Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/NKGpONeNnSpGwNOfgTkqUqFSjcA.roa
File:                     NKGpONeNnSpGwNOfgTkqUqFSjcA.roa (raw, json)
Hash identifier:          WjB4Os9y0GFlUDkg//rucVelf/mCKnH3dM3BpCHYRSs=
Subject key identifier:   34:A1:A9:38:D7:8D:9D:2A:46:C0:D3:9F:81:39:2A:52:A1:52:8D:C0
Certificate issuer:       /CN=0c7887582d83d3f087682af8780a324a353ce782
Certificate serial:       019A6D21B9035E6E77C75B7518B2675A35AD
Authority key identifier: 0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/NKGpONeNnSpGwNOfgTkqUqFSjcA.roa
Signing time:             Mon 10 Nov 2025 09:38:37 +0000
ROA not before:           Mon 10 Nov 2025 09:38:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        213.179.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 18:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6d:21:b9:03:5e:6e:77:c7:5b:75:18:b2:67:5a:35:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c7887582d83d3f087682af8780a324a353ce782
        Validity
            Not Before: Nov 10 09:38:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34a1a938d78d9d2a46c0d39f81392a52a1528dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:19:4d:74:7e:5d:3c:97:b9:00:5c:b4:65:96:
                    da:3e:c1:ee:a6:59:77:49:59:f2:26:62:21:53:6a:
                    09:cf:73:0d:77:63:5b:17:2e:ca:bf:fe:de:c8:b3:
                    59:52:58:2f:75:ac:4c:4f:d4:81:15:7d:1a:8d:85:
                    34:81:6d:79:15:e6:09:0d:01:4c:31:50:21:e6:7b:
                    ef:91:b3:0d:d4:1b:cd:95:b8:63:8e:09:c7:d0:ea:
                    da:64:21:e1:12:4b:5a:88:bf:0c:67:2a:c9:b4:5d:
                    34:bb:2f:c9:03:28:d2:aa:8f:cc:a2:16:91:ae:5f:
                    6d:93:9a:46:99:48:9d:70:6f:db:5d:bd:76:d4:2d:
                    93:a9:65:bf:45:d8:17:88:dc:57:d6:13:8f:12:ce:
                    32:dc:25:1f:69:df:52:b9:d4:2d:be:19:14:ed:62:
                    04:b5:5d:ab:fb:d9:b9:92:72:88:96:72:80:86:28:
                    de:65:9f:93:ad:54:0f:d6:ee:bb:e8:10:6a:69:92:
                    8b:95:24:f4:63:01:a2:56:9b:e7:ad:2b:ad:b5:01:
                    39:23:68:6e:82:e7:d6:5f:86:56:fc:12:c8:6f:c0:
                    ca:3f:0d:2e:d4:8c:5a:d9:9d:03:80:9b:b7:26:3e:
                    16:79:0e:a4:02:0d:67:ce:e7:cd:a4:04:90:63:0d:
                    b3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A1:A9:38:D7:8D:9D:2A:46:C0:D3:9F:81:39:2A:52:A1:52:8D:C0
            X509v3 Authority Key Identifier:
                keyid:0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/NKGpONeNnSpGwNOfgTkqUqFSjcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.179.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:48:e6:51:cc:ac:05:97:ea:d7:16:51:91:d4:49:58:d9:6d:
         55:09:cb:44:f7:a7:3d:6a:04:21:29:2c:62:af:48:1e:d3:16:
         34:98:30:65:4d:f7:f2:90:47:cb:09:f8:aa:4e:b9:11:92:c6:
         17:29:c7:3f:75:91:c5:95:8e:4c:b7:94:66:c2:39:64:1a:bd:
         1c:66:dc:83:da:dc:88:c5:8a:1f:13:a4:d7:fd:a3:66:56:a4:
         3f:b6:72:1c:52:3d:aa:b7:0a:51:7d:0e:b8:fb:e1:f9:b4:d8:
         30:17:fd:7d:77:d6:7c:ac:e3:aa:61:54:be:20:76:2c:1a:92:
         da:ff:5b:60:8e:05:11:d8:bd:7a:73:62:cc:8e:ce:d4:6a:69:
         c3:0d:bf:6a:0d:db:6a:b4:5d:84:24:cc:af:4d:0c:ce:3d:74:
         93:58:2a:ab:b2:0d:0c:d2:98:b2:2c:90:62:71:74:b5:68:c3:
         0b:0c:c4:c6:5d:77:10:52:a2:72:4c:5e:f7:ef:ce:86:a4:10:
         31:eb:1d:7a:0c:d7:db:d8:23:66:f7:ee:0a:b2:e5:ea:b3:40:
         ca:ba:f9:10:1a:b0:8b:19:2c:b0:58:a4:ca:cd:05:25:e0:a8:
         69:b0:e8:42:4a:ec:27:7a:96:61:dc:3c:5d:a3:f6:50:38:b2:
         6d:65:1b:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZptIbkDXm53x1t1GLJnWjWtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNzg4NzU4MmQ4M2QzZjA4NzY4MmFmODc4MGEzMjRhMzUz
Y2U3ODIwHhcNMjUxMTEwMDkzODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGExYTkzOGQ3OGQ5ZDJhNDZjMGQzOWY4MTM5MmE1MmExNTI4ZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhlNdH5dPJe5AFy0ZZbaPsHupll3
SVnyJmIhU2oJz3MNd2NbFy7Kv/7eyLNZUlgvdaxMT9SBFX0ajYU0gW15FeYJDQFM
MVAh5nvvkbMN1BvNlbhjjgnH0OraZCHhEktaiL8MZyrJtF00uy/JAyjSqo/MohaR
rl9tk5pGmUidcG/bXb121C2TqWW/RdgXiNxX1hOPEs4y3CUfad9SudQtvhkU7WIE
tV2r+9m5knKIlnKAhijeZZ+TrVQP1u676BBqaZKLlST0YwGiVpvnrSuttQE5I2hu
gufWX4ZW/BLIb8DKPw0u1Ixa2Z0DgJu3Jj4WeQ6kAg1nzufNpASQYw2z6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDShqTjXjZ0qRsDTn4E5KlKhUo3AMB8GA1UdIwQY
MBaAFAx4h1gtg9Pwh2gq+HgKMko1POeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGIt
YWQ0YTFkYTM5M2ExLzEvTktHcE9OZU5uU3BHd05PZmdUa3FVcUZTamNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGItYWQ0YTFkYTM5M2Ex
LzEvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bNGMA0G
CSqGSIb3DQEBCwUAA4IBAQAPSOZRzKwFl+rXFlGR1ElY2W1VCctE96c9agQhKSxi
r0ge0xY0mDBlTffykEfLCfiqTrkRksYXKcc/dZHFlY5Mt5RmwjlkGr0cZtyD2tyI
xYofE6TX/aNmVqQ/tnIcUj2qtwpRfQ64++H5tNgwF/19d9Z8rOOqYVS+IHYsGpLa
/1tgjgUR2L16c2LMjs7UamnDDb9qDdtqtF2EJMyvTQzOPXSTWCqrsg0M0piyLJBi
cXS1aMMLDMTGXXcQUqJyTF73786GpBAx6x16DNfb2CNm9+4KsuXqs0DKuvkQGrCL
GSywWKTKzQUl4KhpsOhCSuwnepZh3Dxdo/ZQOLJtZRtJ
-----END CERTIFICATE-----