Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa
File:                     nezOxNoI2UEND-eb70Na0D7-nMo.roa (raw, json)
Hash identifier:          ryjOgeGiN3/wDA6lXvDLrRw6MXGP9VQO/VWSdVtwTig=
Subject key identifier:   9D:EC:CE:C4:DA:08:D9:41:0D:0F:E7:9B:EF:43:5A:D0:3E:FE:9C:CA
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0197D1288348482FDEEBF520C0269EEBD02F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa
Signing time:             Thu 03 Jul 2025 16:39:42 +0000
ROA not before:           Thu 03 Jul 2025 16:39:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49870
IP address blocks:        2.56.167.0/24 maxlen: 24
                          45.81.22.0/23 maxlen: 23
                          45.140.222.0/23 maxlen: 23
                          77.83.240.0/24 maxlen: 24
                          89.190.156.0/24 maxlen: 24
                          89.190.159.0/24 maxlen: 24
                          194.50.16.0/23 maxlen: 24
                          212.107.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d1:28:83:48:48:2f:de:eb:f5:20:c0:26:9e:eb:d0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jul  3 16:39:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9deccec4da08d9410d0fe79bef435ad03efe9cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d0:24:2c:59:09:a6:fc:3e:5a:58:cd:12:36:
                    13:35:14:54:b3:3c:99:75:ae:e5:39:72:3c:e4:70:
                    58:02:fb:f2:ef:6d:df:1e:03:48:c7:55:2c:2f:b2:
                    bc:49:01:94:c7:3f:8a:69:5e:cb:ec:00:eb:e9:c4:
                    a6:3d:bd:ac:3c:d5:87:b7:41:05:8d:be:a6:15:bc:
                    9d:82:b4:ce:1b:54:83:14:b4:7b:09:b2:96:48:02:
                    09:5e:a6:5b:74:00:06:2e:04:6e:e3:fb:cc:f4:8e:
                    90:ac:d4:48:02:b1:42:b9:66:a1:60:38:29:08:ff:
                    5d:74:77:31:2b:5b:a9:85:57:41:62:4f:e3:95:77:
                    db:f3:bc:79:d2:74:51:57:77:53:05:a0:e6:9c:b6:
                    25:31:b0:39:54:53:df:03:4f:ae:f0:f6:a0:f1:7c:
                    f2:6f:0e:8d:ab:d4:3e:3e:e4:28:4c:1d:8b:43:29:
                    4e:db:17:cc:34:dd:ed:9d:52:d6:71:ca:d3:58:e4:
                    d9:23:a6:b8:05:f5:0b:1f:6d:20:20:90:04:8c:59:
                    0f:58:d0:f3:1e:a6:3d:32:41:46:29:47:b8:20:b0:
                    32:f0:25:08:1a:95:29:1d:db:a5:1f:a6:4f:bc:7f:
                    f8:e2:fa:90:11:cb:15:85:a7:c2:4d:9e:bc:2d:d2:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EC:CE:C4:DA:08:D9:41:0D:0F:E7:9B:EF:43:5A:D0:3E:FE:9C:CA
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.167.0/24
                  45.81.22.0/23
                  45.140.222.0/23
                  77.83.240.0/24
                  89.190.156.0/24
                  89.190.159.0/24
                  194.50.16.0/23
                  212.107.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:c2:31:ba:14:57:27:0f:aa:aa:6a:93:14:64:eb:f5:eb:fe:
         5f:dd:7e:02:8c:ed:ba:d3:76:f5:97:6e:70:d2:a2:9b:eb:bb:
         4b:80:1e:6d:67:de:ad:d4:9a:1b:e1:3a:88:27:88:22:d0:a4:
         a5:bc:0a:37:9e:c1:32:fa:09:c9:bf:61:bc:1f:e8:ab:8e:cb:
         e7:6c:35:56:e2:05:03:8e:78:f9:93:a2:5c:05:9f:21:4d:2d:
         16:94:03:ce:e9:04:cc:7b:7f:a9:c8:ab:5d:e0:99:43:62:30:
         33:b2:5d:c8:da:18:f6:ab:8f:9d:7e:60:7f:49:12:67:c7:6d:
         ec:f0:df:12:ee:ca:6e:75:9c:4b:30:01:d0:d4:10:02:27:13:
         a4:0e:c9:3c:f3:c3:76:72:b0:02:df:24:71:28:6e:9d:15:4c:
         ae:f2:6d:43:27:e5:12:5c:a9:f4:cb:ed:1c:ab:8c:36:9d:69:
         c1:6f:c2:0c:13:70:57:45:68:da:bb:a8:79:51:84:3e:f8:6f:
         62:52:10:8e:6a:12:bd:03:ba:34:d8:ad:3c:c1:f4:89:78:03:
         19:58:c0:23:4b:d3:76:56:6b:c5:9c:89:2b:9f:08:a1:89:5a:
         0b:b8:e4:83:a0:6c:8b:7a:8e:73:28:af:a6:6b:1f:46:bc:46:
         80:2b:e8:31
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZfRKINISC/e6/UgwCae69AvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNzAzMTYzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVjY2VjNGRhMDhkOTQxMGQwZmU3OWJlZjQzNWFkMDNlZmU5Y2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29AkLFkJpvw+WljNEjYTNRRUszyZ
da7lOXI85HBYAvvy723fHgNIx1UsL7K8SQGUxz+KaV7L7ADr6cSmPb2sPNWHt0EF
jb6mFbydgrTOG1SDFLR7CbKWSAIJXqZbdAAGLgRu4/vM9I6QrNRIArFCuWahYDgp
CP9ddHcxK1uphVdBYk/jlXfb87x50nRRV3dTBaDmnLYlMbA5VFPfA0+u8Pag8Xzy
bw6Nq9Q+PuQoTB2LQylO2xfMNN3tnVLWccrTWOTZI6a4BfULH20gIJAEjFkPWNDz
HqY9MkFGKUe4ILAy8CUIGpUpHdulH6ZPvH/44vqQEcsVhafCTZ68LdJHDwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJ3szsTaCNlBDQ/nm+9DWtA+/pzKMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbmV6T3hOb0kyVUVORC1lYjcwTmEwRDctbk1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAAjinAwQB
LVEWAwQBLYzeAwQATVPwAwQAWb6cAwQAWb6fAwQBwjIQAwQA1GsMMA0GCSqGSIb3
DQEBCwUAA4IBAQBuwjG6FFcnD6qqapMUZOv16/5f3X4CjO2603b1l25w0qKb67tL
gB5tZ96t1Job4TqIJ4gi0KSlvAo3nsEy+gnJv2G8H+irjsvnbDVW4gUDjnj5k6Jc
BZ8hTS0WlAPO6QTMe3+pyKtd4JlDYjAzsl3I2hj2q4+dfmB/SRJnx23s8N8S7spu
dZxLMAHQ1BACJxOkDsk888N2crAC3yRxKG6dFUyu8m1DJ+USXKn0y+0cq4w2nWnB
b8IME3BXRWjau6h5UYQ++G9iUhCOahK9A7o02K08wfSJeAMZWMAjS9N2VmvFnIkr
nwihiVoLuOSDoGyLeo5zKK+max9GvEaAK+gx
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:52:19 2025 by rpki-client