Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NwG29YuTRI5XksjMFNEM5lUSKWs.roa
File:                     NwG29YuTRI5XksjMFNEM5lUSKWs.roa (raw, json)
Hash identifier:          zIhjmOX+WnWAegfCFaKo2xLAqaq2QljDNtribVl5+Wc=
Subject key identifier:   37:01:B6:F5:8B:93:44:8E:57:92:C8:CC:14:D1:0C:E6:55:12:29:6B
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       0199DDFDBEBAAF52EE76E47B443A378EAEA3
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NwG29YuTRI5XksjMFNEM5lUSKWs.roa
Signing time:             Mon 13 Oct 2025 14:33:37 +0000
ROA not before:           Mon 13 Oct 2025 14:33:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        91.199.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:fd:be:ba:af:52:ee:76:e4:7b:44:3a:37:8e:ae:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Oct 13 14:33:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3701b6f58b93448e5792c8cc14d10ce65512296b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:57:25:c2:30:35:67:d8:df:d0:e8:9a:a8:7c:
                    77:5b:7c:53:88:4a:1c:f6:b7:bd:a3:f7:24:02:d8:
                    5f:d9:42:59:07:97:cf:d6:4d:95:aa:d0:b2:97:d1:
                    a1:de:bb:a9:bf:c3:8e:49:47:97:3f:6f:27:d8:be:
                    fc:40:22:6c:2f:8a:8f:91:2e:66:9b:03:d6:a6:80:
                    14:68:84:b7:2d:d8:55:cd:19:2d:57:5c:7b:44:57:
                    53:6a:b2:4a:8a:e6:59:d4:2e:38:6b:41:90:22:b3:
                    8e:44:db:5e:ea:d5:9f:9a:13:52:6f:31:ae:5d:35:
                    b0:7c:95:36:d7:1a:18:e3:3d:59:f4:67:e7:48:16:
                    29:96:a3:61:55:42:c6:08:70:97:fa:fc:7f:83:b3:
                    9f:dc:e3:87:2d:d9:0d:d1:fa:e5:bf:d0:18:7d:16:
                    36:7c:3a:2f:d2:36:33:05:dd:05:65:87:b9:52:ef:
                    1e:5b:a4:a6:7c:0a:f3:09:ef:e5:2a:04:d3:08:84:
                    95:23:a3:cc:b4:a8:6b:a8:83:c6:24:1f:e6:60:bf:
                    96:79:6d:59:a6:65:c6:f9:54:e0:ac:d9:50:29:ca:
                    b1:0f:96:ba:e8:0d:00:1a:37:5a:42:43:16:1e:9d:
                    fa:f8:9a:0b:8b:2f:da:e4:8c:e7:28:77:dd:ea:f5:
                    3b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:01:B6:F5:8B:93:44:8E:57:92:C8:CC:14:D1:0C:E6:55:12:29:6B
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NwG29YuTRI5XksjMFNEM5lUSKWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:02:0f:ef:06:28:11:ea:98:a2:39:ca:36:23:00:19:9c:a5:
         df:bd:01:49:94:f4:45:a3:72:e0:eb:0a:65:05:e8:3c:ec:69:
         f3:d3:e2:9c:0d:af:90:a3:30:e3:b1:e3:cb:31:c4:9e:dd:86:
         14:0e:df:a4:67:02:b8:4a:b2:5e:50:d8:48:92:38:f6:08:d2:
         3c:e2:4b:fb:6c:29:10:35:a7:b0:0c:cf:2a:72:97:dd:da:74:
         54:20:56:88:e8:7f:3a:7d:74:86:0b:e5:61:4f:a0:63:a0:3e:
         9f:40:ea:01:0d:98:c0:16:f5:c0:8c:cb:e3:19:61:e8:bf:8d:
         e3:4c:f8:0d:9f:89:fd:ef:07:21:8a:b7:01:eb:53:76:7c:3c:
         b9:73:4f:a6:0f:a4:45:62:c8:53:83:d2:21:33:97:53:ae:ab:
         65:1c:fc:e6:e4:f7:a1:7a:c9:3b:04:5d:0f:03:6e:f0:8b:b1:
         d5:99:d0:f1:9f:1e:d8:a8:7c:ba:5b:32:f4:77:46:d0:c3:27:
         64:a9:71:ba:10:06:3b:b5:d1:ad:86:c7:2e:e7:9b:75:cd:5e:
         ce:c3:4f:55:b9:b4:8e:e3:8f:1d:49:6e:93:fa:47:30:89:46:
         59:e5:5e:b9:32:f5:9f:01:cd:80:69:4e:52:33:7d:b2:c8:62:
         6a:90:d5:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnd/b66r1LuduR7RDo3jq6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjUxMDEzMTQzMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzAxYjZmNThiOTM0NDhlNTc5MmM4Y2MxNGQxMGNlNjU1MTIyOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lclwjA1Z9jf0OiaqHx3W3xTiEoc
9re9o/ckAthf2UJZB5fP1k2VqtCyl9Gh3rupv8OOSUeXP28n2L78QCJsL4qPkS5m
mwPWpoAUaIS3LdhVzRktV1x7RFdTarJKiuZZ1C44a0GQIrOORNte6tWfmhNSbzGu
XTWwfJU21xoY4z1Z9GfnSBYplqNhVULGCHCX+vx/g7Of3OOHLdkN0frlv9AYfRY2
fDov0jYzBd0FZYe5Uu8eW6SmfArzCe/lKgTTCISVI6PMtKhrqIPGJB/mYL+WeW1Z
pmXG+VTgrNlQKcqxD5a66A0AGjdaQkMWHp36+JoLiy/a5IznKHfd6vU7TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcBtvWLk0SOV5LIzBTRDOZVEilrMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvTndHMjlZdVRSSTVYa3NqTUZORU01bFVTS1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cqMA0G
CSqGSIb3DQEBCwUAA4IBAQDNAg/vBigR6piiOco2IwAZnKXfvQFJlPRFo3Lg6wpl
Beg87Gnz0+KcDa+QozDjsePLMcSe3YYUDt+kZwK4SrJeUNhIkjj2CNI84kv7bCkQ
NaewDM8qcpfd2nRUIFaI6H86fXSGC+VhT6BjoD6fQOoBDZjAFvXAjMvjGWHov43j
TPgNn4n97wchircB61N2fDy5c0+mD6RFYshTg9IhM5dTrqtlHPzm5Pehesk7BF0P
A27wi7HVmdDxnx7YqHy6WzL0d0bQwydkqXG6EAY7tdGthscu55t1zV7Ow09VubSO
448dSW6T+kcwiUZZ5V65MvWfAc2AaU5SM32yyGJqkNU0
-----END CERTIFICATE-----