Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/NL0Mp2ak4kIOVa-mI-T_3-kFvlE.roa
File:                     NL0Mp2ak4kIOVa-mI-T_3-kFvlE.roa (raw, json)
Hash identifier:          8D7MsuGjI7HsrBxlKjaEVJ+I36rJeX9th0UxwcPUwQs=
Subject key identifier:   34:BD:0C:A7:66:A4:E2:42:0E:55:AF:A6:23:E4:FF:DF:E9:05:BE:51
Certificate issuer:       /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial:       019DA9ADEC728214CACB8F99884F02B41468
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/NL0Mp2ak4kIOVa-mI-T_3-kFvlE.roa
Signing time:             Mon 20 Apr 2026 06:57:20 +0000
ROA not before:           Mon 20 Apr 2026 06:57:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31128
IP address blocks:        2a01:4a0:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 00:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:ad:ec:72:82:14:ca:cb:8f:99:88:4f:02:b4:14:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
        Validity
            Not Before: Apr 20 06:57:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34bd0ca766a4e2420e55afa623e4ffdfe905be51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b9:54:54:8d:a7:f7:ca:cc:62:83:86:d0:4a:
                    af:96:04:3e:83:4c:54:68:d8:17:c3:cf:b6:2b:3c:
                    f7:a8:f0:d1:df:5e:04:88:27:7e:5c:48:f6:d1:93:
                    50:c1:e8:90:28:c8:a4:fc:88:6e:5b:72:80:55:03:
                    51:41:99:54:00:66:64:93:58:b2:88:7f:3d:89:a1:
                    18:d1:9e:03:70:5c:56:20:7c:ba:2a:15:de:29:68:
                    95:4b:34:fc:33:51:fd:b3:19:c4:23:16:44:b4:6b:
                    b1:58:f0:e0:cf:42:76:07:bd:33:1a:93:ff:36:fb:
                    40:90:66:a8:4d:f4:6d:62:ab:0e:4b:af:f6:32:83:
                    ab:4b:5a:d7:8a:29:a2:c8:f1:ce:7e:fb:a4:76:ee:
                    2a:81:20:37:af:10:4c:ba:c3:fc:8b:a7:f7:09:cb:
                    03:2f:00:7d:ab:d4:e1:ad:34:2e:c1:26:c5:ae:14:
                    d4:a3:8a:54:18:3d:9b:5e:47:6f:2f:7d:fb:10:f9:
                    c4:17:e6:52:0b:60:07:4c:ab:54:a5:46:9d:c5:54:
                    37:e4:04:c7:58:33:ca:b5:ca:71:f3:cc:83:c1:03:
                    41:3c:7d:30:1c:77:55:ec:3f:a0:70:8c:da:6d:e1:
                    2f:8d:1f:f7:81:62:0e:3e:55:ec:f9:bd:29:33:4c:
                    e8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:BD:0C:A7:66:A4:E2:42:0E:55:AF:A6:23:E4:FF:DF:E9:05:BE:51
            X509v3 Authority Key Identifier:
                keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/NL0Mp2ak4kIOVa-mI-T_3-kFvlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:4a0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:aa:fe:86:48:d7:02:ac:9d:92:7e:7e:93:4f:2c:7d:0e:cc:
         b8:76:7a:ed:05:47:fd:b1:52:1e:1f:77:29:23:da:50:81:a3:
         36:2b:d3:3c:9d:b1:33:0e:88:b3:ac:e2:46:2a:20:af:91:f6:
         8d:39:c3:e3:36:71:9c:de:45:0e:d4:81:87:fe:a9:44:c5:e3:
         dc:00:10:70:dd:5a:a0:0a:6d:1c:42:dc:3b:e3:85:83:27:29:
         b5:e6:aa:b8:65:12:74:16:7c:5a:a6:19:a7:67:5e:43:06:f3:
         af:5a:5f:f1:af:34:96:47:98:72:4b:85:73:1b:55:82:60:42:
         b7:09:e6:65:be:a6:39:ba:f9:ee:93:9d:e1:4c:03:cc:dc:8b:
         78:37:df:b3:df:18:aa:5c:1a:ed:ac:73:3e:31:42:87:f3:a7:
         36:2e:ac:9e:82:f9:e0:ce:bb:cc:f3:bc:a2:ca:21:c8:56:5a:
         fe:93:3b:8c:db:7f:6a:1b:2e:a5:a6:8e:f3:ce:90:b4:75:5c:
         68:aa:c3:e4:dd:85:26:99:48:cc:e4:93:60:d2:06:8a:9e:59:
         44:42:1f:b9:85:90:72:8e:55:aa:3a:30:d3:b0:ca:0e:be:26:
         02:b7:7e:a3:79:03:01:54:6d:f3:12:9a:00:b2:37:36:cd:e3:
         65:2d:73:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2prexyghTKy4+ZiE8CtBRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjYwNDIwMDY1NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGJkMGNhNzY2YTRlMjQyMGU1NWFmYTYyM2U0ZmZkZmU5MDViZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2blUVI2n98rMYoOG0EqvlgQ+g0xU
aNgXw8+2Kzz3qPDR314EiCd+XEj20ZNQweiQKMik/IhuW3KAVQNRQZlUAGZkk1iy
iH89iaEY0Z4DcFxWIHy6KhXeKWiVSzT8M1H9sxnEIxZEtGuxWPDgz0J2B70zGpP/
NvtAkGaoTfRtYqsOS6/2MoOrS1rXiimiyPHOfvukdu4qgSA3rxBMusP8i6f3CcsD
LwB9q9ThrTQuwSbFrhTUo4pUGD2bXkdvL337EPnEF+ZSC2AHTKtUpUadxVQ35ATH
WDPKtcpx88yDwQNBPH0wHHdV7D+gcIzabeEvjR/3gWIOPlXs+b0pM0zocwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDS9DKdmpOJCDlWvpiPk/9/pBb5RMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvTkwwTXAyYWs0a0lPVmEtbUktVF8zLWtGdmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEoAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAMqv6GSNcCrJ2Sfn6TTyx9Dsy4dnrtBUf9sVIe
H3cpI9pQgaM2K9M8nbEzDoizrOJGKiCvkfaNOcPjNnGc3kUO1IGH/qlExePcABBw
3VqgCm0cQtw744WDJym15qq4ZRJ0FnxaphmnZ15DBvOvWl/xrzSWR5hyS4VzG1WC
YEK3CeZlvqY5uvnuk53hTAPM3It4N9+z3xiqXBrtrHM+MUKH86c2LqyegvngzrvM
87yiyiHIVlr+kzuM239qGy6lpo7zzpC0dVxoqsPk3YUmmUjM5JNg0gaKnllEQh+5
hZByjlWqOjDTsMoOviYCt36jeQMBVG3zEpoAsjc2zeNlLXNZ
-----END CERTIFICATE-----