Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/Nw7X2LCFZpQsGc2GoXyrFKElkBk.roa
File:                     Nw7X2LCFZpQsGc2GoXyrFKElkBk.roa (raw, json)
Hash identifier:          y5oQHHhbifcLGWzUQAXcT2e3MvPfBEuWSolqQY+gsts=
Subject key identifier:   37:0E:D7:D8:B0:85:66:94:2C:19:CD:86:A1:7C:AB:14:A1:25:90:19
Certificate issuer:       /CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
Certificate serial:       0197A1B7183FCCC54DDE9E87772CDBE59ACD
Authority key identifier: 5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/Nw7X2LCFZpQsGc2GoXyrFKElkBk.roa
Signing time:             Tue 24 Jun 2025 11:33:40 +0000
ROA not before:           Tue 24 Jun 2025 11:33:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200544
IP address blocks:        159.22.0.0/16 maxlen: 16
                          2a07:ad00::/29 maxlen: 29
                          2a07:ad00::/30 maxlen: 30
                          2a07:ad00::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:b7:18:3f:cc:c5:4d:de:9e:87:77:2c:db:e5:9a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
        Validity
            Not Before: Jun 24 11:33:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=370ed7d8b08566942c19cd86a17cab14a1259019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fa:eb:b1:99:a5:fb:8c:de:c6:dd:c8:5e:eb:
                    b6:d4:4a:bf:76:11:da:d2:04:94:b1:eb:94:5c:6a:
                    44:4e:89:00:85:6b:29:7d:01:93:12:a2:76:28:54:
                    ff:6a:f8:db:93:30:c4:5f:76:89:e0:9c:03:2b:7c:
                    eb:59:45:97:ee:51:2d:4e:b1:24:22:0c:9f:c3:8f:
                    7b:20:4c:61:30:6d:56:32:b3:58:3f:93:b1:ea:7f:
                    bb:2e:b9:b6:74:59:00:6e:dd:b0:93:a2:1b:ee:2c:
                    c3:39:d2:2e:16:0a:c2:d8:60:0e:1f:f2:c2:a2:ef:
                    3c:9c:f7:da:99:39:14:f8:f3:45:90:6c:a7:12:1f:
                    02:5d:d2:aa:9b:bd:3e:92:bd:e1:b5:a3:fd:a4:51:
                    49:a8:f8:5a:14:38:50:96:e4:6f:5d:e0:b0:c1:19:
                    a0:4d:51:19:7e:ee:49:d8:6a:6a:29:64:28:9e:7d:
                    30:5d:a5:46:a7:3e:79:41:74:82:40:c4:b6:8c:71:
                    10:ce:67:6d:a3:7d:67:9b:1e:0d:8b:12:30:3a:8a:
                    7e:bf:f2:cb:5c:63:c4:8f:0b:38:66:0f:9a:75:8d:
                    1d:9e:db:53:9a:8d:a9:20:8d:98:3e:18:c8:74:03:
                    7e:fe:5b:9b:7d:1e:2c:6b:2b:d5:b8:ff:57:d5:cd:
                    98:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0E:D7:D8:B0:85:66:94:2C:19:CD:86:A1:7C:AB:14:A1:25:90:19
            X509v3 Authority Key Identifier:
                keyid:5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/Nw7X2LCFZpQsGc2GoXyrFKElkBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.22.0.0/16
                IPv6:
                  2a07:ad00::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:43:1b:42:3a:13:74:a5:c2:49:49:1b:b4:27:25:fe:e6:0a:
         4e:ac:81:0e:b0:0f:c2:59:ed:57:9c:a8:80:80:29:5d:1e:e5:
         dd:97:b5:38:a0:72:ed:47:89:a6:ef:c8:36:e2:41:7a:26:40:
         13:20:82:4d:7e:87:de:1f:90:d1:9d:0e:a6:f2:3d:9f:11:de:
         73:08:28:cc:fe:52:38:b1:a6:b2:99:3a:5d:ed:2f:2a:7b:7d:
         8e:93:fe:2c:8f:bb:bd:28:e3:4a:38:e1:a8:83:5c:c0:eb:86:
         57:04:c8:40:aa:e6:dd:fe:5f:11:c6:13:d1:d1:6e:99:32:0b:
         2c:8e:8f:3c:d1:5f:83:9f:b0:6b:c0:35:62:7a:8c:fb:59:ae:
         99:ee:0a:22:16:79:c1:c8:85:da:e5:a7:76:70:0b:05:b0:df:
         30:59:53:66:f2:01:c2:22:e9:64:49:e8:c1:c8:77:9a:a0:f1:
         fb:f0:5c:37:6c:f2:c7:ee:fd:b9:d6:4f:d9:93:e1:14:4e:92:
         e3:68:46:03:bb:0a:8f:bb:4e:85:c9:c7:b6:d0:20:1a:ff:2c:
         b4:9c:75:dd:29:b9:4d:cb:80:88:a8:1d:0f:cb:a9:1e:fa:ee:
         ed:4d:c1:9e:96:65:7e:69:96:3a:a0:82:be:a9:f0:af:d6:c7:
         41:89:10:70
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZehtxg/zMVN3p6Hdyzb5ZrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOTM2YmVhMWIwYzNhMjA4YWJhMjdkOGIxMGIyNzVlNDc0
ZGRlMmMwHhcNMjUwNjI0MTEzMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBlZDdkOGIwODU2Njk0MmMxOWNkODZhMTdjYWIxNGExMjU5MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPrrsZml+4zext3IXuu21Eq/dhHa
0gSUseuUXGpETokAhWspfQGTEqJ2KFT/avjbkzDEX3aJ4JwDK3zrWUWX7lEtTrEk
Igyfw497IExhMG1WMrNYP5Ox6n+7Lrm2dFkAbt2wk6Ib7izDOdIuFgrC2GAOH/LC
ou88nPfamTkU+PNFkGynEh8CXdKqm70+kr3htaP9pFFJqPhaFDhQluRvXeCwwRmg
TVEZfu5J2GpqKWQonn0wXaVGpz55QXSCQMS2jHEQzmdto31nmx4NixIwOop+v/LL
XGPEjws4Zg+adY0dnttTmo2pII2YPhjIdAN+/lubfR4sayvVuP9X1c2YTQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDcO19iwhWaULBnNhqF8qxShJZAZMB8GA1UdIwQY
MBaAFF6Ta+obDDogiron2LELJ15HTd4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjct
OTg0NzdhODY1M2M3LzEvTnc3WDJMQ0ZacFFzR2MyR29YeXJGS0Vsa0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjctOTg0NzdhODY1M2M3
LzEvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAnxYwDQQC
AAIwBwMFAyoHrQAwDQYJKoZIhvcNAQELBQADggEBAEdDG0I6E3SlwklJG7QnJf7m
Ck6sgQ6wD8JZ7VecqICAKV0e5d2XtTigcu1HiabvyDbiQXomQBMggk1+h94fkNGd
DqbyPZ8R3nMIKMz+UjixprKZOl3tLyp7fY6T/iyPu70o40o44aiDXMDrhlcEyECq
5t3+XxHGE9HRbpkyCyyOjzzRX4OfsGvANWJ6jPtZrpnuCiIWecHIhdrlp3ZwCwWw
3zBZU2byAcIi6WRJ6MHId5qg8fvwXDds8sfu/bnWT9mT4RROkuNoRgO7Co+7ToXJ
x7bQIBr/LLScdd0puU3LgIioHQ/LqR767u1NwZ6WZX5pljqggr6p8K/Wx0GJEHA=
-----END CERTIFICATE-----