDTG41sKNOCdiP1qn8//ahsIW4nEfMEjGTI1q
h19XXVuZwP4cDwaFlts9ryEtq7HegCNgl5DFlIlPBLWiYY1iaQVWONvDL47Xqi7D
hTMfHfOv6olT06rTQ8Yrovh6zIimvCHX3O3CQ+mMndie0riY5QPg2XQzs75xC4yg
96S8d7qgmEYFdmIfKU5WUVU6CzU3dB6ocHjiN+p9FWrXLBRfpIr8GRYID+4qf4hY
8jGkgjFo/5fdkWjcwNRDjG3cBlxqAQvqtS169viMxJi0EBTRlKqEiJD7mEfeTX2p
tLmHWKAcYRmrXd8mwOZU9DIQSICLl9YQzXIL7jW00P/1oQ==
-----END CERTIFICATE-----