Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/NKwQkAuvf9XPj3AmUQ6FU2-ZaLU.roa
File:                     NKwQkAuvf9XPj3AmUQ6FU2-ZaLU.roa (raw, json)
Hash identifier:          a+QjCZZgfle5XUxuZw5fd1louVl08y58mFNbwvIbBSE=
Subject key identifier:   34:AC:10:90:0B:AF:7F:D5:CF:8F:70:26:51:0E:85:53:6F:99:68:B5
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0199B6504F7F59EF974795B80589ECEB9540
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/NKwQkAuvf9XPj3AmUQ6FU2-ZaLU.roa
Signing time:             Sun 05 Oct 2025 21:39:00 +0000
ROA not before:           Sun 05 Oct 2025 21:39:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        158.94.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b6:50:4f:7f:59:ef:97:47:95:b8:05:89:ec:eb:95:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct  5 21:39:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34ac10900baf7fd5cf8f7026510e85536f9968b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b3:5e:3f:14:1e:0c:b5:49:87:53:d4:36:f6:
                    21:b5:27:f5:ae:8b:3b:e0:1a:89:bb:cf:c2:d5:0a:
                    3d:b3:8f:e0:c6:8b:85:9a:16:1e:da:33:30:c1:0c:
                    af:cb:81:d6:9e:f8:20:a3:03:de:8b:82:22:bf:04:
                    bb:3b:1b:a9:6a:45:4c:e9:f4:ed:d8:79:08:6d:16:
                    62:4c:a5:9e:54:17:06:32:26:64:b4:e2:40:15:04:
                    71:63:ed:88:10:e3:06:41:16:8b:37:17:d6:97:77:
                    84:30:4d:e7:0f:0e:5c:5c:47:9b:04:34:c5:36:a4:
                    84:5d:d5:a9:3f:c4:f6:f1:29:4e:07:03:28:68:19:
                    21:9e:c0:d1:72:24:65:13:e2:97:c1:1d:c3:bc:85:
                    67:0d:06:40:50:6b:d2:a6:bd:70:3c:ae:71:7e:b0:
                    f5:88:91:98:b8:4a:c8:9b:b9:12:e1:2a:ba:80:fe:
                    d9:bb:83:c7:c0:63:44:7f:63:7b:c9:06:32:f6:d4:
                    bf:4a:1d:9f:f8:96:a3:b4:8d:8c:e3:cb:b5:87:3a:
                    f1:54:da:3e:cd:99:66:2e:1b:d4:91:d4:d7:db:71:
                    28:97:3b:b5:62:97:2f:03:fa:ce:c3:9a:14:43:d9:
                    b3:59:ff:e1:b0:e6:53:3b:34:70:5d:6a:af:4b:19:
                    9d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AC:10:90:0B:AF:7F:D5:CF:8F:70:26:51:0E:85:53:6F:99:68:B5
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/NKwQkAuvf9XPj3AmUQ6FU2-ZaLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:39:a4:62:5a:e1:de:4c:9a:f2:a8:0b:78:70:5a:58:2e:bd:
         40:a5:1e:41:0b:d9:9f:e6:78:e3:03:7a:1f:57:15:12:a5:c1:
         16:92:33:8d:73:6e:96:e2:cb:c1:6d:6e:9d:a0:9e:35:96:e6:
         ca:4c:89:5f:d8:8a:23:5e:d5:a8:bd:1e:e8:ff:67:bf:4d:24:
         5e:5c:e2:b2:b4:10:eb:e6:f7:18:00:fb:fd:c4:96:02:f5:d8:
         3d:88:07:ed:6e:ee:c5:51:ff:65:0e:61:23:c0:37:78:46:34:
         42:41:cd:13:90:20:29:23:66:a7:76:d1:6c:e7:6a:09:8d:20:
         de:61:46:1c:f8:82:34:d2:73:80:10:fe:4b:a8:ad:59:34:ee:
         d3:25:c2:09:30:15:c6:5b:a4:9e:f9:21:39:29:70:78:bf:25:
         b4:83:e5:1b:70:7c:57:7b:f0:20:92:52:eb:f8:72:95:f3:8a:
         97:a3:c0:ee:ad:5a:31:60:f2:93:9f:4f:94:df:01:2d:90:25:
         f2:c7:aa:a4:9d:be:11:d0:0d:f1:51:79:67:7a:95:81:9d:1a:
         5d:a5:f7:1f:9c:56:e8:d9:d7:85:aa:22:80:6e:35:92:47:b3:
         d2:ed:85:a8:c2:ed:e5:df:ca:f2:72:da:dd:e1:ab:9f:c6:01:
         3a:34:12:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm2UE9/We+XR5W4BYns65VAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDA1MjEzOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFjMTA5MDBiYWY3ZmQ1Y2Y4ZjcwMjY1MTBlODU1MzZmOTk2OGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bNePxQeDLVJh1PUNvYhtSf1ros7
4BqJu8/C1Qo9s4/gxouFmhYe2jMwwQyvy4HWnvggowPei4IivwS7OxupakVM6fTt
2HkIbRZiTKWeVBcGMiZktOJAFQRxY+2IEOMGQRaLNxfWl3eEME3nDw5cXEebBDTF
NqSEXdWpP8T28SlOBwMoaBkhnsDRciRlE+KXwR3DvIVnDQZAUGvSpr1wPK5xfrD1
iJGYuErIm7kS4Sq6gP7Zu4PHwGNEf2N7yQYy9tS/Sh2f+JajtI2M48u1hzrxVNo+
zZlmLhvUkdTX23Eolzu1YpcvA/rOw5oUQ9mzWf/hsOZTOzRwXWqvSxmdxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSsEJALr3/Vz49wJlEOhVNvmWi1MB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvTkt3UWtBdXZmOVhQajNBbVVRNkZVMi1aYUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnl7dMA0G
CSqGSIb3DQEBCwUAA4IBAQALOaRiWuHeTJryqAt4cFpYLr1ApR5BC9mf5njjA3of
VxUSpcEWkjONc26W4svBbW6doJ41lubKTIlf2IojXtWovR7o/2e/TSReXOKytBDr
5vcYAPv9xJYC9dg9iAftbu7FUf9lDmEjwDd4RjRCQc0TkCApI2andtFs52oJjSDe
YUYc+II00nOAEP5LqK1ZNO7TJcIJMBXGW6Se+SE5KXB4vyW0g+UbcHxXe/AgklLr
+HKV84qXo8DurVoxYPKTn0+U3wEtkCXyx6qknb4R0A3xUXlnepWBnRpdpfcfnFbo
2deFqiKAbjWSR7PS7YWowu3l38ryctrd4aufxgE6NBKC
-----END CERTIFICATE-----