Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa
File:                     NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa (raw, json)
Hash identifier:          +rJHNNOfAgRLW2AYZ2GQZ4sJIXJPzKob0SOJ3Knzwec=
Subject key identifier:   35:9B:52:FF:27:78:F9:BA:3D:7B:67:2F:18:AC:F2:2A:F6:08:DE:91
Certificate issuer:       /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial:       0197208D375A8FF0FF508D36C60A6ED6280C
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa
Signing time:             Fri 30 May 2025 09:36:54 +0000
ROA not before:           Fri 30 May 2025 09:36:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204057
IP address blocks:        116.204.153.0/24 maxlen: 24
                          178.23.189.0/24 maxlen: 24
                          185.255.96.0/23 maxlen: 23
                          217.28.140.0/24 maxlen: 24
                          2a0d:6240::/32 maxlen: 32
                          2a0d:6241::/32 maxlen: 32
                          2a0d:6242::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 14:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:8d:37:5a:8f:f0:ff:50:8d:36:c6:0a:6e:d6:28:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
        Validity
            Not Before: May 30 09:36:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=359b52ff2778f9ba3d7b672f18acf22af608de91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5f:b2:56:3d:85:b4:04:70:82:ec:62:4a:6a:
                    c1:4b:78:fa:21:78:9c:a2:97:bc:ca:0d:62:09:28:
                    91:13:51:b0:ba:b9:75:9c:8e:10:c0:8f:43:74:ba:
                    ff:18:e3:b4:23:1e:06:d0:1f:f6:34:34:e2:c7:17:
                    5b:4c:b8:62:11:41:f9:ee:45:58:1b:cd:48:eb:23:
                    67:4f:3b:2d:cd:7f:d0:13:e0:97:fa:68:e4:83:4a:
                    2e:2b:a5:2a:d8:26:91:19:d1:fa:6b:8a:66:17:c8:
                    68:1b:ae:da:24:7a:80:02:3a:cf:96:16:94:34:d0:
                    0b:94:6a:0b:28:f6:7b:f5:97:53:c4:bd:2f:df:db:
                    8d:df:aa:42:20:65:d3:6c:bd:3e:2c:31:dd:f5:47:
                    5c:51:08:28:25:5b:b6:cb:6e:30:23:9c:69:56:28:
                    3a:7b:65:6d:09:8f:2f:31:1d:5e:4c:89:80:97:84:
                    09:ad:de:77:d3:ea:02:4e:20:a0:d6:b8:f4:38:27:
                    aa:b6:61:61:d7:c5:04:3c:c2:75:13:e2:9d:3c:f6:
                    a2:15:9c:49:c5:7d:28:dd:b3:c5:b1:8d:56:af:b9:
                    77:82:9d:20:c8:18:1c:0f:00:8b:1f:9c:b8:df:13:
                    5f:ac:79:48:de:d4:9c:5a:37:25:55:fe:bb:55:d8:
                    c0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9B:52:FF:27:78:F9:BA:3D:7B:67:2F:18:AC:F2:2A:F6:08:DE:91
            X509v3 Authority Key Identifier:
                keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.153.0/24
                  178.23.189.0/24
                  185.255.96.0/23
                  217.28.140.0/24
                IPv6:
                  2a0d:6240::-2a0d:6242:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7b:8c:76:40:1b:9d:34:8f:b0:55:36:30:38:b5:6f:65:30:5d:
         e5:90:42:8a:73:2d:97:ba:18:bf:68:69:05:af:50:1f:f1:a3:
         11:72:7f:4c:5a:b9:7b:78:00:4a:5f:61:9d:1c:66:53:21:4e:
         1f:f3:35:f7:cf:2d:27:6f:8b:29:fe:f2:4b:65:7b:dd:b4:b8:
         32:d1:a8:d2:c9:a1:48:17:14:1c:23:43:ff:71:67:2e:78:59:
         b6:0d:41:76:ef:9b:ec:0d:4d:b4:b0:fb:1d:41:ea:e9:7c:8b:
         1b:aa:9e:49:e8:73:bc:8b:68:a6:74:1f:3c:ef:db:01:39:7d:
         16:f7:b4:37:2c:28:e2:e4:8a:b4:3d:cf:82:89:0f:c0:1a:e3:
         30:58:17:f1:cf:d3:65:d3:90:cd:23:bc:ee:2f:9c:d8:c3:76:
         ea:17:b2:9a:3b:0e:11:3e:ed:0e:95:99:6e:e2:8c:d6:58:26:
         98:dc:0a:31:ba:32:b1:80:11:da:c8:b7:b3:f3:76:8c:84:0f:
         62:0f:42:c6:4a:56:d8:bc:98:cc:c0:e1:b0:67:53:5b:51:63:
         b6:c0:d6:e0:3a:6b:1e:ba:27:89:b9:67:af:50:40:8c:59:7e:
         d7:2f:1b:46:e3:2c:be:10:f6:22:7e:88:89:1e:82:3c:f2:ab:
         34:e9:e7:52
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZcgjTdaj/D/UI02xgpu1igMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjUwNTMwMDkzNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTliNTJmZjI3NzhmOWJhM2Q3YjY3MmYxOGFjZjIyYWY2MDhkZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF+yVj2FtARwguxiSmrBS3j6IXic
ope8yg1iCSiRE1Gwurl1nI4QwI9DdLr/GOO0Ix4G0B/2NDTixxdbTLhiEUH57kVY
G81I6yNnTzstzX/QE+CX+mjkg0ouK6Uq2CaRGdH6a4pmF8hoG67aJHqAAjrPlhaU
NNALlGoLKPZ79ZdTxL0v39uN36pCIGXTbL0+LDHd9UdcUQgoJVu2y24wI5xpVig6
e2VtCY8vMR1eTImAl4QJrd530+oCTiCg1rj0OCeqtmFh18UEPMJ1E+KdPPaiFZxJ
xX0o3bPFsY1Wr7l3gp0gyBgcDwCLH5y43xNfrHlI3tScWjclVf67VdjAqwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDWbUv8nePm6PXtnLxis8ir2CN6RMB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEvTlp0U195ZDQtYm85ZTJjdkdLenlLdllJM3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAdMyZAwQA
she9AwQBuf9gAwQA2RyMMBYEAgACMBAwDgMFBioNYkADBQAqDWJCMA0GCSqGSIb3
DQEBCwUAA4IBAQB7jHZAG500j7BVNjA4tW9lMF3lkEKKcy2Xuhi/aGkFr1Af8aMR
cn9MWrl7eABKX2GdHGZTIU4f8zX3zy0nb4sp/vJLZXvdtLgy0ajSyaFIFxQcI0P/
cWcueFm2DUF275vsDU20sPsdQerpfIsbqp5J6HO8i2imdB8879sBOX0W97Q3LCji
5Iq0Pc+CiQ/AGuMwWBfxz9Nl05DNI7zuL5zYw3bqF7KaOw4RPu0OlZlu4ozWWCaY
3AoxujKxgBHayLez83aMhA9iD0LGSlbYvJjMwOGwZ1NbUWO2wNbgOmseuieJuWev
UECMWX7XLxtG4yy+EPYifoiJHoI88qs06edS
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:27:48 2025 by rpki-client