Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NS17WOjwBmmfwy709dPpbwAbaU0.roa
File:                     NS17WOjwBmmfwy709dPpbwAbaU0.roa (raw, json)
Hash identifier:          gCKXrIu/MVcard0fAtjauU0ynz9I/sblvimCZ4lLNiw=
Subject key identifier:   35:2D:7B:58:E8:F0:06:69:9F:C3:2E:F4:F5:D3:E9:6F:00:1B:69:4D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01994F9C0D15ACCF4E5A05DB9FD4F4DE91AD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NS17WOjwBmmfwy709dPpbwAbaU0.roa
Signing time:             Mon 15 Sep 2025 23:00:50 +0000
ROA not before:           Mon 15 Sep 2025 23:00:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        45.12.71.0/24 maxlen: 24
                          2a06:de00:dde0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 16:37:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4f:9c:0d:15:ac:cf:4e:5a:05:db:9f:d4:f4:de:91:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 15 23:00:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=352d7b58e8f006699fc32ef4f5d3e96f001b694d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:23:1c:b1:01:63:72:ac:9e:a0:2c:ab:d6:41:
                    9e:94:ab:fc:c1:6e:76:82:0e:d5:dd:ed:4f:7c:bd:
                    30:24:48:78:58:49:89:18:9b:be:d4:b1:cc:a3:21:
                    c8:0e:ee:30:ec:0b:56:98:0e:f6:9e:31:9e:27:ef:
                    ae:b5:64:6a:da:72:54:74:fd:c9:ef:5b:a0:dd:12:
                    8c:fd:05:28:bf:36:5b:9d:af:ad:fe:1e:53:0e:d3:
                    50:bd:42:31:5b:cb:3d:11:8c:26:a6:d5:1a:3e:93:
                    79:29:72:fe:6b:d2:36:5d:e0:53:84:d7:e1:b7:1b:
                    1d:de:d5:ea:8b:13:95:20:4c:e7:c9:56:36:f0:a3:
                    7b:ae:57:d1:1d:31:05:31:cf:c7:15:7d:4c:eb:61:
                    b8:e7:ed:75:78:78:a3:bc:0e:89:b9:bf:0e:7b:dc:
                    ce:04:9b:33:17:9d:37:24:8f:ab:59:15:db:0f:21:
                    1b:f4:6d:76:07:78:74:d8:8d:e6:8f:f8:b5:6f:d0:
                    5e:ba:c1:38:64:1f:aa:9d:31:52:79:16:ec:8d:43:
                    2c:65:6e:35:bc:5c:92:50:a8:43:65:51:61:7a:be:
                    70:e2:87:e2:8c:c4:6a:8a:ca:21:e8:84:18:4c:53:
                    0c:f1:90:3d:2e:26:14:8d:e1:3f:62:b4:de:bc:61:
                    ab:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2D:7B:58:E8:F0:06:69:9F:C3:2E:F4:F5:D3:E9:6F:00:1B:69:4D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NS17WOjwBmmfwy709dPpbwAbaU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.71.0/24
                IPv6:
                  2a06:de00:dde0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:0a:bd:ce:a2:c4:bb:93:54:92:25:92:95:ce:3e:0f:c1:90:
         4d:9d:f8:51:4f:a2:e8:ed:d4:b9:19:be:64:8f:8f:63:98:d4:
         1a:7c:af:dd:d8:dc:58:5f:1e:b0:e6:89:fa:f1:2e:55:f3:80:
         54:c8:e2:53:44:19:a3:b9:a8:18:bb:d3:66:f3:92:d4:27:9e:
         3e:81:94:24:d5:28:8a:a0:ca:74:75:fe:34:89:9e:54:61:bc:
         ee:61:5f:25:c3:bb:c6:d9:f8:8e:7d:08:8e:64:a2:a0:ab:46:
         4b:9b:ea:b7:16:c0:24:4e:a3:5f:a5:d5:1b:d6:03:86:06:24:
         2a:74:b4:a5:2c:4f:5a:57:95:ba:aa:2c:10:15:ca:42:43:14:
         96:5b:7c:04:61:42:a8:0f:41:fc:0b:35:26:1f:53:65:77:46:
         a3:bf:fc:3d:32:57:3c:29:0d:27:f6:c3:cf:ac:86:23:df:01:
         c6:8a:b7:69:6d:f3:41:17:86:0e:07:ae:c2:b2:a8:74:e8:cd:
         ce:3d:9d:71:06:b9:77:de:8b:2f:31:08:7a:84:78:9a:c7:6e:
         61:b0:16:4f:5b:f1:51:26:79:84:61:d8:c1:a4:4a:11:7c:e5:
         2f:03:4b:b3:ee:4d:f7:37:04:9f:c8:0c:1a:b8:e6:38:4c:9d:
         29:dc:65:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlPnA0VrM9OWgXbn9T03pGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTE1MjMwMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJkN2I1OGU4ZjAwNjY5OWZjMzJlZjRmNWQzZTk2ZjAwMWI2OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSMcsQFjcqyeoCyr1kGelKv8wW52
gg7V3e1PfL0wJEh4WEmJGJu+1LHMoyHIDu4w7AtWmA72njGeJ++utWRq2nJUdP3J
71ug3RKM/QUovzZbna+t/h5TDtNQvUIxW8s9EYwmptUaPpN5KXL+a9I2XeBThNfh
txsd3tXqixOVIEznyVY28KN7rlfRHTEFMc/HFX1M62G45+11eHijvA6Jub8Oe9zO
BJszF503JI+rWRXbDyEb9G12B3h02I3mj/i1b9BeusE4ZB+qnTFSeRbsjUMsZW41
vFySUKhDZVFher5w4ofijMRqisoh6IQYTFMM8ZA9LiYUjeE/YrTevGGr7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDUte1jo8AZpn8Mu9PXT6W8AG2lNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTlMxN1dPandCbW1md3k3MDlkUHBid0FiYVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALQxHMA8E
AgACMAkDBwQqBt4A3eAwDQYJKoZIhvcNAQELBQADggEBALMKvc6ixLuTVJIlkpXO
Pg/BkE2d+FFPoujt1LkZvmSPj2OY1Bp8r93Y3FhfHrDmifrxLlXzgFTI4lNEGaO5
qBi702bzktQnnj6BlCTVKIqgynR1/jSJnlRhvO5hXyXDu8bZ+I59CI5koqCrRkub
6rcWwCROo1+l1RvWA4YGJCp0tKUsT1pXlbqqLBAVykJDFJZbfARhQqgPQfwLNSYf
U2V3RqO//D0yVzwpDSf2w8+shiPfAcaKt2lt80EXhg4HrsKyqHTozc49nXEGuXfe
iy8xCHqEeJrHbmGwFk9b8VEmeYRh2MGkShF85S8DS7PuTfc3BJ/IDBq45jhMnSnc
ZRU=
-----END CERTIFICATE-----