Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/NkK9SH91NSLImfy-zUtXa6XkCvQ.roa
File:                     NkK9SH91NSLImfy-zUtXa6XkCvQ.roa (raw, json)
Hash identifier:          ouTy8UQH5aZN9Lz/JoagNB+q65/2P42mXMfw/GaDL/8=
Subject key identifier:   36:42:BD:48:7F:75:35:22:C8:99:FC:BE:CD:4B:57:6B:A5:E4:0A:F4
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B27C9F461AC6F890634306F3A3EF50
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/NkK9SH91NSLImfy-zUtXa6XkCvQ.roa
Signing time:             Mon 14 Jul 2025 16:09:08 +0000
ROA not before:           Mon 14 Jul 2025 16:09:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        5.180.138.0/24 maxlen: 24
                          84.252.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b2:7c:9f:46:1a:c6:f8:90:63:43:06:f3:a3:ef:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:09:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3642bd487f753522c899fcbecd4b576ba5e40af4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:60:80:d4:3b:54:4d:7e:02:f1:5e:9f:f9:d3:
                    83:be:1b:0b:c5:8e:4e:51:f0:83:a9:f9:44:6a:68:
                    3e:92:ed:b3:d1:6e:97:f5:32:31:b0:8c:4b:ed:af:
                    7e:13:77:d0:25:92:43:fc:71:60:27:70:94:fc:4f:
                    eb:6e:3b:10:6d:97:5e:b3:8c:ae:ed:d5:11:fd:98:
                    22:36:bc:19:a2:31:26:de:e6:15:ca:a0:4d:bf:34:
                    2c:8e:a3:70:68:16:81:d8:b5:bd:ca:57:05:69:26:
                    7c:b2:30:62:dd:57:fb:2c:ab:f8:a5:99:a0:78:3a:
                    ca:99:7f:10:e5:15:f2:37:57:00:74:39:a6:c2:0c:
                    de:47:ee:7e:bf:f4:eb:08:86:13:5f:33:d2:11:91:
                    8e:64:3d:77:d0:2a:f2:0b:e9:89:69:de:e6:a5:2e:
                    dd:61:87:49:bc:c9:74:1c:59:36:e3:40:1d:7c:63:
                    4b:83:06:1b:74:43:ce:17:1f:cd:83:4d:8f:34:ad:
                    cf:79:66:46:66:de:b6:41:a3:aa:ac:c8:33:a2:0b:
                    fd:44:1f:bc:56:20:7e:9f:94:7f:80:f9:3f:4d:d4:
                    69:2c:37:b9:e9:23:13:29:bc:c9:72:4b:4d:70:25:
                    55:7f:04:a1:e4:80:db:44:10:0a:b2:c6:16:bc:d0:
                    0b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:42:BD:48:7F:75:35:22:C8:99:FC:BE:CD:4B:57:6B:A5:E4:0A:F4
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/NkK9SH91NSLImfy-zUtXa6XkCvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.138.0/24
                  84.252.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:e9:32:19:84:0c:17:e9:c3:d3:c7:ca:7f:72:ae:af:ca:31:
         e3:8b:af:04:86:51:dd:b7:21:7b:43:a3:09:42:eb:38:aa:33:
         32:16:c7:95:8c:25:5c:1a:aa:c8:bd:a7:fe:5c:6a:e2:eb:5b:
         0e:f7:af:72:21:63:73:53:03:79:f3:cf:1f:23:d8:c0:b1:d2:
         d2:aa:80:34:61:48:7f:4f:8e:a3:e3:2d:f7:a4:7e:b3:3a:81:
         16:ad:d4:1d:9e:5d:50:4e:9c:8c:9c:c5:1e:b6:a4:02:10:d8:
         8c:56:79:e5:1f:f6:f4:2a:2a:5f:6f:19:a4:f5:5d:0b:e2:06:
         6d:dc:37:8d:c9:bd:55:ca:0f:9b:37:a2:b1:ad:57:d1:60:2f:
         66:64:cc:c9:e5:21:11:3b:db:46:b9:81:11:88:61:b4:18:6a:
         ae:df:e1:48:fb:e9:4c:08:16:27:55:80:84:bc:2e:70:4f:81:
         6b:7d:c2:9e:60:a5:a5:bd:c2:cf:7e:1b:cb:1e:66:5b:d1:d8:
         5a:3e:f3:46:09:bb:a4:ea:af:f9:24:f5:52:3b:a2:a3:95:50:
         36:79:89:d7:ae:42:3d:f4:1d:07:74:2d:03:11:ce:d8:2a:d5:
         5d:0d:01:d7:3e:73:24:db:53:ab:7f:eb:ca:6d:01:e9:e7:ba:
         5d:69:40:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJsnyfRhrG+JBjQwbzo+9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYwOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQyYmQ0ODdmNzUzNTIyYzg5OWZjYmVjZDRiNTc2YmE1ZTQwYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGCA1DtUTX4C8V6f+dODvhsLxY5O
UfCDqflEamg+ku2z0W6X9TIxsIxL7a9+E3fQJZJD/HFgJ3CU/E/rbjsQbZdes4yu
7dUR/ZgiNrwZojEm3uYVyqBNvzQsjqNwaBaB2LW9ylcFaSZ8sjBi3Vf7LKv4pZmg
eDrKmX8Q5RXyN1cAdDmmwgzeR+5+v/TrCIYTXzPSEZGOZD130CryC+mJad7mpS7d
YYdJvMl0HFk240AdfGNLgwYbdEPOFx/Ng02PNK3PeWZGZt62QaOqrMgzogv9RB+8
ViB+n5R/gPk/TdRpLDe56SMTKbzJcktNcCVVfwSh5IDbRBAKssYWvNALSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZCvUh/dTUiyJn8vs1LV2ul5Ar0MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvTmtLOVNIOTFOU0xJbWZ5LXpVdFhhNlhrQ3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbSKAwQA
VPxIMA0GCSqGSIb3DQEBCwUAA4IBAQAU6TIZhAwX6cPTx8p/cq6vyjHji68EhlHd
tyF7Q6MJQus4qjMyFseVjCVcGqrIvaf+XGri61sO969yIWNzUwN5888fI9jAsdLS
qoA0YUh/T46j4y33pH6zOoEWrdQdnl1QTpyMnMUetqQCENiMVnnlH/b0Kipfbxmk
9V0L4gZt3DeNyb1Vyg+bN6KxrVfRYC9mZMzJ5SERO9tGuYERiGG0GGqu3+FI++lM
CBYnVYCEvC5wT4FrfcKeYKWlvcLPfhvLHmZb0dhaPvNGCbuk6q/5JPVSO6KjlVA2
eYnXrkI99B0HdC0DEc7YKtVdDQHXPnMk21Orf+vKbQHp57pdaUB0
-----END CERTIFICATE-----